Problem with the MAC filtering



  • In my local network, I have a smart tv (android) connected via '' Ethernet '',
    the captive partail is activated and works without problems
    After authentication on the portal
    the activation of the Wi-Fi mobile hotspot of the TV, gives access to everyone without any control neither captive portal nor mac filter nor anything, it is as if these machines did not exist for the pfsense even if they are connected to the internet
    Help me please
    thank you very much
    ![Screenshot-2018-4-3 pro4545 electropro4545 click - Services Captive Portal compVolume Configuration.png](/public/imported_attachments/1/Screenshot-2018-4-3 pro4545 electropro4545 click - Services Captive Portal compVolume Configuration.png)
    ![Screenshot-2018-4-3 pro4545 electropro4545 click - Services Captive Portal compVolume Configuration.png_thumb](/public/imported_attachments/1/Screenshot-2018-4-3 pro4545 electropro4545 click - Services Captive Portal compVolume Configuration.png_thumb)



  • Makes total sense. Your Tv acts as a WiFi router
    Check your tv settings and see if you can make
    It act as an access point not a router

    That’s the easiest i can explain it to you



  • @jaspras:

    Makes total sense. Your Tv acts as a WiFi router
    Check your tv settings and see if you can make
    It act as an access point not a router

    That’s the easiest i can explain it to you

    Thank you for your help
    are there any rules to apply on the pfsense and the captive portal to impose the control of the pfsene on the network diffused by the television



  • pfSense only sees traffic originating from your TV. All WiFi clients are probably NATted behind the TV's IP so there's no way of telling who's who.
    Which TVs do have an AP built in? Strange idea to have a display device do network services.



  • is there a package or setting for example configure the '' PAT '' of such a lot that controls all machine clients



  • What? pfSense interacting with a TV-set manufacturer's bad dream? No way. Unless you program it yourself.



  • Just buy an access point man (an access point not a router) stick it behind your TV
    Shutdown the WiFi from the TV and you are done



  • I think the best way is to block the MAC address of the ethernet TV network card by applying a mac filter to allow only the wifi connection of the TV



  • Well, good luck then.
    pfSense is a Layer 3 device an cannot filter on Layer 2. But that's where MACs are.

    What do you want to allow with "only the wifi connection of the TV" when the TV itself is hardwired and WiFi clients from there are your problem?



  • if mac filtering does not work, should I assign a fixed IP address, for example 10.200.7.40 to the TV's ethernet adapter,
    and set NAT / PAT
    redirect this IP address (10.200.7.40) to port 3200 for example
    but I do not know how to do that, and I do not know if it works?
    anyway I should at all costs forbid the connection of the television via the Ethernet port
    thank you so much



  • Assigning a semi-static IP to that device seems like a good idea. You can do that at the DHCP server settings.

    I have no clue what you want to do with NAT/PAT for your TV. Do you want to reach your TV from the outside?
    And forwarding port 3200 is needed for what?? From where??



  • I do not control the room where there is television, and
    There are two possibilities for the TV to connect to the network via wifi or cable via the Ethernet port, the connection by the latter opens a flaw in my network when the TV user activates the mobile hotspot Wi-Fi
    That's why I should force users to connect the TV by wifi and only by wifi



  • Does the TV need access to internet? Otherwise just block everything from that TV to everywhere else.

    @fmohcine26:

    … connect the TV by wifi and only by wifi

    Unplug the wired ethernet.


Log in to reply