Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Simple Captive portal, what am i doing wrong ?

    Scheduled Pinned Locked Moved Captive Portal
    6 Posts 3 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      CyberPunk_1000
      last edited by

      So im new to pfsense this week, ive been playing arround with all sorts of configs and getting to know the tool. For the life of me i CANNOT get captive portals to work. I have tried all sorts of configs so as a last ditch attempt i have done the following:

      1. Factory Rest the router
      2. Enabled Captive portal on lan1 using local user authentication
      3. created a local test user for this

      (totaly back to basics with no configuration of my own)

      My problem; without authentication i can still access every thing through my firewall, im pretty sure this is due to the default rule which allows every thing from lan to anywhere. If i disable the rule i cannot access a thing and do not get redirected to the login page. If i access the router on port 8000 i can sucsefully auth but still cannot access any thing.

      I am usiung pfsese 1.2-RC2 installed on a Nokia 440 with a Quad port ethernet card, WTH am i doing wrong? any one help me to get this working?

      1 Reply Last reply Reply Quote 0
      • M Offline
        morbus
        last edited by

        The captive portal inserts a hidden ipfw rule above the default allow that redirects you to the authentication webserver.

        Are you sure you are using pfSense as your default gateway etc. Is there any other way off your network other than pfSense?

        The captive portal requires the packets to pass into the pfSense firewall to work.

        1 Reply Last reply Reply Quote 0
        • C Offline
          CyberPunk_1000
          last edited by

          I can see the firewall rules if i do "ipfw list" in the shell, they seem right, pfsense is sitting on my network behind another NAT router while i configure it.

          effectively the outside range is 10.0.0.x where as pfsense is on 192.168.1.1, i wouldn't have thought this should make a difference?

          1 Reply Last reply Reply Quote 0
          • M Offline
            morbus
            last edited by

            Have you checked the "Block RFC1918 Networks" box on the wan interface. that may affect it.

            1 Reply Last reply Reply Quote 0
            • GertjanG Offline
              Gertjan
              last edited by

              One of your ethernet ports is your WAN, right ?

              Your 'first' LAN segment (on the second port) isn't bridged with another internal LAN segment, right  ?
              (mine is a basic 192.168.1.1/24 range [not bridged] <-> switch <-> {many intenal company PC's and devices}

              I presume that your 'hotspot' segment is on another Ethetnet plug
              (mine is a basic 192.168.2.1/24 [not bridged] <-> switch <-> {many Linksys AP's}

              My third internal ethernet port is called 'DMZ'
              (mine is a basic 192.168.3.1/24  [not bridged] <-> switch <-> {many public accesible servers}
              Firewall rules seperate and filter very strict for the LAN <-> DMZ && DMZ <-> WAN.

              Simple like this - it rock's right from the box…

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • C Offline
                CyberPunk_1000
                last edited by

                Right on the money morbus, i hooked my router up to my modem directly (after checking my configs a bit more) and testing the public networks option and it works, appears i was running into problems because i was testing it in a cascading NAT situation. Thanks for your help hopefuly in full deployment i wont cripple my self so badly!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.