Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allowed-hostnames not working.

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 3 Posters 811 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      ghassen
      last edited by

      I am still new to captive portals and all, but from what i have found, i need to setup a walled garden by using allowed host-names, the problem is that the ones i set up don't seem to be working.
      ex: i used google.com as hostname. i couldn't use *google.com since it says there is an error
      any suggestion on how to fix it ?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        https://docs.netgate.com/pfsense/en/latest/book/captiveportal/allowed-hostnames.html

        "A daemon periodically resolves the hostnames to IP address(es) and allows them through the portal without authentication in this zone."

        You understand that google.com doesn't mean it resolves the same as www.google.com right? Anything served off a CDN like that is going to quite often fail, because the IPs change all the time. And the IP for that hostname is only resolved every so often to be allowed by the captive portal.

        $ dig google.com +short
216.58.192.206

$ dig www.google.com +short
172.217.0.4

        So in my above example access to that 216 ip would be allowed, but www.google.com is 172.x.x.x so it wouldn't be.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • G
          ghassen
          last edited by ghassen

          as i said i am fairly new to this so i didn't know that it would make a difference since it was host-name based config and not ip based.
          how do you suggest i fix this ? i tried using www.google.com but i still get the same result.
          should i switch to ip based exceptions ? and if so, where do i find the ips that need to be excluded ?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Are you allowing your clients to query dns? If client can not query dns can not look up hostname, can not try and go to hostname, for captive portal to allow it..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • G
              ghassen
              last edited by

              I have disabled both the DNS Resolver and Forworder if that's what you mean.

              GertjanG 1 Reply Last reply Reply Quote 1
              • GertjanG
                Gertjan @ghassen
                last edited by Gertjan

                @ghassen said in Allowed-hostnames not working.:

                I have disabled both the DNS Resolver and Forworder if that's what you mean.

                Ah .....
                The captive portal is very depending on a functional DNS . You should have a working DNS on your network. Although an initial captive portal setup and not using the local resolver, I would qualify that as an "expert install".
                I really advise you to read the manual. For example : this page. The most known issue : people break DNS.

                Btw : look at the available Captive portal video's from the authors.

                Host names like www.google.com (and facebook, microsoft, twitter, apple.com, cnn, snapshat, etc etc etc) acually point to hundreds of IP's. The IP you obtain now, could not exist (not used) any more after a few minutes, as also Google has to upgrade and update it's front end servers, without showing a temporary "host not found" error.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by johnpoz

                  @ghassen said in Allowed-hostnames not working.:

                  I have disabled both the DNS Resolver and Forworder if that's what you mean.

                  And then how is client on your captive portal suppose to look up www.google.com then? Do you hand them external dns that you allow through captive portal?

                  @Gertjan stated - working dns is a MUST for captive portal to function.

                  Where does pfsense point for dns? When it finds the ip for www.google.com better hope it matches what the client finds when it does query.. Pointing to different dns can exacerbate problems with mismatch of IPs..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.