A few CP questions for a concept I thought up.

  • First, I'm only beginning to explore the idea of pfsense and captive portal.  I need to make sure a few of my preconceived notions are true first.  I need to make sure that ALL devices connected to the network can access the LAN without being redirected by the CP.  They need to be able to access the domain controller and web server.  I then need to make sure that a few devices can access the internet freely without being impeded by the CP.  In particular these devices would be video game consoles which can't actually surf the net but need to be able to connect to XBOX live and such.

    Is it possible to allow certain IP/MAC addresses to freely traverse the internet (a whitelist if you will) while any clients not on this list would be forced to authenticate?  I have attached a crude diagram of the theoretical layout.  If this whitelist isn't possible can anybody think of a way to authenticate without using a browser or command-line?

  • Try reading the config page of the CP…..


    Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.


    Adding allowed IP addresses will allow IP access to/from these addresses through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example. By specifying from addresses, it may be used to always allow pass-through access from a client behind the captive portal.
    any x.x.x.x All connections to the IP address are allowed
    x.x.x.x any    All connections from the IP address are allowed

  • Thanks :).  Sorry that I didn't read the docs, I just haven't downloaded it yet to even play with it.  I just found this project around 1:30AM.  I'm at work right now planning stuff out for it.

Log in to reply