New user needs help with Captive Portal and networks

  • I've done some digging on my own…and let me just say, that I'm not areally great networking please take pity.

    I have pfsense setup as my core Firewall/router on my ESX server between my LAN and WAN interfaces.

    On ESX I have 3 vSwitches setup. LAN, WAN and CAP(tured), the LAN is physically connected to my LAN switch and the WAN port to my Cable Modem and the CAP is virtually conntect to the OPT1 interface and a few virtual clients for testing.

    I have 3 virtual interfaces on the PFS box, LAN, WAN and OPT1.

    LAN is, not bridged to anything
    WAN is DHCP
    OPT1 is static  --  I think my subnetting needs some help.

    I have the firewall setup to allow anything out of LAN to ANY and OPT1 to ANY

    I've setup the captured portal on OPT1

    I have DHCP on LAN serving
    I have DHCP on OPT1 service

    With this setup my VM client on CAP network can see and gets an IP from DHCP.  I can use the portal and that works great. But I can't ping addresses.

    My hope was to allow some assigned systems (like my laptop) to get all the way in to the internal network, but for the others, I wanted to leave them to the internet only.  I also wanted to have some clients pass through to the LAN without any auth and bypassing the captive page etc.

    I think my issue is with the subnet and maybe the firewall, but i'm not sure.

    I tried setting the CIDR (I think that's what it's called) to to get a subnet, but when I did that I couldn't see the OPT1 interface from the client.  When I set the OPT1 interface to or /23 the client can ping and everything is ok.

    Again,I'm sorry for all the dumb questions, I'm new to the whole subnet thing.  I looked it up and tried to understand, but all the talk of left bit settings and the like, just confused me more.