Captive Portal Doesnt Work for 1 interface
I got a setup with two interface enabled for CP. Its working on one interface with CP page poping up and users manage to enter credentials and able to access internet. However it doesn't work for the other interface. Interface configured as follows:
LAN - 192.168.2.1/24
Am I missing something ? Need help
GUI Firewall rules ?
Without the CP active on Guest, networking is fine on this interface ?
Are you sure DNS is ok ?
Run down the check list.
Need to capture the GUI firewall rules when I'm on site but I believe rule on both interface is limited to TCP - 443,80,53,8002 and UDP- 53. I might need to add in TCP 8003 for HTTPS ?
Will also need to test the networking on the Guest without CP when I'm on site and get back.
As for the DNS I'm using the PFsense as forwarder on all interface and got resolver disabled. Will also confirm this later and post it up
@Gertjan DNS looks ok from diagnostic. Also I did ping using the LAN and Guest interface and it resolves well
I might need to add in TCP 8003 for HTTPS
Well, if you use the https login, then yes..
A captive portal opens 'somewhere' at the start at port 8000 and 8002 (https).
For the next portal it will be 8003 and 8004, etc. Even if the next captive instance is being used on another network.
Before blocking - or not - ports, you should consult the list with ports being used first ^^
Use the thing that really is useful in case on any question and do what is told over there : execute
You'll see which 8xxx ports are used.
Thanks @Gertjan I got it sorted My problem was my rule.
go to Diagnostics>Sockets and can see port 8004 so I added that to my Guest rule
Ive got two rules one for TCP and the other one was suppose to be UDP, however instead of UDP I must have copied the same TCP rule remove other ports except 53 but didnt change it to UDP
My rules was TCP - 443,80,53,8002 and TCP- 53 and now its change to TCP - 443,80,53,8004 and UDP- 53
Thats fixes it. Thanks so much
You are aware of the fact that you block :
(S)FTP - SSH - POP - IMAP - SMTP - POPS - IMAPS ?
@Gertjan Yes, Im aware of that.