Device to main network
-
Good morning, I have pfsense that receives ip from a router on the wan port and has ip 192.168.1.x. And the lan port is giving dhcp in the 172.16.0.x range to work with the captive portal. I need to put a device that will be connected on the 172.16.0.x network to communicate with the 192.168.1.x network.
Any ideas? -
https://docs.netgate.com/pfsense/en/latest/captiveportal/captive-portal.html
Allowed IP addresses
Allows managing a list of IP addresses which can either:
Always connect from behind the portal (clients) Always allow clients to an IP address (external servers)
These IP addresses will bypass the portal authentication in the direction specified.
-
Any device, ones authenticated against the captive portal, can access any device upstream.
Rules on the captive portal's interface could block these, or not.Btw : thanks for the question : I just discovered that my captive portal users (on a 192.168.2.1/24 OPT extra interface) could visit the GUI of my upstream router, the one in front of pfSEnse.
It's password protected - but I don't want any rosks, so I blocked it with a firewall rule.Added to what @johnpoz said : you can also add the MAC of your device to the Allowed MAC address list.
If your device is using DHCP it could have another IP in the future. -
Thanks for the answer.
I already have some computers configured by mac that passes the authentication.
Currently I can ping but can not access network/devices.
Any option with firewall rule without put a opt extra interface? -
@tecnica said in Device to main network:
Any option with firewall rule without put a opt extra interface?
I'm using a dedicated (a so called OPTx interface) interface for my captive portal, because, by nature, captive portal users are 'non trusted' users, and they don't belong on a LAN interface.
But a captive portal works just fine on a LAN interface.
With a rule like this :devices connected to your portal can access your upstream router just fine.
-
I have this, but doesn´t work.
Is locked from LAN to a wan ...
Do I have to put the last rule above? -
Thank you, i change for the top end work. Now just need select the correct one for pass and block all others.
Thank you.
-
Is it possible to configure the device with the 192.168.1.x range and pass the 172.16.0.x network to the 192.168.1.x network?
It is a camera that is in the range 172.16.0.x and the recorder in 192.168.1.x. -
what version of pfsense are you running?
-
I have running 2.2.
-
Yeah that is just FAIL!! 2.2 has not been supported for years.. Update to current!! 2.4.4p2, the whole 2.3.x line is not even supported any more.