Simple Captive portal, what am i doing wrong ?
-
So im new to pfsense this week, ive been playing arround with all sorts of configs and getting to know the tool. For the life of me i CANNOT get captive portals to work. I have tried all sorts of configs so as a last ditch attempt i have done the following:
1. Factory Rest the router
2. Enabled Captive portal on lan1 using local user authentication
3. created a local test user for this(totaly back to basics with no configuration of my own)
My problem; without authentication i can still access every thing through my firewall, im pretty sure this is due to the default rule which allows every thing from lan to anywhere. If i disable the rule i cannot access a thing and do not get redirected to the login page. If i access the router on port 8000 i can sucsefully auth but still cannot access any thing.
I am usiung pfsese 1.2-RC2 installed on a Nokia 440 with a Quad port ethernet card, WTH am i doing wrong? any one help me to get this working?
-
The captive portal inserts a hidden ipfw rule above the default allow that redirects you to the authentication webserver.
Are you sure you are using pfSense as your default gateway etc. Is there any other way off your network other than pfSense?
The captive portal requires the packets to pass into the pfSense firewall to work.
-
I can see the firewall rules if i do "ipfw list" in the shell, they seem right, pfsense is sitting on my network behind another NAT router while i configure it.
effectively the outside range is 10.0.0.x where as pfsense is on 192.168.1.1, i wouldn't have thought this should make a difference?
-
Have you checked the "Block RFC1918 Networks" box on the wan interface. that may affect it.
-
One of your ethernet ports is your WAN, right ?
Your 'first' LAN segment (on the second port) isn't bridged with another internal LAN segment, right ?
(mine is a basic 192.168.1.1/24 range [not bridged] <-> switch <-> {many intenal company PC's and devices}I presume that your 'hotspot' segment is on another Ethetnet plug
(mine is a basic 192.168.2.1/24 [not bridged] <-> switch <-> {many Linksys AP's}My third internal ethernet port is called 'DMZ'
(mine is a basic 192.168.3.1/24 [not bridged] <-> switch <-> {many public accesible servers}
Firewall rules seperate and filter very strict for the LAN <-> DMZ && DMZ <-> WAN.Simple like this - it rock's right from the box…
-
Right on the money morbus, i hooked my router up to my modem directly (after checking my configs a bit more) and testing the public networks option and it works, appears i was running into problems because i was testing it in a cascading NAT situation. Thanks for your help hopefuly in full deployment i wont cripple my self so badly!
