Captive Portal behind router

Atlantes · Mar 3, 2010, 3:16 PM

pfSense 01 = Captive Portal
pfSense 02 = Router with VLANS

if I change the settings to default I have a nice login page when I want to use the internet. But if I check the log in the web interface it registers the MAC and IP of pfSense 02 instead of the client MAC and IP.

How can I change this so I see the client MAC and IP address instead of the pfSense 02 MAC and IP address.

I already changed things in NAT with outbound and static routers but can't get it working correctly.

Maybe someone can help me with this.

danswartz · Mar 3, 2010, 4:39 PM

If pfsense 1 is the real firewall, pfsense 2 probably doesn't even need to be doing NAT - disable NAT entirely on that unit. I think you do this by enabling AON, and the editing the rule it shows you, clicking on the "no NAT" checkbox. This basically turns the unit into a firewalling router. That still won't help you with the MAC issue, since MAC addresses are not going to be passed across subnet boundaries. Do you really need the MAC?

Atlantes · Mar 3, 2010, 5:56 PM

mac is not needed.

But do i need to make static routes? Because if i disable nat i can't access the pfsense 01 of course.

danswartz · Mar 3, 2010, 6:27 PM

Oh yeah, sorry, forgot about that. Yes, pfsense 1 would need the requisite static route(s) for any subnets behind pfsense 2.

Atlantes · Mar 4, 2010, 9:27 AM

on pfsense 02 i selected Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))
I removed the auto created rule.

on pfsense 01 i made this static rule:
Interface: LAN
Destination network: 172.16.0.0/16
gateway: 192.168.1.4

But it isn't working. someone ideas?

danswartz · Mar 4, 2010, 3:53 PM

Why did you remove the auto-created rule? That wasn't what I said.