Captive Portal in front of DSLAMS DSL users all access



  • I have a Captive Portal box sitting in front of an DSLAM.
    Effectively, if 1 user logs in to captive portal behind a dsl modem in routing/nat mode, then ALL users in the house can access the internet.

    I need somehow without using bridged mode, to have the Captive Portal pick up some information from the client to allow 1 login per system… not 1 login per dsl modem.

    I don't care if it is a mac address, or an ip, or username, but it has to be something so that 1 person in the household logging in doesn't open captive portal for everyone.

    The only answer I've heard this far is 'use bridge mode' but that won't work, as it'll kill all firewalling for everybody.

    any other ideas?

    thank you much,
    Gimpel



  • I've read this
    http://forum.pfsense.org/index.php/topic,4264.0.html

    and I'm thinking that what I'm proposing based on this simply won't work.

    does anyone know if dsl modems can NOT nat and yet route, or pass mac addresses from clients without being in bridge mode?


  • Rebel Alliance Developer Netgate

    Captive portal works at layer 2 (read: MAC address), so unless your clients are bridged to the same layer 2 network as pfSense, and pfSense can see the client MAC addresses directly, then it will not do what you are after.

    We have a feature request open (not sure if it's on redmine or elsewhere) for a layer 3 captive portal that would work by IP, but it's something that requires quite a lot of time toward (and funding…) in order for it to happen.


Locked