No authentication for a single user

  • Just realised I may have an issue…

    I am about to setup pfsense with the WAN to my router, and the LAN to my wireless access points.  I am using a captive portal with authentication.

    The only isse I have just realised?

    I have a machine (jukebox) which requires an internet connection permanently to update itself.

    Is it possible to specify a certain MAC or IP Address that can have unlimited access with no authentication?  I know I could connect this directly to the router, but the router and jukebox are in different buildings, and I only have a single LAN connection between the buildings!  The jukebox will have to go on the LAN side of pfsense......

    The jukebox is not a PC and cannot submit any form of authentication.

    I am not near my pfsense box at the moment, so cannot take a look at the config pages.....

    I am hoping this is not going to cause me a headache!?!?!

    Thanks for any input!

  • Managed to look into the config, and have seen that you can 'let through' by MAC.

    I have not tested this, but I assume this is what I need to do!

  • Rebel Alliance Developer Netgate

    Yes, you can set a pass-through by either IP or MAC to get what you want.

  • Hi, just bumping this.

    I setup a mac passthough, and am sure I have used the correct max address from the DHCP status page showing the jukebox.

    The jukebox is still unable to access the internet for some reason?

    I can ping the jukebox and the jukebox shows up on the DHCP status page.

    Is there anything else I can check?  I notice under the Diagnostics>Routes, the jukebox shows flags "UHLW", refs "1", use "0".  Would I be correct in thinking this shows it is connected ok but no data has passed?

    Thanks for any input and support!

    Kind regards.

  • Rebel Alliance Developer Netgate

    For a server you should probably use an IP bypass and not a MAC bypass. With a MAC bypass, the device will still get cut off every time the portal timeout expires, so it might be something related to that. Add two bypass entries for the box's IP, one set to "from" and the other set for "to".

  • Thanks - I will give that ago.

    I have made the changes remotely and will try to get someone to check the jukebox later.


Log in to reply