Captive Portal doesn't work with NAT

  • Is this a normal issue?
    Is there a way around it?


  • This is a pretty incomplete report. I don't have a clue what you are asking for. Please provide more details and a way how to reproduce.

  • i'm very newbie to pfsense and i don't know what is a Captive Portal, but i got the same issue:

    i've just installed pfsense, setup some simple firewall rules and some nat port forward, so just to learn more about it i've just tryed to activate Captive Portal, then any LAN pc get unable to connect outside

    so the first impression is that captive portal don't work with nat

    but i think that captive need some more config, to work and let lan pc to work

  • It works with NAT.  Not meaning to come off as rude, but if you don't know what the captive portal is then how do you know it's not working?  The default behavior is that the captive portal will redirect all http connections to a page on the pfsense box, specifically, an instance if lighthttpd running on port 8000.  From there you have to provide credentials to gain access.  Did you enable the portal?


  • im having the same problem…

  • What version of pfsense?  What is your config?  I'll see if I can replicate it here.

  • I have onde router in bridge conected to the WAN … a my network conected to the LAN ... the captive is enabled on Lan interface ... :|

  • The captive portal doesn't work on bridged interfaces.  Are you using NAT or are you bridging?  I use the portal extensively in both NAT and public address space and have no issues.

  • Im not bridging …
    Im using WAN - NAT - LAN ...

    I´ve reseted the pfsense machine and when i enable the captive portatal ... the nat rules stop working ... ;/

  • hmm, I set up a fresh config like this with 1.0.1 and it worked fine.  Do all NAT entries stop working or is it something more specific?  What version of pfsense?  Normal behavior of the captive portal is to block outgoing access until credentials can be verified.  All hosts, unless specified in the passthrough, will not be able to reach the WAN until said credentials are provided and verified.  Do you get redirected to the portal page at all?

    After you enable the captive portal log in and type

    pfctl -s nat|grep -v 

    as well as

    ipfw list 

    and post the results.

Log in to reply