Migration from IPCop - newby questions?



  • I apologize to spend your time with stupid questions like mine but I have to if I really want to pass on pfSense platform.
    I use IPCop which have filtration of the clients based on MAC address.
    This allow me to use same easy way to make it for my clients on many places.
    Normally they don't need any other setting to be done when move from one office to another…
    My question is if there have some similar method which can to be used.
    I cannot to use also LDAP or MSAD authorization because some of users are not participant of my domain so they cannot to get authorization from DC.
    Could someone please to give me some idea how can I pass this?



  • I'd highly recommend you learn the use of the Search function, found above ;)  From there you'd have found other threads about MAC address based restrictions and already known that pfSense doesn't support that.

    Also, it's trivial to change a MAC address so as the only method of securing outbound access on your LAN it buys you very little.



  • Thank you but before to write this post I spent about 2 hours to check what is found from internal search of this forum. I already see other question as mine… again without answer.
    I also search in internet for some solutions of my question. Do you really think I will write here without any reason?
    I really can use IP with some kind of authorization but I don't make the rules here.
    The reason is to be comfortable for a users moving from area to area and working with their office data.
    VPN is good idea too but will create a lot of headache of the users again, most of cases they have to call the IT setup his laptop again. (And we don't want to see closer this supervisors too sometime.)
    Maybe captive portal is a good idea. But in my case often I have users on one of area using Wireless and on another LAN. Another point was the regular users which have to has its access to internet through the firewall.
    Most of cases this is regulate by DC and have to use proxy.
    So the simple thing with MAC... is not so simple... And believe me I will notice if someone not authorised come and try to use any of resources  ;D



  • hi

    Services > Captive portal > Pass-through MAC

    i think this is what you're looking for, i am using it for some vip's so they don't see the captive portal page, i am also using squid in transparent mode to make it easy on me.

    good luck


Log in to reply