Redirecting traffic



  • Hello folks,

    I have pfSense setup for a guest wireless network at this time. Basically only one IP address is allowed which is an internal web server, everything else is blocked.

    So now when someone comes in and connects to the wireless network, they open up their browser and it looks like it doesn't work because their home page is blocked. So they have to type in the url for the single web site that is allowed each time.

    The problem is if the request is blocked, the captive portal does not come up. The captive portal login only appears if the web site is allowed.
    So is there a way to have all request redirected to this one url, or maybe even to simply have the captive portal come up for blocked sites?

    One thing I tried was creating a NAT rule but it seems like a messy way of doing things and also because it has to be done on the WAN port created problem on the internal network as well.

    Thanks for your help.



  • So, you don't really want a captive portal, per se, you want to redirect all traffic to an external web server? Does the authentication matter to you at all?



  • Sorry for taking so long to respond. No authentication does not matter at all.

    We want the captive portal simply for the splash screen so we can have the company logo come up.

    We want to redirect all port 80 and 443 traffic to a web server on the other side of the pfSense firewall. (same local network)

    @buraglio:

    So, you don't really want a captive portal, per se, you want to redirect all traffic to an external web server? Does the authentication matter to you at all?



  • This should be doable with minimal effort.  Just enable the captive portal, upload your page with just the accept button and tell it to automatically redirect to the company website after "login".
    Details: 
    http://forum.pfsense.org/index.php/topic,9383.0.html
    Am I  understanding correctly that you want them to be able to navigate to wherever they want after they are initially redirected?

    nb



  • Thanks for the reply, but let me explain it a bit better.

    The way I have and want it setup, is to block everything except for one web site. This is at all times, before and after logging in.
    I do not want any user authentication, simply a splash screen with a continue button, and that's how I have it setup right now and it works great. It automatically directs to that web site after clicking continue.

    The problem is getting to the captive portal splash page. Because everything is blocked except for that one domain, when somebody connects to the network and opens their browser, nothing happens. You do not get automatically directed to the captive portal splash page. You get stuck because your home page is blocked.
    You have to manually enter the single web site that is allowed, which nobody connecting to the network would know without somebody telling them. They then see the captive portal screen and everything is well. This network has the exclusive function of serving that one domain to this guest network.

    What I want is for when the user connects to the network, wherever his browser tries to go pfsense will just redirect him to the single web site that is allowed, resulting in the captive portal catching it so he sees the splash page.

    I hope that makes more sense.

    @buraglio:

    This should be doable with minimal effort.  Just enable the captive portal, upload your page with just the accept button and tell it to automatically redirect to the company website after "login".
    Details: 
    http://forum.pfsense.org/index.php/topic,9383.0.html
    Am I  understanding correctly that you want them to be able to navigate to wherever they want after they are initially redirected?

    nb



  • Ah, ok.  Sounds easy enough.  It sounds to me like your clients can't resolve DNS, therefore can't get to much of anything.  What I would do (and what I have done before in a relatively similar situation) is create a bind instance that serves only this network and hand it out to clients.  In this bind (or whatever your DNS server of choice is) configure it to answer www.yourdomain.com for every query.  You wouldn't even need the CP for that.  You may want to also block DNS queries to any other servers to prevent folks from just configuring their own resolvers.

    nb


Log in to reply