Captioportal when the LAN interface IP is different from the LAN network IP range
-
Why does Captioportal not work when the LAN interface IP of the firewall is different from the IP range of the LAN network?
-
Not sure what you did, but CP clearly works with an IP range different from LAN.
Vice versa, when using CP, you should create a firewall rule which blocks all access from CP to LAN. In setup guide this rule is named RFC1918.
This is to avoid that users with CP address/access can also access internal devices.
There it is mandatory, that the CP interface uses an different IP range.Regards
-
@FSC830 said in Captioportal when the LAN interface IP is different from the LAN network IP range:
RFC1918
Hi
Thank you for taking the time to answer my question
I do all the settings related to CP and when I enable it, the network internet is unavailable
Before that, the IP LAN firewall was also the range of the LAN network and it worked well, but with the change of the network structure and the addition of a router between the firewall and the main network switch, this problem arose.
Thank you -
Well, in that case you should provide more detailed information about your network setup.
Regards
-
@FSC830
In your opinion, this can be a convincing answer:
CP works at layer 2, it authorizes/disallows devices by MAC address. It cannot work with a router in between because it only sees the MAC address of the router, not the clients.
thanks -
It can get worse : The portal only sees the IP of the router.
Which can lead to hilarious effects like : some one on your portal logs in. Now every other subsequent portal user is also logged in. -
@Gertjan
It is exactly like that
When I first started CP, we had a virtual machine that everyone called Remote Desktop and used it for Internet-related matters, and when one of the users authenticated, the rest of the users also authenticated in CP without needing to authenticate. CP was passing and it was very funny.
