Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to change the default TCP port 8002 for the captive portal ?

    Captive Portal
    2
    4
    4451
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      j4nus last edited by

      Dear,

      We are facing many issues with client pc's (from clients attending to authenticate on the captive portal).
      The flow from the client to the port TCP/8002 is blocked by their local firewall.
      It's typically pc's from financial companies running restricted policies.

      It results they can't connect.

      Is it possible to change the default port ? I don't find a way to do in the webgui.
      I found a configuration file named /var/etc/lighty-captiveportal-CaptivePortal.conf which contains a port 8002. I tried to change it and modify the pre auth url (via web gui) but it doesn't work.

      The best solution would be to assign a second ip on the pfsense and to use this second ip and port 80 (or 443) so i don't need to use exotic ports (8002,..) which are blocked by their local restricted policy.

      Does have somebody a "standard" solution to my problem ?
      Temporarily i hardcoded the mac address but it's a manual action and it's hard to maintain.

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        @j4nus:

        Is it possible to change the default port ? I don't find a way to do in the webgui.
        I found a configuration file named /var/etc/lighty-captiveportal-CaptivePortal.conf which contains a port 8002. I tried to change it and modify the pre auth url (via web gui) but it doesn't work.

        The file:
        /var/etc/lighty-captiveportal-CaptivePortal.conf
        is the configuration file, regenerated every time the portal changes (read : when you make edits in the GUI).

        You should there where the file is constructed  ;)

        The base port number "8000" can be found here : /etc/inc/captiveportal.inc
        Look for "800" (not "8000") and you will find 6 references - the 8000 is the base for 'http' connections, 8001 for https.

        Understand that every captive portal zone uses it own unique port.
        I guess you will be able to position a listen port on 80 or 443.

        But …. by default, the webserver of the GUI will bind to all interfaces also .... including the interface used for the Captive portal.
        I'm pretty sure that one of the 2 won't start now (you can't share a port among 2 or more "listeners").
        Up yo you to change the place where de de nginx config file is build (you will find the function used to do that in /etc/inc/captiveportal.inc also).
        Idea : limit the webserver GUI to 'LAN only'.

        So ....
        It's you who gonna write some PHP - and you'll be fine BUT on your own to do so (and during next update you have to redo your changes),
        OR:
        Have this silly policy removed.

        1 Reply Last reply Reply Quote 0
        • J
          j4nus last edited by

          Hi Gertjan,
          Thanks for your answer.

          Is there a way to specify the zone id ?
          The zone id 80 (in place 2) would be a good match, so the captive portal would run on tcp/8080 which is usually allowed (at least to connect a proxy).

          I would like to avoid to change the code (inc file) to avoid issues after upgrades.

          Concerning your remark about the port 80/443 and the web gui, i can eventually change this port to a non standard port (e.g. 4430) to avoid any conflicts.

          1 Reply Last reply Reply Quote 0
          • Gertjan
            Gertjan last edited by

            @j4nus:

            Is there a way to specify the zone id ?
            The zone id 80 (in place 2) would be a good match, so the captive portal would run on tcp/8080 which is usually allowed (at least to connect a proxy).

            Using "8080" (http), it can be done.
            The dumb solution : create a portal zone. You'll see the port number increments. Continue creating until you reached '8080' for your http.
            Now, wipe all preceding zones.
            Or:
            The smart one : create a zone. Test drive it. Stop captive portal. Edit your config.xml (the captive portal is easy to find, change the ID (which will be added to 8000)). Save. Start portal. Check.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy