ASSIGNMENT DHCP



  • greetings:

    I wonder if someone could give me a help, what happens is that I have my network with pfsense as firewall and IPS have 1 supplier for the internet, within my network have implemented a captive to external site visits, this server has 2 interfaces one having a lan ip assigned by the pfsense (192.168.1.0/24) and one for the subnet (172.16.2.0/24), the problem is that when a user connects to the captive portal connects with ip 172.16.2.4 but pfsense navigate what is not allowed.

    Is it most likely is because the address range is not the pfsense DHCP because this is 192.168.1.0/24, but as it could do to give access? from already thank you very much



  • So you have a network that looks like this:

    <captive 24="" portal="" users:="" 172.16.2.0="">–-Server Thing---<lan: 24="" 192.168.1.0="">---pfSense---<internet>'

    Is that correct? If so then pfSense needs a static route pointing the 172.16.2.0/24 network to the static IP of the "Server Thing" on the 192.168.1.0/24 network. pfSense also needs firewall rules to allow the traffic from 172.16.2.0/24 through to the internet and a NAT rule to NAT it out your public IP.</internet></lan:></captive>



  • Thanks antillie, my network is this; eth0 is the WAN and eth1 is the LAN and in the switch all my netrwork but also i connect my PC in where is my captive portal (CP), this server is captive portal, squid and firewall personalized and Access Point with the wlan0

    (internet)–--eth0----(pfsense)----eth1----(switch)----(LAN192.168.1.0/24)
                                                                        |
                                                                        |_____eth0----(PC-/CP/SQUID/FW)----wlan0
    AP

    My question is this need a rounting and nat? and how can create this rules?


  • LAYER 8 Netgate

    To just get it working, create the rule on the LAN interface on your eth0 (OPT1??) interface but adjust the source network to the interface network.

    If you want to prevent captive portal users from accessing LAN assets you will have to create a reject rule on OPT1 that blocks to destination LAN net.

    Same for anything else you don't want them to be able to access.


Log in to reply