Captive Portal on a Bridge Connection
-
Hi Guys,
I'm trying to get Captive Portal 2.0 working over a bridge connection but I don't seem to be getting the login page. (http://192.168.3.1:8000) I've read through the forums and I see a lot of problem are having the same problem but there doesn't seem to be any solution. Here is my configuration :
WAN (bge1): Fixed IP
LAN (bge0): 192.168.2.1/24
OPT2: Bridge0 192.168.3.1/24 (Bridge = LAN+WAN)
Management (re0): 192.168.1.1/24 (I changed the original label from LAN to management)My laptop is connected to the LAN port and my gateway/dns is set to 192.168.3.1 (The bridge connection) I can access the internet fine but the Captive Portal features don't seem to be active. If anyone can help Id greatly appreciate it.
Thanks
Dave Geoghegan
-
In the OSI reference model bridging is a link layer (layer 2) activity while routing is a routing layer (layer 3) activity.
IF (I'm speculating here; I don't know) Captive Portal is a routing layer activity then bridging will take precedence over Captive Portal because packets won't get to layer 3 where Captive Portal might see them.
-
In the OSI reference model bridging is a link layer (layer 2) activity while routing is a routing layer (layer 3) activity.
IF (I'm speculating here; I don't know) Captive Portal is a routing layer activity then bridging will take precedence over Captive Portal because packets won't get to layer 3 where Captive Portal might see them.
This appears to be the case, I've spend 3 days looking at this and I even had a second sysadmin look over my work and we've come to the same conclusion. Captive Portal DOES NOT work on Bridge mode on PfSense 2.0.
I did manage to get it working by setting up PfSense as a router (layer3) but its a shame this feature doesn't work because it adds another point of failure to our system. I have a router already & I'd prefer a situation where I could pull the firewall out if there is a hardware or software failure as I haven't tested this software & I need to use it in a live environment.
Thanks
Dave Geoghegan
-
You have not provided enough information to help you troubleshoot.
Do not expect to come here and have an answer it works or not
-
@ermal:
You have not provided enough information to help you troubleshoot.
Do not expect to come here and have an answer it works or notWhat other information could I possibly include? :) … Its a simple bridge connection and when you enable Captive Portal nothing happens. The bridge works fine. Lots of people are having this problem if you search through the forum you'll see what I mean.
The solution is simple ... change from a layer2 configuration to layer3 configuration because Captive Portal doesn't work over bridge connections. Most likely this is because Captive Portal uses DNS forwarding to redirect users to the portal page. The point of a bridge connection is that you can pull the device out when you need to.
If I'm wrong then someone please please please prove me wrong !!
~ Dave ~
-
OPT2: Bridge0 192.168.3.1/24 (Bridge = LAN+WAN)
It's probably not a good idea to bridge the LAN and WAN interface
-
Show all details of configuration and if you are filtering on the bridge!
an output of ifconfig, ipfw show and your rules.debug would be helpful
also a sysctl -a | grep pfil
-
According to the pfSense book running the captive portal on a bridged interface is not supported.
It states
"Here you select the interface captive portal will run on. This cannot be a bridged interface, and cannot be any WAN or OPT WAN interface."
-
OPT2: Bridge0 192.168.3.1/24 (Bridge = LAN+WAN)
It's probably not a good idea to bridge the LAN and WAN interface
Its quite safe to use Bridge connections once your rules are setup correctly. I have that same config on Junuper firewalls and it works great.
~ Dave ~
-
@ermal:
Show all details of configuration and if you are filtering on the bridge!
an output of ifconfig, ipfw show and your rules.debug would be helpful
also a sysctl -a | grep pfilOk thanks for the tip & I'll make sure to do that in the future. I see a quote from skear from the book that confirms it cannot work, so I guess there is no need to do this now but thanks again for your help.
I don't have the book so I wasn't able to check this myself but it sure would be useful if someone in PfSense added this limitation to captive portal under the features section of the website.
~ Dave ~
-
The book is for 1.2.3 and there is no book for 2.0.
Please do not hijack threads and if you are not willing to give information in order to get help back do not post at all.Just go and use you Juniper for the matter!
-
@ermal:
The book is for 1.2.3 and there is no book for 2.0.
Please do not hijack threads and if you are not willing to give information in order to get help back do not post at all.Just go and use you Juniper for the matter!
I'm sorry your highness, I see its your time of the month & as you know the manual is not free. As a sysadmin I use lots of firewalls not limited to pfsense but if you could teach us (by that I mean the community) how we can setup captive portal over a bridge connection then I'll take my hat off to you sir. Obviously you're a smart guy because you answer lots of questions but putting other helpful people down wastes everyone's time. If you don't understand what a bridge connection is, or what captive portal is then please keep quiet.
-
@ermal:
The book is for 1.2.3 and there is no book for 2.0.
Please do not hijack threads and if you are not willing to give information in order to get help back do not post at all.Just go and use you Juniper for the matter!
I'm sorry your highness, I see its your time of the month & as you know the manual is not free. As a sysadmin I use lots of firewalls not limited to pfsense but if you could teach us (by that I mean the community) how we can setup captive portal over a bridge connection then I'll take my hat off to you sir. Obviously you're a smart guy because you answer lots of questions but putting other helpful people down wastes everyone's time. If you don't understand what a bridge connection is, or what captive portal is then please keep quiet.
Your choice not mine since i have already done the choice!