Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CP block internet in LAN

    Scheduled Pinned Locked Moved Captive Portal
    16 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      amiruldin
      last edited by

      hi, im setting up a basic network which include 2 interface which is wan and also lan.
      wan:172.16..x.x
      lan:192.168.x.x

      the pfsense box works fine until i enabled the CP. the CP block the network from lan to wan as i tried to ping to the wan network from the lan client after i enabled the captive portal. i have already set up the dhcp server on lan interface, and the dns forwarder and also adding user in user manager. the nslookup from the pfsense box to google.com is a success. therefore i think there is a problem within the pfsense box which is from the lan network to the wan network after i enable the CP.

      thanks in advance.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Captive portal is supposed to block access prior to login.  Please be more specific as to what your problem is. What happens when you're behind the portal and try to get to http://10.0.0.1/ in a web browser?  Portal page?

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • A
          amiruldin
          last edited by

          thank you for your reply, my main problem is, when i enable the captive portal, it will block the traffic from wan to lan, ergo there is no internet in the lan side.. is there any rule that i have to add specifically to allow the traffic when i enable the cp ??

          btw, this is my landing page, i use no authentication as i only want to test it before using my real landing page.

          <title><br />Welcome to our network!<br /></title>

          Thank you for connecting to our network.

          click continue to access internet

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Traffic in pfSense doesn't flow from WAN to LAN unless you put firewall rules on WAN allowing that but that's not what you want.

            Reply traffic from WAN to LAN for connections established by clients on LAN is allowed automatically by the stateful firewall.

            I say again: What happens when you're behind the portal and try to get to http://10.0.0.1/ in a web browser?  Portal page?

            Adding: What happens after you go through the login process?  Internet access?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • A
              amiruldin
              last edited by

              @Derelict:

              Captive portal is supposed to block access prior to login.  Please be more specific as to what your problem is. What happens when you're behind the portal and try to get to http://10.0.0.1/ in a web browser?  Portal page?

              and yes, when i access http://10.0.0.1/ i web browser behind the portal i will go to the portal page, but when i click on continue, it will not redirect to google, as there is no internet access, i hope that answered your question

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                What are the firewall rules on the LAN interface tab?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • A
                  amiruldin
                  last edited by

                  there are only the basic rules, and i didnt add or remove any rules from the factory defaults

                  Untitled.png
                  Untitled.png_thumb

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Is your IP and MAC being added to the CP logins? (Status->Captive Portal) ??

                    How about reverting to the stock CP login page?  I don't think I have the desire right now to debug your html/javascript.  You have to either delete the captive portal and recreate it or upload an empty file.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • A
                      amiruldin
                      last edited by

                      the ip  and mac are not added in the cp.. i have already upload a few types of file which consist of php, html and javascript, but it still doesnt work..
                      how about the rules, are they ok ??

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        Yes.  If you're clicking login and the IP/MAC aren't being added it's your login page html most likely.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • A
                          amiruldin
                          last edited by

                          really??, however, if i run the html file directly(not enabling in the captive portal service), the login portal will work and redirect me to google.com

                          1 Reply Last reply Reply Quote 0
                          • DerelictD
                            Derelict LAYER 8 Netgate
                            last edited by

                            Go back to defaults, get it working, and then modify your login page.

                            I don't think your page is calling what needs to be called in index.php to process the login and add your MAC/IP pair to the portal pass through tables.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • A
                              amiruldin
                              last edited by

                              derelict, thank you very much, at last after a week struggling,i figure out the problem, the login page html that i make doesnt work because it didnt have this

                              <form method="post" action="http://192.168.30.1:8000/">.. i put the dafault page too campare the default and my login page.. my bad bro  :P
                              </form>

                              1 Reply Last reply Reply Quote 0
                              • DerelictD
                                Derelict LAYER 8 Netgate
                                last edited by

                                Glad you found it.  Happy pfSensing.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • DerelictD
                                  Derelict LAYER 8 Netgate
                                  last edited by

                                  Also, check out the variables in the html file:

                                  <form method="post" action="$PORTAL_ACTION$">

                                  You were missing the backslashes so the proper substitutions weren't being made.  You can save yourself some future grief (and easier reusability of your login html/php) if you get those working.  When you start adding more portals or https logins, the port number changes.

                                  If you want to grab a copy of the actual default HTML, it's in /etc/inc/captiveportal.inc starting at line 56 on 2.1.5-RELEASE.</form>

                                  Chattanooga, Tennessee, USA
                                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    amiruldin
                                    last edited by

                                    thank you very much, i still need to modified my html page.. haha, and thanks for the link, i will check it out later ;)

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.