CP block internet in LAN



  • hi, im setting up a basic network which include 2 interface which is wan and also lan.
    wan:172.16..x.x
    lan:192.168.x.x

    the pfsense box works fine until i enabled the CP. the CP block the network from lan to wan as i tried to ping to the wan network from the lan client after i enabled the captive portal. i have already set up the dhcp server on lan interface, and the dns forwarder and also adding user in user manager. the nslookup from the pfsense box to google.com is a success. therefore i think there is a problem within the pfsense box which is from the lan network to the wan network after i enable the CP.

    thanks in advance.


  • LAYER 8 Netgate

    Captive portal is supposed to block access prior to login.  Please be more specific as to what your problem is. What happens when you're behind the portal and try to get to http://10.0.0.1/ in a web browser?  Portal page?



  • thank you for your reply, my main problem is, when i enable the captive portal, it will block the traffic from wan to lan, ergo there is no internet in the lan side.. is there any rule that i have to add specifically to allow the traffic when i enable the cp ??

    btw, this is my landing page, i use no authentication as i only want to test it before using my real landing page.

    <title><br />Welcome to our network!<br /></title>

    Thank you for connecting to our network.

    click continue to access internet


  • LAYER 8 Netgate

    Traffic in pfSense doesn't flow from WAN to LAN unless you put firewall rules on WAN allowing that but that's not what you want.

    Reply traffic from WAN to LAN for connections established by clients on LAN is allowed automatically by the stateful firewall.

    I say again: What happens when you're behind the portal and try to get to http://10.0.0.1/ in a web browser?  Portal page?

    Adding: What happens after you go through the login process?  Internet access?



  • @Derelict:

    Captive portal is supposed to block access prior to login.  Please be more specific as to what your problem is. What happens when you're behind the portal and try to get to http://10.0.0.1/ in a web browser?  Portal page?

    and yes, when i access http://10.0.0.1/ i web browser behind the portal i will go to the portal page, but when i click on continue, it will not redirect to google, as there is no internet access, i hope that answered your question


  • LAYER 8 Netgate

    What are the firewall rules on the LAN interface tab?



  • there are only the basic rules, and i didnt add or remove any rules from the factory defaults



  • LAYER 8 Netgate

    Is your IP and MAC being added to the CP logins? (Status->Captive Portal) ??

    How about reverting to the stock CP login page?  I don't think I have the desire right now to debug your html/javascript.  You have to either delete the captive portal and recreate it or upload an empty file.



  • the ip  and mac are not added in the cp.. i have already upload a few types of file which consist of php, html and javascript, but it still doesnt work..
    how about the rules, are they ok ??


  • LAYER 8 Netgate

    Yes.  If you're clicking login and the IP/MAC aren't being added it's your login page html most likely.



  • really??, however, if i run the html file directly(not enabling in the captive portal service), the login portal will work and redirect me to google.com


  • LAYER 8 Netgate

    Go back to defaults, get it working, and then modify your login page.

    I don't think your page is calling what needs to be called in index.php to process the login and add your MAC/IP pair to the portal pass through tables.



  • derelict, thank you very much, at last after a week struggling,i figure out the problem, the login page html that i make doesnt work because it didnt have this

    <form method="post" action="http://192.168.30.1:8000/">.. i put the dafault page too campare the default and my login page.. my bad bro  :P
    </form>


  • LAYER 8 Netgate

    Glad you found it.  Happy pfSensing.


  • LAYER 8 Netgate

    Also, check out the variables in the html file:

    <form method="post" action="$PORTAL_ACTION$">

    You were missing the backslashes so the proper substitutions weren't being made.  You can save yourself some future grief (and easier reusability of your login html/php) if you get those working.  When you start adding more portals or https logins, the port number changes.

    If you want to grab a copy of the actual default HTML, it's in /etc/inc/captiveportal.inc starting at line 56 on 2.1.5-RELEASE.</form>



  • thank you very much, i still need to modified my html page.. haha, and thanks for the link, i will check it out later ;)


Log in to reply