CAPTIVE PORTAL and DNS Request for unregistered users



  • I got a problem today.
    I have the DHCP server in WIFI interface letting DNS fields empty (as suggested in the DHCP Server Form)
    Load balancing anf failover for 2 internet connections (wan and opt1=backup)
    I have with Transparent Proxy running on Squid

    After activating the captive portal service for WIFI Iterface (opt2) all traffic to wan+backuk from WIFI was stopped and captive portal login request was not shown.

    I saw that users could not resolve domain names…
    if using ip address.. it was correctly running as

    1. Password request
    2. Successfull Login
    3. reaching any web site by his ip address

    So .... !!!it was a DNS problem!!!

    I solved by adding this NATTING rule in FIREALL->NAT->PORT FORWARDING:
    to forward any CNS request from WIFI (192.168.1.1/24) to DNS Forwarder on the ip 192.168.0.254 (lan ip address)
    WIFI UDP 53 (DNS) 192.168.0.254(ext.: 192.168.1.1) 53 (DNS) DNS for WIFI USERS

    and a new rule for WIFI Interface
    passing all the traffic from the wifi subnet to ip lan address
    UDP WIFI net * 192.168.0.254 53 (DNS) *   DNS REQUESTS

    Do I really need this?

    by the way .... I Hope it helps anyone else having my problem.

    Bye
    Massi


Log in to reply