Installation and initial setup, Need Guidance
-
Hello,
I'm helping out family on setting up a controlled public wifi and I ended up trying pfsense. Having a captive portal is a big first step. But, I'm having trouble on the initial setup stages and that's why I'm begging for guidance on the right direction.
pfsense is installed in an Asus EEEPC netbook. Console is working and freebsd detects two interfaces: ath0 and alc0. The network consist of a router (over the counter box router), which is connected to the ISP, and local machines connected via wifi and ethernet.
The problem I'm having with pfsense is I always end up not accessing the webGUI and ultimately unable to ping the interface. I'm able to access the webGUI only after a fresh install. Once I access it, I enable the interface, enable dhcp and captive portal. For some reason, webGUI would be gone at one point in those saves.
Although I have tried a couple more different assignments or configuration, here's what I think is ideal:
ath0 (i think its wifi interface) is LAN. static ip 192.168.1.1. dhcp enabled 192.168.1.50-192.168.1.100.
alc0 (i think its ethernet ) is WAN. dhcp client. connected to box router.Then,
box router is 192.168.2.1. dhcp enabled 192.168.2.50-192.168.2.100.I'm accessing the webGUI in both netbook interfaces. I have dhcp in the box router network. Then, I also access the ath0 webGUI by manual up settings.
I have yet to see the ath0 in wifi devices.
Let me know if I don't make any sense.
I would appreciate any form of help. Thank you for reading and have a great day.
-
As soon as you enable two interfaces pfSense uses it's default firewall config which blocks access to the webgui from WAN. It allows access from LAN but since your LAN is wireless it will require additional config to get up and running. You need to enable access to the webgui via WAN in order to do that.
You can do that by setting only one interface at install, set alc0 as WAN then nothing else. Then add a firewall rule to specifically allow access to the webgui on WAN before enabling the LAN interface. Also diable 'block private networks' in the WAN interface setup since your WAN is in private address space.
Alternatively, if you've already installed pfSense, you can temporarily allow access via the WAN interface by disabling the firewall. See this docs page.Use pfctl -d and pfctl -e at the console. Again once you have access add a rule to allow WAN webgui access.
Steve
-
Thank you stepehnw10. I can access the webGUI now by following your instructions.
For some reason, I had a similar problem with Captive Portal. I was able to access the page once then once I submitted the user info, it timed out. I'm not sure if I went through authentication or internet is not working. But, no device is listed in Captive Portal Status page. From that point, I can connect to the wifi network but it times out and no captive portal page.
So what I did after what I previously stated above was enable Captive Portal. Select Local Manager/Voucher as Authentication. And other settings:
alc0-WAN 192.168.2.1(ethernet) WAN is set to dhcp
ath0 -LAN 192.168.1.1 has dhcp enabled. dhcp gateway is set to 192.168.1.1
ath0-WAN is set as Access Point
Interface ath0-LAN's gateway is set to 192.168.1.1 which is the WAN server
Added firewall rules: alc0 and ath0 pass.Thank you. I wonder if the captive portal "blink" is a firewall setting. i appreciate any help and suggestions.
-
The captive portal works at layer 2 so if you have problem at layer 3, ip address - routing etc, the captive portal is likely the only thing you will see. Check that the pfSense DHCP server is handing out the correct IP address etc. I confess that I don't use the captive portal anyway currently so I'm perhaps not the right person to answer this. Anyone else?
I'm not sure what you mean by 'ath0-WAN'. You should have one WAN, alc0, and one LAN, ath0.
Steve
