Set intranet as startpage for all users in network



  • Hello,

    I have tried used the captive portal and use auto-login to redirect to the intranet. It works very well. But it blocks all my port forwardings. So external visitors can't access port 80 for example.

    Anyone have a solution for this?



  • Firewall rules? CP settings? Are your users Windows users running on a private network, or are they guests? You mention external visitors so it's unclear whether your users are trusted internal users, guest users or a combination. A bit more (and by that I mean a lot more) information would be helpful.



  • on my LAN there are users that just plugin network cable or via Wi-Fi. I want them to get automatic to the intranet as startpage.

    I have a web server that is open on port 80. But when I start captive portal as LAN it block port 80 and users from internet can't access the web server.

    I have also tried "allow IP" for the web server. But it still block when I put on the captive portal.



  • Sorry to have to say this, but unless you post some screenshots of your firewall rules and your captive portal settings this conversation is going to go nowhere fast. Just saying your captive portal blocks port 80 from the outside tells nobody anything about your particular problem other than you have one. And like most people, my psychic abilities aren't up to much.



  • Added to that:
    Your own 'private' devices should be on LAN
    Your captive portal 'users' should run on a second LAN (also called OPT1 when initializing pfSEnse)
    Your web server, "accessible from the Internet" should typically run on another interface, often called DMZ, pfSense will propose it to you as OPT2 when it starts up the first time.

    If, by any 'complicated chance' your captive portal users are connecting to your LAN , and your web server is also on LAN (as is your pfSense router), then pfSEnse has nothing to do with "being blocked" because local visitors can always connect to the web server - they do not need to be identified against the captive portal - this is only needed if they want to visit Internet.
    Correct firewall+nat rules will make your web server (on LAN) accessible from the Internet - this has nothing to do with the Captive portal.
    But again, mixing all together in one network segment (LAN), I wouldn't even ask that to an expert … that's simply NOT done.



  • Well. Gertjan gave me the answer and a solution.

    I understand what I have done wrong and know how to correct it.

    Many thanks for the help!