Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is this possible? Captured Wi-Fi zone with some static cleared clients?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cr0n_J0b
      last edited by

      I don't really know how to decribe what I'm looking for in the proper firewall terminology, so I'll just tell you what I would like to do.

      I have pfs on a ESX server that bridges my internet(Red) connection with my internal (green) network.  I also have a subset of this LAN extended with some wi-fi access points and bridges.  I have everything on the same network (192.168.1.0/24).  right now, everyone connected to the network with WDS and I have one password setup for all the access points.  What I would like is to have the entire wi-fi zone setup as a captured portal, kind of like a hotel.  Users would see an open connection, but could not get access to the internet and certainly not my Green network without a password or security measure.  I would like to have a simple landing page and setup some guest accounts for users and friends that come over…but I also need some static accounts for certain devices like my Tivo, wii and my wife's system, that will always get access and could see the green network (but only select devices).  I've never tried setting something like this up and would like whatever advice you can give.  Is this possible?  I think it's a smarter way to set things up and would be much more convenient for guests.  I think it would be more secure too...but like I said, I'm new to this, so any help is appreciated.

      thanks

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        You can't do CP on a bridge by the nature of what it requires (redirecting to an IP on that subnet). I would move the wireless off onto its own subnet, either do IP or MAC passthrough for your trusted hosts, or better require VPN, and then you can force everyone else to hit the portal.

        1 Reply Last reply Reply Quote 0
        • C
          Cr0n_J0b
          last edited by

          I think I get what you are saying here.  So i just move the wireless routers to 192.168.2.0/24 so all of the clients that connect see that subnet.  I setup the CP for that subnet only and everyone who comes in on it gets redirected to the portal….right?  But the trusted clients I can somehow have them passthrough the firewall by MAC or IP (i'd rather do mac).

          Now the hard part.  i'll bumbble around and see about setting up the passthrough thing.  As for the new subnet...do I need to change the mask for EVERYONE on the whole network to 255.255.254.0 to allow for that new range? or do I go to 255.255.0.0?  As I said earlier, I'm not a network guy...sorry for the dumb question.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.