Captive portal not redirect
-
What you mean?
-
@Martí-Ferret sorry for my previous post, It was a mistake.
- What happens when you try, as a not connected user, to perform an
nslookup www.google.esin your console ? Are you receiving a reply? If yes, which one? The expected reply is the real IP address of google (captive portal should not interfere with DNS) - Could you show me an
ipconfig /allof your workstation so that we could know your DNS/DHCP settings?
Also, for the DHCP server...what is the DNS server that you entered? (your screenshot doesn't show that setting...)
- What happens when you try, as a not connected user, to perform an
-
@Martí-Ferret said in Captive portal not redirect:
DNS resolver: https://imgur.com/a/1SFwXZ3
Outgoing Network Interface : LAN ?
Change to default (or all WAN) and you be doing better if not fine.
(authoritative DNS server can not be found on your LAN)Edit : True : DNS has to bet set up correctly - and should work for your devices, even when not authenticated against the captive portal.
-
@free4
nslookup : https://imgur.com/a/WRGCFYn
ipconfig /all : https://imgur.com/a/FJgCTnO -
@Gertjan I change DNS resolver, with this: https://imgur.com/a/1SFwXZ3
and didn't work -
@Martí-Ferret said in Captive portal not redirect:
@free4
nslookup : https://imgur.com/a/WRGCFYnICMP (= ping) won't work if not authenticated.
DNS Resolving should work.
ipconfig /all : https://imgur.com/a/FJgCTnO
pfSense = 10.0.0.2 ? Ok, why not, but why not 10.0.0.1 ?
-
I was authenticated when i make the nslookup, and idk why i put 10.0.0.2, this is not the error true?
-
Who is 10.0.0.2 ?
-
My Resolver settings :
edit : the Custom options are not related - not needed.
-
@Gertjan The PFSENSE server
-
Firewall rules on LAN ?
-
@Gertjan I copy ur config and didn't work my captive portal. ;(
not all, just i disallow DNS query forwarding like you. -
@Martí-Ferret said in Captive portal not redirect:
not all, just i disallow DNS query forwarding like you.
When you install pfSense, you setup WAN (if needed) and you change nothing, the captive portal works.
Ok if you change 192.168.1.0/24 for 10.0.0.0/24.My firewall rules on LAN :
with these rules, you're ok?
( but such rules are mayne not ok for a Captive portal - just ok to start with ) -
@Gertjan 0
what rule i should have -
As shown above - to start with.
-
@Gertjan I copy the second one and didn't work yet ;(
-
Afterwards, you can - and you should - adapt.
All depends on what type off public you have on your captive portal.
Familly ? You'll be fine?
Public network ? You should NOT activate the captive portal on your LAN, use a dedicated interface (OPT1) and depreciated rules.
For an example, I show you my firewall rules on my captive portal (a public portal - untrusted visitors) :
-
@Gertjan IDK why i put www.google.es and dont redirect but if i put 11.11.11.11 redirects to captive portal.
Before to configurate rules I want to get automatically redirected to captive portal not only if i put ip on URL -
Test this :
Disconnect all captive portal users (tricky, you are on LAN - you will disconnect yourself).
At this moment, a "nslookup" should work.
In other words : DNS should not be blocked
If 10.0.0.2 is your DNS and gateway, DNS request will be passed. DNS will work.If not : what did you change concerning DNS ?
-
@Martí-Ferret Your problem is coming from your DNS server, it's not related to the captive portal or to your firewall rules.
Few things :
- Use the "DNS Resolver" in pfSense. The DNS forwarder is a legacy option.
- What DNS server are you using for your pfSense appliance (in System->General Settings) ? Could you check that your pfSense can correctly ping this IP and that a DNS server is enabled on this IP?
- Could you verify your ACL in the DNS resolver settings? What are the logs of your pfSense when you try to resolve a random domain name using DNSSEC ( fbi.gov ) and not using DNSSEC ( kcna.kp ) ?
