CP Redirect Problems



  • Hi All
    I did see some info on this issue and tried some of the suggestions but still have not been able to get things working fully.

    My setup is that pfsense is in bridge mode. I bridged the lan and wan, assigned the bridge to opt1 and gave opt1 and ip address.

    I configured cp to use radius authentication and added ip addresses of the dns servers in allowed addresses of cp as was suggested in another thread.

    The users still do not get redirected to the portal page but I can log in manually at <ip_address:8000>I verified that the users can resolve from nslookup

    I ran  ipfw_context -l and got:

    Currently defined contextes and their members:
    portal_name: bridge0,

    I also ran ipfw -x portal_name list and got:

    65291 allow pfsync from any to any
    65292 allow carp from any to any
    65301 allow ip from any to any layer2 mac-type 0x0806,0x8035
    65302 allow ip from any to any layer2 mac-type 0x888e,0x88c7
    65303 allow ip from any to any layer2 mac-type 0x8863,0x8864
    65307 deny ip from any to any layer2 not mac-type 0x0800,0x86dd
    65310 allow ip from any to { 255.255.255.255 or ip_address } in
    65311 allow ip from { 255.255.255.255 or ip_address  } to any out
    65312 allow icmp from { 255.255.255.255 or ip_address  } to any out icmptypes 0
    65313 allow icmp from any to { 255.255.255.255 or ip_address  } in icmptypes 8
    65314 pipe tablearg ip from table(3) to any in
    65315 pipe tablearg ip from any to table(4) in
    65316 pipe tablearg ip from table(3) to any out
    65317 pipe tablearg ip from any to table(4) out
    65318 pipe tablearg ip from table(1) to any in
    65319 pipe tablearg ip from any to table(2) out
    65532 fwd 127.0.0.1,8000 tcp from any to any dst-port 80 in
    65533 allow tcp from any to any out
    65534 deny ip from any to any
    65535 allow ip from any to any

    I even did a restart just to see but no go.</ip_address:8000>


  • Netgate

    Try entering something like http://8.8.8.8/ in the browser.

    If the browser is set to initially try an https site, it will hang.

    I've never set up a CP on a bridge like you are.  If you disable the portal can you browse normally?



  • Even if I enter a regular site it still comes back with website unavailable. I can browse normally once the cp is disabled. As soon as I enable it, I have this problem. Oh I forgot to mention, for the clients, I have to use the IP address of OPT1 as the gateway.


  • Netgate

    Even if I enter a regular site it still comes back with website unavailable. I can browse normally once the cp is disabled. As soon as I enable it, I have this problem. Oh I forgot to mention, for the clients, I have to use the IP address of OPT1 as the gateway.

    Hang on.  I don't get that you bridged LAN and WAN.  Are you trying to use CP on a transparent bridge?  That doesn't work.  If you bridge WAN and LAN, assign an IP address to the bridge interface, and your clients send traffic to the bridge interface as their default gateway, where is left for pfSense to route the traffic?

    “Captive portal

    Captive portal (Chapter 24, Captive Portal) is not compatible with transparent bridging because it requires an IP on the interface being bridged, used to serve the portal contents, and that IP must be the gateway for clients. This means that you can't, for example, bridge LAN to WAN and hope to capture clients with the portal.”

    Excerpt From: Jim Pingle. “pfSense-2.1-book.epub.”



  • Well I was actually setting it up as the book recommended on page 227 right after the paragraph you quoted.
    Below is the quote:

    In pfSense 2.0 and later this can work if you are bridging multiple local interfaces to all route through
    pfSense (e.g. LAN1, LAN2, LAN3, etc). If you assign the bridge interface, give it an IP, and that IP
    is used as the gateway by clients on the bridge, then it can function as expected.



  • Y'know, looking at the paragraph again, I think I misunderstood it. Thanks for that pointer.