• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Captive portal interface can access LAN side

Scheduled Pinned Locked Moved Firewalling
5 Posts 3 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    webmonkey
    last edited by Mar 7, 2013, 10:08 AM Mar 7, 2013, 9:48 AM

    I real am a new to this firewall problem. I search google and forum but I can't help myself out of this problem.
    Captive portal and other function do well , my problem is users from cp side can access to all my LAN side after they successfully authenticated. They can access resourse of LAN. I tried to block , but I don't know what I'm doing. Please show me answer.

    Here is my configuration:

    WAN : 192.168.1.3 DHCP (address reservation)
    LAN : https://192.168.1.4:7777 (same network with wan)
    CP: 192.168.10.1

    Firewall rule, I leave default to  WAN and LAN . I put CP firewall like this : PASS > any > any > any > SAVE. (if I don't put pass rule , CP user can't access to internet)

    Thanks you.
    *** This is terrible , I can't find the right answer. Help me please.

    1 Reply Last reply Reply Quote 0
    • K
      Klaws
      last edited by Mar 7, 2013, 12:41 PM

      Your problem is that WAN and LAN use the same address range. Take a different IP address range for the LAN and then you can block CP traffic trying to get into that range.

      1 Reply Last reply Reply Quote 0
      • W
        webmonkey
        last edited by Mar 8, 2013, 2:27 AM

        I'm sorry , that can't help.
        I change my LAN ip to different network > 192.168.2.4 .
        Still CP side can access , pfsense WAN > 192.168.1.3 and LAN.

        I think i have to change some firewall rule. How to do firewall rule to access internet but not to other network from CP side?
        sorry for my english

        1 Reply Last reply Reply Quote 0
        • L
          lsense
          last edited by Mar 8, 2013, 9:55 AM

          what about putting one more firewall rule on CP interface:
          DENY > any > 192.168.1.0/24 > any > SAVE

          edit: put the rule before the "allow any any" one

          1 Reply Last reply Reply Quote 0
          • K
            Klaws
            last edited by Mar 8, 2013, 10:01 AM Mar 8, 2013, 9:59 AM

            And push that new rule to the top of the list, so it gets precedence over any "allow all" rules.

            No need to apologize for your english.

            Edit: okay…seems that lsense was a bit faster with the edit ;)

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received