Captive Portal for 1 AP on my network

ast · Jul 6, 2017, 3:26 AM

Hi!

Just want to ask if I can apply Captive Portal to our set up, we want to use captive portal on WIFI AP 2, is this workable on our set up?

I don't want clients on WIFI AP 2 to have access to file sharing on our 192.168.2.xxx network.

TIA!

ast

NogBadTheBad · Jul 6, 2017, 10:24 AM

AP2 isn't an access-point its a Wi-Fi router, its WAN interface is on the same subnet that you want to block it will also be doing a NAT :)

Get a couple of proper access-points and have multiple SSIDs it will make your life so much easier.

Or if you have to use the Wi-Fi router connect it to another ethernet interface on your pfSense box and have it on its own network with firewall rules to block, remember to switch off DHCP and enable it on the new pfSense interface.

ast · Jul 6, 2017, 10:26 AM

@NogBadTheBad:

AP2 isn't an access-point its a Wi-Fi router, its WAN interface is on the same subnet that you want to block it will also be doing a NAT :)

Get a couple of proper access-points and have multiple SSIDs it will make your life so much easier.

Or if you have to use the Wi-Fi router connect it to another ethernet interface on your pfSense box and have it on its own network with firewall rules to block, remember to switch off DHCP and enable it on the new pfSense interface.

Thanks a lot for the reply!

Yeah, I'm planning to just use the wifi capability of the wifi router, so will turn off dhcp and plug in via 1 of the ethernet port. Do I need to make a VLAN? Just can't figure out how to have DHCP on VLAN.

My pfsense box have 4 NICs.

TIA!

ast

NogBadTheBad · Jul 6, 2017, 10:53 AM

If you have spare NICs you can connect AP2 to that on it's own subnet.

ast · Jul 6, 2017, 2:01 PM

@NogBadTheBad:

If you have spare NICs you can connect AP2 to that on it's own subnet.

Thanks for the tip! Made another subnet for AP2, and enabled Captive Portal.

ast · Jul 7, 2017, 5:43 AM

I'm trying our Captive Portal but reached a road block :( do i really need to make the HTML files to make CP work? Are there any ready made HTML file for CP?

TIA!

Derelict · Jul 7, 2017, 6:28 AM

You don't need CP at all it sounds like. Just block traffic using rules on the new wifi subnet to destination 192.168.2.0/24 if you don't want those users to be able to access those addresses.

ast · Jul 7, 2017, 9:32 AM

@Derelict:

You don't need CP at all it sounds like. Just block traffic using rules on the new wifi subnet to destination 192.168.2.0/24 if you don't want those users to be able to access those addresses.

Hi! Thanks for the tip! Can I ask on how to block the new subnet from accessing the 192.168.2.xxx? I know how to make firewall rules, just got mental block on how to block access to different subnet.

Tia!

Ast

Derelict · Jul 7, 2017, 9:36 AM

Block all traffic on that interface to destination 192.168.2.0/24

ast · Jul 8, 2017, 1:23 AM

@Derelict:

Block all traffic on that interface to destination 192.168.2.0/24

Thanks a lot for the tip!

johnpoz · Jul 11, 2017, 3:20 PM

Didn't we already go over this in this thread.

https://forum.pfsense.org/index.php?topic=133348.0

That you could just create a firewall rule to block access on your wifi router 2 network, and that you didn't need to nat it, etc. etc.