Captive portal will not redirect to portal page

jbrown

vlans are configured on the APs.  Just an FYI.  Everything works as it should, but as soon as I change the LAN interface on the pfsense to /24 (the way it hsould be) i get the issues stated in my previous posts.

Derelict

It's a start but with no detail it'd be guessing.  Post some details.

jbrown

Been messing with this all day…..

my switch:  have a vlan 240 with ip address 172.16.240.2 /24
pfsense:  have a vlan 240 with ip address 172.16.240.1 /24

on the pfsense i changed my lan to /24 like we discussed.  everything seems to be working great.  firewall log is saying the correct interface now.  BUT, i have a problem, of course.  i am getting intermittent blocks from my firewall.  for instance, i rdp into my print server.  and i will get disconnected after awhile.  but it will reconnect.  so its intermittent.  i look at my firewall log and it is telling me im getting blocked....

attached is the message - please note: it is going to say 172.16.0.0/16 in the attachement.  thats because i started changing things back so that it would work like normal.  so just pretend it says 172.16.0.0/24  :)

jbrown

bump….    :-\

Derelict

Why are you messing around with firewall rules for captive portal?

On the interface with the portal on it:

Pass the traffic you want your portal users to be able to get to (DNS servers, etc.  This also requires allowed IPs in the portal so they can get there before logging in)
Block the traffic you don't want them to be able to get to (protected local networks, etc)
Pass any any (the internet)

172.16.0.0/24 does not include 172.16.240.0/24 so I'm not sure what you're trying to do with that rule.

jbrown

I understand what you are telling me.

I have disabled captive portal until I figure out my other issues.

I did not mess with the firewall.

I was simply stating that when i changed my vlan to /24 it seems that my firewall is blocking traffic.  For example, I RDP into one of my servers and i keep getting disconnected and reconnected.

The only rule I have in my firewall for that interface is any to any.

With that said, should I change my rules to what you stated?

thanks!

Derelict

I have no idea what rules you need.  Every network is different.

In general:

Pass what you want
Block what you don't want
Pass everything else

jbrown

Let me start over, what I don't understand is why is this stuff getting blocked when I have everything open?  Please see attached.  thanks.

Derelict

Those are broadcasts.  Who cares?