Use pfsense as a wifi captive portal

  • Hi,

    I'd like to use pfsense as a wifi captive portal: authorised users may connect to it via an external access point and go to internet

    Therefore I have installed it with two nics: one on the WLAN network, say 192.168.2.x and one on the LAN network, say 192.168.1.x.

    WLAN network has an access point ( that handles Wi-fi connection, LAN has internet connection, i.e. there is a firewall and a router to internet.
    What I'd like to do is assign a daily ticket to a user, so this user connects to wifi, is forced to authenticate, and only after that is allowed to use internet, i.e. I have to allow some sort of routing (I think) between 192.168.2 and (the internet firewall on LAN).

    My question is: how can I do that? Is it correct to do that? Can you point me to a correct solution???


  • The routing stuff seems straightforward:
    The WLAN side is your pfSense LAN
    Your LAN is the pfSense WAN
    On the pfSense WAN you could:
    a) specify a WAN interface IP that is not used in - e.g. - and set the WAN gateway to and DNS server to whatever; or
    b) use DHCP on WAN and your real internet firewall at can give you an IP, gateway and DNS.
    If you can modify your real internet gateway to add a route back to then you can turn off NAT on the pfSense - no need to end up with "double NAT" if you don't have to.

  • It works.

    Thanks!!! :)

Log in to reply