Exclude an Interface from DNSBL



  • Hi Guys,

    Hope someone will be able to point me in the right direction here, Here's my network layout.

    LAN 1  - 10.10.1.0/20 - Guest Network
    LAN 2  - 192.168.1.0/24 - Admin Network

    WAN - PPPoE

    I'm running Captive Portal on LAN 1. I have installed and configured pfblockerng to block certain websites on the Admin Network, But my problem is the same blocking applies to the Guest Network. My question is, How do I exclude the LAN 1's (Guest Network)  traffic from being filtered by pfblockerng? I already tried using 8.8.8.8 to bypass blocking as the default DNS for LAN 1 but this breaks the redirection to the Captive Portal page.

    Any Ideas?


  • LAYER 8 Netgate

    Just pass 8.8.8.8/8.8.4.4 in the captive portal.



  • Hi Derelict

    Apologies if I posted on the wrong topic. If I bypass 8.8.8.8 and 8.8.4.4 on the captive portal do the clients still get redirected to the Captive Portal even in I use those DNS on the interface where the CP is enabled?


  • LAYER 8 Netgate

    Captive portal clients have to be able to resolve names to make the initial connection that triggers the redirect to the captive portal.

    If you do not want them set them to use the DNS resolver in pfSense because you are using DNSBL there, you must tell them to use something else.

    You must pass those DNS servers using the Allowed IP addresses in the Captive Portal or they will not be able to resolve names prior to authentication through the portal.



  • Worked Great!

    Thanks


Log in to reply