New user needs help with Captive Portal and networks



  • I've done some digging on my own…and let me just say, that I'm not areally great networking guy...so please take pity.

    I have pfsense setup as my core Firewall/router on my ESX server between my LAN and WAN interfaces.

    On ESX I have 3 vSwitches setup. LAN, WAN and CAP(tured), the LAN is physically connected to my LAN switch and the WAN port to my Cable Modem and the CAP is virtually conntect to the OPT1 interface and a few virtual clients for testing.

    I have 3 virtual interfaces on the PFS box, LAN, WAN and OPT1.

    LAN is 192.168.1.211/16, not bridged to anything
    WAN is DHCP
    OPT1 is static 192.168.2.1/23  --  I think my subnetting needs some help.

    I have the firewall setup to allow anything out of LAN to ANY and OPT1 to ANY

    I've setup the captured portal on OPT1

    I have DHCP on LAN serving 192.168.1.100-192.168.1.250
    I have DHCP on OPT1 service 192.168.2.2-192.168.2.245

    With this setup my VM client on CAP network can see 192.168.2.1 and gets an IP from DHCP.  I can use the portal and that works great. But I can't ping 192.168.1.0 addresses.

    My hope was to allow some assigned systems (like my laptop) to get all the way in to the internal network, but for the others, I wanted to leave them to the internet only.  I also wanted to have some clients pass through to the LAN without any auth and bypassing the captive page etc.

    I think my issue is with the subnet and maybe the firewall, but i'm not sure.

    I tried setting the CIDR (I think that's what it's called) to 192.168.2.1/16 to get a 255.255.0.0 subnet, but when I did that I couldn't see the OPT1 interface from the client.  When I set the OPT1 interface to 192.168.2.1/24 or /23 the client can ping and everything is ok.

    Again,I'm sorry for all the dumb questions, I'm new to the whole subnet thing.  I looked it up and tried to understand, but all the talk of left bit settings and the like, just confused me more.


Locked