Captive portal and DNS Redirection
-
Hello,
I'm currently setting up a PFSense gateway with a DNS Resolver, a DNS Redirect (using this documentation) and a custom captive portal.
Everything works fine until I change the DNS Servers on the interface of my fake client : the DNS queries get blocked by the firewall rules added by the captive portal.
Using theipfwcommand, I can view the rules added :
Before activating the captive portal :
And after activating the portal :
Those rules seem to be added by this file :/etc/inc/filter.inc(GitHub)
Is there a way of addressing this issue without editing this file ?
Thank you in advance ! -
Compare
with what you find here : https://www.pfsense.org/download/
The list with resolved issues, problems, ameliorations and new options is big.
And worse : who recalls the issues that you might have with this very ancient version ?@galacticfreez said in Captive portal and DNS Redirection:
Everything works fine until I change the DNS Servers on the interface of my fake client
To keep things simple : pfSense is the captive portal, pfSense should be the DNS of the clients.
When a captive portal client is not authenticated, everything is blocked, line 65534, with two exceptions :
The IP of pfSense itself (as you can see, the ipfw tells you so)
and :
Whatever you enter here :
Why would you want to change the DNS IP on a client ?
( also : listed MACs are passing through, and to some extend, also listed host names. But read the manual first )
edit : really, an Ibis hotel from group Accor ?
-
@gertjan Thank you for the quick response !
I'm going to have a deeper look at the changelog and the manualWhy would you want to change the DNS IP on a client ?
I thought Apple Devices had different DNS configured and that it would avoid the captive portale to open. But it isn't the case (it seems this could help : https://developer.apple.com/news/?id=q78sq5rv)
I forgot to hide the domain name, thank you for pointing that out
-
@galacticfreez said in Captive portal and DNS Redirection:
I thought Apple Devices had different DNS configured and that it would avoid the captive portale to open. But it isn't the case (it seems this could help : https://developer.apple.com/news/?id=q78sq5rv)
That link shows what the future might look like. It's, at best, RFC draft today.
This solution only needs a working DHCP server, and some json/webserver support.
Initial DNS functionality becomes irrelevant, as captive portal interaction becomes possible as soon as the IP link is established.iDevices - and all the others - work just fine with the current way of doing things.
I'm using myself the captive portal for a hotel.
It works.
