Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A few CP questions for a concept I thought up.

    Scheduled Pinned Locked Moved Captive Portal
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Crashspeeder
      last edited by

      First, I'm only beginning to explore the idea of pfsense and captive portal.  I need to make sure a few of my preconceived notions are true first.  I need to make sure that ALL devices connected to the network can access the LAN without being redirected by the CP.  They need to be able to access the domain controller and web server.  I then need to make sure that a few devices can access the internet freely without being impeded by the CP.  In particular these devices would be video game consoles which can't actually surf the net but need to be able to connect to XBOX live and such.

      Is it possible to allow certain IP/MAC addresses to freely traverse the internet (a whitelist if you will) while any clients not on this list would be forced to authenticate?  I have attached a crude diagram of the theoretical layout.  If this whitelist isn't possible can anybody think of a way to authenticate without using a browser or command-line?
      layout.jpg
      layout.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Try reading the config page of the CP…..

        @Pass-through:

        Note:
        Adding MAC addresses as pass-through MACs allows them access through the captive portal automatically without being taken to the portal page. The pass-through MACs can change their IP addresses on the fly and upon the next access, the pass-through tables are changed accordingly. Pass-through MACs will however still be disconnected after the captive portal timeout period.

        @Allowed:

        Adding allowed IP addresses will allow IP access to/from these addresses through the captive portal without being taken to the portal page. This can be used for a web server serving images for the portal page or a DNS server on another network, for example. By specifying from addresses, it may be used to always allow pass-through access from a client behind the captive portal.
        any x.x.x.x All connections to the IP address are allowed
        x.x.x.x any    All connections from the IP address are allowed

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • C
          Crashspeeder
          last edited by

          Thanks :).  Sorry that I didn't read the docs, I just haven't downloaded it yet to even play with it.  I just found this project around 1:30AM.  I'm at work right now planning stuff out for it.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.