Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IP whitelisting

    Captive Portal
    2
    3
    368
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • senseivitaS
      senseivita
      last edited by

      I want to enable a portal as an extra security layer on an existing mixed-use network and I have a few questions:

      (1) Does IP whitelisting modify the ruleset for an interface? Like policy routing, for instance, or does it "move it to the top"? The fact that rules must be added for the traffic sort of answers my question, but just in case I'm wrong.

      Also, (2) is the CIDR part on the address meant for subnet ranging or just for the subnet of a given address? For instance, could I enter 10.0.0.0(or .1)/24 to specify the first /24 of 10.0.0.0/22?

      Lastly, I understand that I need to whitelist in the direction of a server or from a server in some other interface, but (3) what happens in the case of NAT where port forwarding rules are supposed to give a reply-to path to the traffic(as well as allow it even if blocked)? Do I still need to whitelist those?

      Thanks for your help guys. :)

      Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Captive portals are for a bunch of non trusted devices, where you want to 'control' the access.
        No NAT, no servers etc on the network.

        Doing so, live will be simple.

        But, if you want to put servers on a captive portal, ok, you can NAT to them from elsewhere. Nothing changes - no need to whitelist his IP. Remember, your dealing with a statefull firewall here.

        CDR : I don't know. Probably yes, it will work.

        Btw : Use this : https://docs.netgate.com/pfsense/en/latest/captiveportal/captive-portal-troubleshooting.html

        Whitelist some IP's. - some MAC's and log in to the portal with a device.
        Now inspect ipfw firewall with the mentionned commands.
        You'll get the picture.

        Also : ipfw rules comes first.
        Then the GUI firewall rules that you have for that captive portal interface.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        senseivitaS 1 Reply Last reply Reply Quote 1
        • senseivitaS
          senseivita @Gertjan
          last edited by

          @Gertjan Thank you so much for the link and the explanation.

          I was using the book as a reference; I always forget the troubleshooting sections on the website that are packed with useful stuff.

          Thanks again !

          Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.