Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange behaviour with MAC passthrough

    Scheduled Pinned Locked Moved Captive Portal
    5 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Floddy
      last edited by

      Hello,

      My setup on the captive portal net is this:

      [pfsense box nic]–-[wlan AP (access point)]   [wlan AP in client mode]–-[TV]

      • additional laptops connecting to the pfsense box through the wlan AP.

      The TV obviously gets no connectivity to the oustside world unless I let it pass through the captive portal. But, this is the strange thing: If I enter the TV's MAC, it doesn't work. If I enter the TV's wlan AP's MAC though, it works, even if the TVs MAC isn't entered. I really don't understand why? The calls comes from the TV, so, shouldn't the TV be the ones that should be let throght?

      Entering the TV and the TV AP's mac addresses for static DHCP works as a charm.

      Thanks,
      Floddy

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Only one MAC can be seen from any one wireless client, so what your second WLAN box is doing is translating the source MAC to its own MAC. It leaves the MAC within DHCP requests alone, basically acting as a DHCP relay of sorts, which is why it gets its own IP. That's typical behavior in such scenarios.

        1 Reply Last reply Reply Quote 0
        • F
          Floddy
          last edited by

          Ah, ok, that explains it.

          Does that apply only to APs in client mode, or the other "regular" AP as well, like the one connected directly to the pfsense box?

          For example, I have a laptop with windows firewall rules that lets smb traffic through, but only if it's from my regular computer. But, if one would just play with the thought that windows firewall could filter on mac instead of IP addresses; would that work, or would it just see the APs mac?

          Thanks,
          Floddy

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Only applies to devices behind a wireless device in client mode. In a typical AP scenario with multiple clients, those clients all retain their real MAC address.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              There are some APs out there that work in a bridge mode where they don't forward on the client's MAC. I have a couple of them, EDIMAX somethingorother model. It's impossible to use more than one client from behind it in AP client mode from what I could tell.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.