VLANs/CP and OpenDNS clarification question

GS850L

Hi,
    Did I say how great the members on this forum are ;)

I am trying to get a good understanding of how the dns forwarders work in pfSense. So if I have OpenDNS set in the GeneralSettings tab, and have CP running on a VLAN interface with DNS forwarding turned on the same VLAN interface, does pfSense bypass the VLAN dns forwarder thus also bypassing the captive portal?

Just trying to get this straight in my head ??? LOL

Edit: I have multiple VLANs coming into one lan card on the pfSense box

Andy

Derelict

Your CP clients will presumably be configured with the pfSense interface address as their DNS server using DHCP.  The clients will submit their queries to the interface address.  The forwarder will then ask the DNS servers configured in general settings for answers to queries it doesn't have cached yet.

Your Captive Portal does not need to be configured to allow direct access to the OpenDNS servers from behind the portal.

There does need to be a rule on your captive portal interface allowing access to tcp/udp port 53 on the interface address though.

GS850L

I guess it's the opening up port 53 that I don't "get".  If there is no General Settings dns server listed then we don't have to have a rule for port 53 for CP to work.  Why doesn't captive portal work without a port 53 rule when there is a general settings dns server listed?

Just trying to understand this.

Thanks much,
Andy

Derelict

You need firewall rules for everything that comes in the LAN port for routing elsewhere.

If you have a permit any any it will cover the port 53 to the LAN interface for DNS.

Are you trying to fix a specific problem?

GS850L

Hi,
    Yes there is a problem with clients not going to the CP page on VLAN2, it is turned  on only for this VLAN. The dns forwarder is turned on for all interfaces. OpenDNS is set in the General Setup tab. Not sure what to check next.

Thank you

| –- WAN
|
|--- LAN----->VLAN1
                  >VLAN2-->Captiveportal on this VLAN, clients don't see CP though.
                  >VLAN3
                  >VLAN4
                  >VLAN5

Derelict

Can the clients on VLAN2 resolve DNS queries before punching through the portal?

GS850L

Hello,
  I tested some more today. I was getting a dhcp ip, the vlan ip was set as my dns and the captive portal page came up when trying to get to google or wherever. The strange part is when I entered an active voucher and hit enter I was transferred to the  pfSense admin. login screen…?

Good day,
Andy

GS850L

My test system webpage had an i.p. in place of "$PORTAL_ACTION$". It worked on the test system but not the live system. Anyway, replaced the i.p. and redirect with the proper commands.

Derelict

With acceptable results?

GS850L

Yes, all fixed.