The simplist way to how i control people can get sevice



  • hi all
    i have use smoothwall before and controll people who i want to get net from firewall - and  i ask which the simple way to do it and other can  not get net especially i have access point - i want it by thier mac address



  • pfSense doesn't offer control based upon MAC address (without using the Captive Portal).

    If you want to limit web browsing, install a proxy server (squid) and require authentication.  If you want something else, please be specific.



  • thank u on reply
    i found that captive portal is very good in controlling upon mac adress and the people who i want them to have a net from my server i add thier mac adress and log without the log page and if  another one try to connect will have the login page and iam already dont assign any user and password.
    but can i add user name and password and can not authenticate expect one mac address only.  in another way user name and password for one compute and if any computer else can not login with same user name and password



  • No, you can't tie it down by MAC address.  If you were desperate you could look at static ARP entries.



  • thank u on reply
    i found that captive portal is very good in controlling upon mac adress and the people who i want them to have a net from my server i add thier mac adress and log without the log page and if  another one try to connect will have the login page and iam already dont assign any user and password.
    but can i add user name and password and can not authenticate expect one mac address only.  in another way user name and password for one compute and if any computer else can not login with same user name and password



  • Did you bother to read my response before you posted exactly the same message?



  • @Cry:

    Did you bother to read my response before you posted exactly the same message?

    iam sorry but i have internet problem and i did not see ur reply first time
    and thank u at all
    could give me some idea how i will do it by static arp entries



  • I don't know of any way to do that within the pfSense interface, which is the only way to be certain it will work across a reboot.

    Note that it would be trivial to bypass that because it's trivial to change the MAC address of most systems.  You shouldn't assume that this will bring you any real security.  If you're really worried you should look to bridging and putting all your trusted hosts on one interface and the untrusted hosts on another.  This will increase the load on your pfSense host - by how much will depend on your network.



  • i see that the best and simple way with captive portal and i add people through pass mac not user name and password
    thank u and i preciate ur help



  • you can block by mac address and use traffic shaping by ip address



  • @Cry:

    I don't know of any way to do that within the pfSense interface, which is the only way to be certain it will work across a reboot.

    "DHCP server" –> "LAN or whatever interface you want" --> "Static ARP"
    The static ARP entries are tied to static DHCP assignements.



  • @GruensFroeschli:

    "DHCP server" –> "LAN or whatever interface you want" --> "Static ARP"
    The static ARP entries are tied to static DHCP assignements.

    its the seconed method but which one is reliable from dhcp server or captive portal



  • With the captive portal you can allow dynamically clients if they have an user/password.

    The solution with the DHCP is static.
    And i dont mean the DHCP assignements.
    Here you essentially write the ARP table yourself!

    So it depends on your needs.



  • ok thank u all
    and i happy for all ur help


Log in to reply