Captive portal becomes useless when using the gateway adress in browser's proxy



  • hi

    i put the gate way and port 3128 in firefox's proxy and internet explorer's proxy of my desktop and i was shocked to see that i can surf without passing through captive portal, is there way to block clients from using the internet without passing through the captive portal page, because if such information spread among my users, then every anybody can use my internet without my knwoledge.

    my configuration:

    basic installation of pfsense
    squid transparent proxy checked
    captive portal enabled

    help really appreciated

    hadi57



  • Well, you could change the proxy port from the default 3128 to some random port number so the users cannot guess that that's the proxy port and use it to bypass your CP.  This isn't a solution but will buy you time to research this further.



  • If you don't need squid on that interface, just disable it from listening on that interface. If you do need squid, but it's running transparently, try blocking access on that interface to port 3128. Of course in both cases I'm assuming you're running CP on an OPT and that it would be feasible to block only those users on that interface.


Log in to reply