Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captivate Portal for one vlan with Cisco router as a gateway

    Scheduled Pinned Locked Moved Captive Portal
    4 Posts 2 Posters 792 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfDriver
      last edited by

      Hello, I'd like to ask if it is possible to use pfSense Captivate Portal in the way that it is presented on the picture?

      http://www.yogile.com/j62nezy3#05178704l

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        No.  Traffic destined for the internet on VLAN 10 will never be going through pfSense.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P
          pfDriver
          last edited by

          Ok, so what should I change in my network topology to make my goal (to restrict internet access to vlan10)? Do I need to change the default gateway in client computers?

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You probably need to make VLAN 10 a LAN on pfSense and put all the clients behind it.  To activate the captive portal requests to port 80 need to be sent to the pfSense interface.  This usually means it needs to be the default gateway of the clients.

            If you put the pfSense WAN on VLAN 1 and LAN on VLAN 10 and let pfSense handle all the DHCP for VLAN 10 it would get you there.  You should also be able to forward DHCP to another server if required.

            You'll also probably want to disable NAT in pfSense (switch to manual outbound and delete all the NAT rules.)

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.