Problem with the MAC filtering

fmohcine26

In my local network, I have a smart tv (android) connected via '' Ethernet '',
the captive partail is activated and works without problems
After authentication on the portal
the activation of the Wi-Fi mobile hotspot of the TV, gives access to everyone without any control neither captive portal nor mac filter nor anything, it is as if these machines did not exist for the pfsense even if they are connected to the internet
Help me please
thank you very much

jaspras

Makes total sense. Your Tv acts as a WiFi router
Check your tv settings and see if you can make
It act as an access point not a router

That’s the easiest i can explain it to you

fmohcine26

@jaspras:

Makes total sense. Your Tv acts as a WiFi router
Check your tv settings and see if you can make
It act as an access point not a router

That’s the easiest i can explain it to you

Thank you for your help
are there any rules to apply on the pfsense and the captive portal to impose the control of the pfsene on the network diffused by the television

jahonix

pfSense only sees traffic originating from your TV. All WiFi clients are probably NATted behind the TV's IP so there's no way of telling who's who.
Which TVs do have an AP built in? Strange idea to have a display device do network services.

fmohcine26

is there a package or setting for example configure the '' PAT '' of such a lot that controls all machine clients

jahonix

What? pfSense interacting with a TV-set manufacturer's bad dream? No way. Unless you program it yourself.

jaspras

Just buy an access point man (an access point not a router) stick it behind your TV
Shutdown the WiFi from the TV and you are done

fmohcine26

I think the best way is to block the MAC address of the ethernet TV network card by applying a mac filter to allow only the wifi connection of the TV

jahonix

Well, good luck then.
pfSense is a Layer 3 device an cannot filter on Layer 2. But that's where MACs are.

What do you want to allow with "only the wifi connection of the TV" when the TV itself is hardwired and WiFi clients from there are your problem?

fmohcine26

if mac filtering does not work, should I assign a fixed IP address, for example 10.200.7.40 to the TV's ethernet adapter,
and set NAT / PAT
redirect this IP address (10.200.7.40) to port 3200 for example
but I do not know how to do that, and I do not know if it works?
anyway I should at all costs forbid the connection of the television via the Ethernet port
thank you so much

jahonix

Assigning a semi-static IP to that device seems like a good idea. You can do that at the DHCP server settings.

I have no clue what you want to do with NAT/PAT for your TV. Do you want to reach your TV from the outside?
And forwarding port 3200 is needed for what?? From where??

fmohcine26

I do not control the room where there is television, and
There are two possibilities for the TV to connect to the network via wifi or cable via the Ethernet port, the connection by the latter opens a flaw in my network when the TV user activates the mobile hotspot Wi-Fi
That's why I should force users to connect the TV by wifi and only by wifi

jahonix

Does the TV need access to internet? Otherwise just block everything from that TV to everywhere else.

@fmohcine26:

… connect the TV by wifi and only by wifi

Unplug the wired ethernet.