Captive portal not redirect

free4

@Martí-Ferret Your problem is coming from your DNS server, it's not related to the captive portal or to your firewall rules.

Few things :

• Use the "DNS Resolver" in pfSense. The DNS forwarder is a legacy option.
• What DNS server are you using for your pfSense appliance (in System->General Settings) ? Could you check that your pfSense can correctly ping this IP and that a DNS server is enabled on this IP?
• Could you verify your ACL in the DNS resolver settings? What are the logs of your pfSense when you try to resolve a random domain name using DNSSEC ( fbi.gov ) and not using DNSSEC ( kcna.kp ) ?

Martí Ferret

@Gertjan Idk why now internet on client don't work.
https://imgur.com/a/W4cfWeC

Gertjan

Added to what @free4 said ; use https://docs.netgate.com/pfsense/en/latest/captiveportal/captive-portal-troubleshooting.html

Show us

ipfw table all list

and

ipfw list

(run these commands in the console)

Here is mine (last command) :

[2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ipfw list
01000 skipto tablearg ip from any to any via table(cp_ifaces)
01100 allow ip from any to any
02100 pipe tablearg ip from any to any MAC table(cpzone1_pipe_mac)
02101 allow pfsync from any to any
02102 allow carp from any to any
02103 allow ip from any to any layer2 mac-type 0x0806,0x8035
02104 allow ip from any to any layer2 mac-type 0x888e,0x88c7
02105 allow ip from any to any layer2 mac-type 0x8863,0x8864
02106 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
02107 allow ip from any to table(cpzone1_host_ips) in
02108 allow ip from table(cpzone1_host_ips) to any out
02109 allow ip from any to 255.255.255.255 in
02110 allow ip from 255.255.255.255 to any out
02111 pipe tablearg ip from table(cpzone1_allowed_up) to any in
02112 pipe tablearg ip from any to table(cpzone1_allowed_down) in
02113 pipe tablearg ip from table(cpzone1_allowed_up) to any out
02114 pipe tablearg ip from any to table(cpzone1_allowed_down) out
02115 pipe tablearg ip from table(cpzone1_auth_up) to any layer2 in
02116 pipe tablearg ip from any to table(cpzone1_auth_down) layer2 out
02117 fwd 127.0.0.1,8003 tcp from any to any 443 in
02118 fwd 127.0.0.1,8002 tcp from any to any 80 in
02119 allow tcp from any to any out
02120 skipto 65534 ip from any to any
65534 deny ip from any to any
65535 allow ip from any to any

The first 9 (nine) rules are not important here (they let through IPv4=>DHCP, etc)
These :

02107 allow ip from any to table(cpzone1_host_ips) in
02108 allow ip from table(cpzone1_host_ips) to any out

are very important.
They let through DNS requests. Always.
" cpzone1_host_ips " is 192.18.2.1 is my pfSense portal interface = gateway = DNS access.
Yours should be 10.0.0.2 ( see ipfw table all list )

Gertjan

@Martí-Ferret said in Captive portal not redirect:

@Gertjan Idk why now internet on client don't work.
https://imgur.com/a/W4cfWeC

Your image tells me : DNS does not work for your clients .... => Clients can not access DNS ..... see my message above.

free4

@Martí-Ferret maybe you still have captive portal enabled?

Martí Ferret

@free4 I use dns resolver,DNS in general settings

Martí Ferret

@Martí-Ferret General setings, https://imgur.com/a/HNBdlpN
https://imgur.com/a/Vd2Rx4w

Gertjan

@Martí-Ferret said in Captive portal not redirect:

@free4 I use dns resolver,DNS in general settings

The DNS Resolver has no setting here :

You should NOT change (add, what ever) anything here.
(no "8.8.8.8" to start with)

Show us your general settings ?

Gertjan

@Martí-Ferret said in Captive portal not redirect:

@Martí-Ferret General setings, https://imgur.com/a/HNBdlpN
https://imgur.com/a/Vd2Rx4w

Ok !!!! That looks fine.

edit : LAN firewall rules ?

Martí Ferret

@Gertjan https://imgur.com/a/TPJnrdf

Gertjan

@Martí-Ferret said in Captive portal not redirect:

@Gertjan https://imgur.com/a/TPJnrdf

Ok also.

ipfw list

and

ipfw table all list

?

Martí Ferret

@Gertjan https://imgur.com/a/Efpkjdv

Gertjan

@Martí-Ferret said in Captive portal not redirect:

@Gertjan https://imgur.com/a/Efpkjdv

Your images shows no rules => captive portal in not activated.

Gertjan

Sorry
Not

ipfw all

Should be

ipfw list

Martí Ferret

@Gertjan Yea i disabled cause i want to know why client have no network https://imgur.com/a/edCdVJg

Martí Ferret

https://imgur.com/a/EzLJhdk

Gertjan

Even without the captive portal your DNS doesn't work.

I propose that you reset pfSense to default.
Don't touch LAN settings.
Don't touch DHCP settings
Don't touch firewall settings.
Don't touch DNS settings.

Then check with a PC (deboce) on LAN) that your connection is ok. Use a web browser, ping, a mail test, whatever.

Then activate the portal.

Martí Ferret

@Gertjan Okey i will do it.

Martí Ferret

@Gertjan https://vimeo.com/user97033072/review/328553388/b94c374499
Look i make a video doing what u sayed.

Gertjan

@Martí-Ferret said in Captive portal not redirect:

@Gertjan https://vimeo.com/user97033072/review/328553388/b94c374499
Look i make a video doing what u sayed.

The videos already exist ^^ : here they are : https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos
There are 3 good Captive portal videos. take the first one that initiates with the captive portal.