WAP setup help please

  • I have watched the tutorials, read the docs and wiki, searched and read through the forums and I still can't get this to work.

    I work in a small office where we occasionally have guests that need wireless access to the Internet (but not our LAN).  What I currently do is change our wireless router WAP password to something new, give it to them, put a block in the router's rules so they can't get to our LAN and then when they leave I restore our usual settings.  This is major pain and waste of my time.

    What I'm trying to do is put pfSense right behind the wireless router and setup a captive portal and then use the built in user authentication (no Radius).  Then I'll create several "guest" accounts and we'll be rocking.  I'll need our inhouse Laptops to be able to get to the LAN, but I'm sure I can deal with that by firewall rules.

    But I can't get it to work… I've tried various different settings... the closest I come is that PFSense will give an IP to my wireless test client, but that's it.  It won't let it go anywhere and it doesn't appear to be getting DNS.  And I have a currently have a "pass all" rule in the firewall.

    Based on what I've read here it may be a NAT issue (or subnet issue), but I don't know how to solve it if it is.

    What I have:

    Wireless Router (DHCP turned Off and running in Access Point mode) connected to OPT1 interface on pfSense box (Opt1 is active with DHCP on and Captive Portal on).  pfSense box is connected, by the LAN interface, to our wired router.  I can access the pfSense box by browser.  It appears to be running fine.  I can also access the wireless router by browser too.


  • Additional info…

    WAN on pfSense box is not connected to anything.  Our WAN is still coming in through our wired router/gateway.  If necessary to get the control I want, I could see moving the WAN over to the pfSense box, but I would prefer not to disturb our LAN to WAN connection at this point.


  • oh boy, I'm more confused now… I tweaked the firewall rule from "TCP pass all" to "Any pass all."  Now my wireless laptop connects and I can get to the LAN and the internet.  Woo-Hoo!  That is progress, BUT...

    Where is the captive portal?  It's turned on, but it isn't doing anything.  I'm clearly moving through the Opt1 interface, but no captive portal.  :(


  • oh shoot, I just realized that all this may be moot… I still have to give out the WPA key because the security is in the wireless router and not in the psSense box.  Is there a way to make it work like I want?


Log in to reply