How to enforce request using http with curl for a specific uri to host on the LAN to pass captive portal



  • When I make a request using http with curl for a specific uri to host on the LAN, it is not directed for captive portal. How to enforce this request to pass through it. I have to create an iptables to perform a pre routing or have change or add in the captive portal configuration file?


  • Rebel Alliance

    @rbsa said in How to enforce request using http with curl for a specific uri to host on the LAN to pass captive portal:

    |=When I make a request using http with curl for a specific uri to host on the LAN, it is not directed for captive portal.

    If you make a request on from your computer on the LAN, to a computer on the same LAN, then your request won't go through pfSense, thus won't pass by the captive portal.

    That's how networking works : any computer can talk freely to another on a LAN, if you need to talk to another LAN you will need to use a relay (router) that will forward your request from one lan to another.

    Just create another LAN for you device? If you don't have more physical network interfaces, you can just use vLANs?



  • Typically, captive portals host only unknown, non trusted devices from unknown visitors.
    You should let them out to the Internet when they identify themself. You should even enforce the fact that they can't communicate with each other.
    This is what windows does when you indicate that the network is "public".
    You should put your AP's in client isolating mode.

    Best will be : put the captive portal on an OPTx or VLAN interface, dedicated for these visitors.
    Known and trusted devices could be on the LAN interface.

    Btw no iptables on FreeBSD. It's 'ip' and 'ipfw' here.


Log in to reply