Captive Portal behind router

  • pfSense 01 = Captive Portal
    pfSense 02 = Router with VLANS

    if I change the settings to default I have a nice login page when I want to use the internet. But if I check the log in the web interface it registers the MAC and IP of pfSense 02 instead of the client MAC and IP.

    How can I change this so I see the client MAC and IP address instead of the pfSense 02 MAC and IP address.

    I already changed things in NAT with outbound and static routers but can't get it working correctly.

    Maybe someone can help me with this.

  • If pfsense 1 is the real firewall, pfsense 2 probably doesn't even need to be doing NAT - disable NAT entirely on that unit.  I think you do this by enabling AON, and the editing the rule it shows you, clicking on the "no NAT" checkbox.  This basically turns the unit into a firewalling router.  That still won't help you with the MAC issue, since MAC addresses are not going to be passed across subnet boundaries.  Do you really need the MAC?

  • mac is not needed.

    But do i need to make static routes? Because if i disable nat i can't access the pfsense 01 of course.

  • Oh yeah, sorry, forgot about that.  Yes, pfsense 1 would need the requisite static route(s) for any subnets behind pfsense 2.

  • on pfsense 02 i selected Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))
    I removed the auto created rule.

    on pfsense 01 i made this static rule:
    Interface: LAN
    Destination network:

    But it isn't working. someone ideas?

  • Why did you remove the auto-created rule?  That wasn't what I said.

Log in to reply