Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Is NAT a requirement for Captive Portals?

    Captive Portal
    2
    3
    305
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • skilledinept
      skilledinept last edited by

      I have a setup with dual routers, only the one on the edge NATs, traffic is sent through a transport network.

      It would be placed on the inner firewall, it's just pure routing to there. Can a portal work in this way--it seems like a 1:1 NAT but on a whole subnet. I think it's called the same...anyway! Can it? Or can I set it up on the edge and route it as well? This was actually my first idea but I'm a little lost on the logistics of it--like who'd take care of DHCP; should I just connect the captive VLAN to both routers; would I create routing (asymmetric) loops if I do, or worse broadcast loops--all that.

      Thanks!

      F 1 Reply Last reply Reply Quote 0
      • F
        free4 Rebel Alliance @skilledinept last edited by free4

        @umademelosemyusernamepfsense captive portal does not require NAT to work, you could set up a captive portal zone on your inner firewall, that's perfectly fine

        captive portal has no impact on firewall / routing / NAT rules.

        (it does however has an impact on traffic shaping rules)

        please be aware that your DHCP server and your DNS server are in the same network as your clients using captive portal. if that's not the case, you will have to add them as "bypass" in your captive portal settings (otherwise your users won't be able to get an IP, because the captive portal will block DHCP requests...)

        1 Reply Last reply Reply Quote 0
        • skilledinept
          skilledinept last edited by

          Thanks for clearing that out--since I asked I had a major network redo and had two major "aha!" moments and I'm back to only the edge firewall + L3 switch and using every feature Windows Server's DHCP server has. I've been offline for really long periods while I broke some stuff.

          But I accomplished what I wanted and was told repeatedly not to do it: DHCP option 121.
          0_1551518079822_Screen_Shot_2019-02-13_at_08_45_54.png

          I really liked the simplicity of using a transit network because all rules lay on a single interface plus a few floating ones it's awesome--parting from that and from this diagram I found:
          :
          0_1551518599407_chilli.png

          and... your confirmation about no NAT needed (I'm really grateful, BTW) I'm thinking about setting up a captive portal as a transit network and whitelist hosts as needed. My previous experience with portals was with the UniFi system--it never occurred to me to look at things from another perspective.

          I'll keep breaking stuff a little more, it's weekend, see what else can I learn--thanks a million!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post