Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal on a Bridge Connection

    Scheduled Pinned Locked Moved Captive Portal
    13 Posts 5 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      daveg
      last edited by

      Hi Guys,

      I'm trying to get Captive Portal 2.0 working over a bridge connection but I don't seem to be getting the login page. (http://192.168.3.1:8000) I've read through the forums and I see a lot of problem are having the same problem but there doesn't seem to be any solution. Here is my configuration :

      WAN (bge1): Fixed IP
      LAN (bge0): 192.168.2.1/24
      OPT2: Bridge0 192.168.3.1/24 (Bridge = LAN+WAN)
      Management (re0): 192.168.1.1/24 (I changed the original label from LAN to management)

      My laptop is connected to the LAN port and my gateway/dns is set to 192.168.3.1 (The bridge connection) I can access the internet fine but the Captive Portal features don't seem to be active. If anyone can help Id greatly appreciate it.

      Thanks
      Dave Geoghegan

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        In the OSI reference model bridging is a link layer (layer 2) activity while routing is a routing layer (layer 3) activity.

        IF (I'm speculating here; I don't know) Captive Portal is a routing layer activity then bridging will take precedence over Captive Portal because packets won't get to layer 3 where Captive Portal might see them.

        1 Reply Last reply Reply Quote 0
        • D
          daveg
          last edited by

          @wallabybob:

          In the OSI reference model bridging is a link layer (layer 2) activity while routing is a routing layer (layer 3) activity.

          IF (I'm speculating here; I don't know) Captive Portal is a routing layer activity then bridging will take precedence over Captive Portal because packets won't get to layer 3 where Captive Portal might see them.

          This appears to be the case, I've spend 3 days looking at this and I even had a second sysadmin look over my work and we've come to the same conclusion. Captive Portal DOES NOT work on Bridge mode on PfSense 2.0.

          I did manage to get it working by setting up PfSense as a router (layer3) but its a shame this feature doesn't work because it adds another point of failure to our system. I have a router already & I'd prefer a situation where I could pull the firewall out if there is a hardware or software failure as I haven't tested this software & I need to use it in a live environment.

          Thanks
          Dave Geoghegan

          1 Reply Last reply Reply Quote 0
          • E
            eri--
            last edited by

            You have not provided enough information to help you troubleshoot.
            Do not expect to come here and have an answer it works or not

            1 Reply Last reply Reply Quote 0
            • D
              daveg
              last edited by

              @ermal:

              You have not provided enough information to help you troubleshoot.
              Do not expect to come here and have an answer it works or not

              What other information could I possibly include? :) … Its a simple bridge connection and when you enable Captive Portal nothing happens. The bridge works fine. Lots of people are having this problem if you search through the forum you'll see what I mean.

              The solution is simple ... change from a layer2 configuration to layer3 configuration because Captive Portal doesn't work over bridge connections. Most likely this is because Captive Portal uses DNS forwarding to redirect users to the portal page. The point of a bridge connection is that you can pull the device out when you need to.

              If I'm wrong then someone please please please prove me wrong !!

              ~ Dave ~

              1 Reply Last reply Reply Quote 0
              • J
                jameson
                last edited by

                @daveg:

                OPT2: Bridge0 192.168.3.1/24 (Bridge = LAN+WAN)

                It's probably not a good idea to bridge the LAN and WAN interface

                1 Reply Last reply Reply Quote 0
                • E
                  eri--
                  last edited by

                  Show all details of configuration and if you are filtering on the bridge!
                  an output of ifconfig, ipfw show and your rules.debug would be helpful
                  also a sysctl -a | grep pfil

                  1 Reply Last reply Reply Quote 0
                  • S
                    skear
                    last edited by

                    According to the pfSense book running the captive portal on a bridged interface is not supported.

                    It states
                    "Here you select the interface captive portal will run on. This cannot be a bridged interface, and cannot be any WAN or OPT WAN interface."

                    Check out my pfSense guides

                    1 Reply Last reply Reply Quote 0
                    • D
                      daveg
                      last edited by

                      @jameson:

                      @daveg:

                      OPT2: Bridge0 192.168.3.1/24 (Bridge = LAN+WAN)

                      It's probably not a good idea to bridge the LAN and WAN interface

                      Its quite safe to use Bridge connections once your rules are setup correctly. I have that same config on Junuper firewalls and it works great.

                      ~ Dave ~

                      1 Reply Last reply Reply Quote 0
                      • D
                        daveg
                        last edited by

                        @ermal:

                        Show all details of configuration and if you are filtering on the bridge!
                        an output of ifconfig, ipfw show and your rules.debug would be helpful
                        also a sysctl -a | grep pfil

                        Ok thanks for the tip & I'll make sure to do that in the future. I see a quote from skear from the book that confirms it cannot work, so I guess there is no need to do this now but thanks again for your help.

                        I don't have the book so I wasn't able to check this myself but it sure would be useful if someone in PfSense added this limitation to captive portal under the features section of the website.

                        ~ Dave ~

                        1 Reply Last reply Reply Quote 0
                        • E
                          eri--
                          last edited by

                          The book is for 1.2.3 and there is no book for 2.0.
                          Please do not hijack threads and if you are not willing to give information in order to get help back do not post at all.

                          Just go and use you Juniper for the matter!

                          1 Reply Last reply Reply Quote 0
                          • D
                            daveg
                            last edited by

                            @ermal:

                            The book is for 1.2.3 and there is no book for 2.0.
                            Please do not hijack threads and if you are not willing to give information in order to get help back do not post at all.

                            Just go and use you Juniper for the matter!

                            I'm sorry your highness, I see its your time of the month & as you know the manual is not free. As a sysadmin I use lots of firewalls not limited to pfsense but if you could teach us (by that I mean the community) how we can setup captive portal over a bridge connection then I'll take my hat off to you sir. Obviously you're a smart guy because you answer lots of questions but putting other helpful people down wastes everyone's time. If you don't understand what a bridge connection is, or what captive portal is then please keep quiet.

                            1 Reply Last reply Reply Quote 0
                            • E
                              eri--
                              last edited by

                              @daveg:

                              @ermal:

                              The book is for 1.2.3 and there is no book for 2.0.
                              Please do not hijack threads and if you are not willing to give information in order to get help back do not post at all.

                              Just go and use you Juniper for the matter!

                              I'm sorry your highness, I see its your time of the month & as you know the manual is not free. As a sysadmin I use lots of firewalls not limited to pfsense but if you could teach us (by that I mean the community) how we can setup captive portal over a bridge connection then I'll take my hat off to you sir. Obviously you're a smart guy because you answer lots of questions but putting other helpful people down wastes everyone's time. If you don't understand what a bridge connection is, or what captive portal is then please keep quiet.

                              Your choice not mine since i have already done the choice!

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.