CP, trying to setup dual LAN, need guidance
-
I'm not really sure if this belongs in the captive portal forum, but heres what I've been trying to do.
I currently have 3 NICs in my box; LAN, WAN, OPT1. OPT1 connects to a Netgear wireless AP. What I want to do is setup captive portal to "gate" access to the OPT1 interface.
Is this possible? If so, can you provide some insight on how to do it? I've been messing around with it and its giving me nothing but headaches. I had OPT1 bridged to the LAN and it worked, for a few minutes, except I wasn't able to get access out from OPT1 (yeah, set a rule too).
My AP is setup to pass on DHCP requests, so I'm guessing I have to setup OPT1 with a DHCP server–except it wouldn't let me select a range (said 0.0.0.0 to 0.0.0.0).
-
If I understand you correctly you try to setup something like a reverse captive portal. That's not doable with the captive portal the way it is now.
-
No, I don't think it would be reverse. Reverse would be on the WAN side, right? Let me draw it out:
pfsense
- LAN->Switches
- WAN->Modem
- OPT1->CP->wireless ap
When a wireless user connects they obtain an IP from DHCP (on pfsense), then get prompted to login with CP. OPT1 should also be able to talk to the other interfaces for the time being, unless I decide to lock it down.
-
Once a user has authenticated the firewallrules present at the cp enabled interface are obeyed, so you can give them access to lan or a single host or special ports or whatever. All depends on the rules.
-
Ok so everything I described can be done then? I guess I just need more patients to debug it because it wasn't working correctly.
-
It should work ok for you if I get you right.
-
Ok so what am I missing here, when I try to enable DHCP server on OPT1 it says:
Subnet
Subnet mask 0.0.0.0
Available range 0.0.0.0 - 255.255.255.255And won't let me choose a range. Keeps saying "The specified range lies outside of the current subnet."
Oh and I'm using 1.0.1
-
Your interfaces>opt1 config must be invalid. It calculates the values from what is set there.
-
Ok I set it correctly there except after I go to DHCP server->OPT1 it disappears and reverts back the set IP range.
Heres more details from the interface status page:
rl1 LAN
Status up
IP address 10.0.100.1
Subnet mask 255.255.255.0rl0 OPT1
Status up
DHCP up
IP address 0.0.0.0
Subnet mask 255.0.0.0 -
Why did you set opt1 to dhcp? It doesn't get a lease. There doesn'T seem to be a server on that interface.
-
Hm, well that would make sense, now wouldn't it! Maybe you can append a note to that page, "if you're trying to setup a DHCP server on this interface, select static"
I should be good to go after a little more tampering, thanks for all your help.
-
That option is for dhcp client, not as dhcp server ;)
-
::)
Ok, ran into another snag. I've got the access point all configured correctly so its on 10.0.200.5, I can access from the LAN it and it passes thru CP, now the next item on the agenda would to make CP work on OPT1. When I try to access the net from my laptop it says it can't find the server, although its connected properly and has an IP address (10.0.200.244). I can access the access point config since I setup 10.0.200.50 as an allowed "from" ip in CP.
Any ideas? Its probably something simple I'm just overlooking as I did before :-X
Edit: I can also access the CP page (http://10.0.200.1:8000/) from my LAN.
Edit 2: I have a rule for OPT1 also set, from OPT1 subnet to any. -
Make sure clients at opt1 are using the pfsense opt1 IP as dns.
-
Yep, the access point is configured with dns and gateway of 10.0.200.1, double checked my laptop and it confirms this.
-
Try to delete the allowed IP OPT1 IP. Not sure if this prevents the redirection to the CP page.
-
Hm, ok removed the allowed IP in CP. Still isn't forwarding to the CP login page.
Another note, can't access http://10.0.200.1:8000 from OPT1 but can from the LAN.
-
What version are you running?
-
1.0.1 full install
-
Then I'm out of ideas :-\