Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captive Portal and LAN problems

    Scheduled Pinned Locked Moved Captive Portal
    10 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      assistenzanet95
      last edited by

      Good evening, we installed pfSense on a 80/80 fiber network testing speeds for several clients connected to the captive portal network we saw that these reached a maximum speed of 40 in download and 80 upload. By turning off the LAN (we thought there were problems of loop) and testing from the same machine data are reversed, becoming 80 down and 40 up. The LAN does not use pfSense as a gateway to the Internet, but it has its own reserved on another line. Testing instead directly attacked the captive pfSense door we go to 80/80 with both the LAN active both with LAN off.
      Another problem is that disabling the LAN I can not browse the network captive (I reach via the web even more access points of the network). Possible that by turning off the LAN stops functioning even Captive

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Some rules can't be broken, like : a firewall need at least TWO interfaces.
        and
        Captive Portal works on a 'LAN' type interface.
        etc.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • A
          assistenzanet95
          last edited by

          thanks for your reply, i have 3 interfaces WAN, LAN and OPT1. The Captive Portal is on the OPT1, my problem is if i pull down the LAN NIC the Captive Portal cannot reach internet or other machines in the same network

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            Ah, more useful info ….

            I advise you to NOT pulling down the LAN (use 192.168.1.1/24 except if you are a network expert) interface - just don't use it will do fine.
            Captive Portal on OPT1 : that good. Use 192.168.2.1 - same criteria.

            What is your WAN IP (settings) Note some local IP I hope ... (that won't work except if you took the counter measures ...).

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • A
              assistenzanet95
              last edited by

              the WAN ip is one of the eight the my ISP gave to me.
              In the LAN i have the "office" network (but the LAN have another gateway, not pfsense )
              The OPT1 is the captive, which cannot access to the LAN, OPT1 can only go on internet through the WAN.

              So why if i pull down LAN the OPT cannot access to internet?

              WAN: 213.x.x.x/29
              LAN: 192.168.0.0/24
              OPT: 192.168.100.0/22

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                What are you giving your CP clients for DNS and gateway? What are the rules on OPT1?

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • A
                  assistenzanet95
                  last edited by

                  CP Client DNS: 192.168.100.1 (OPT1 Address)
                  CP Client Gateway: 192.168.100.1 (OPT1 Address)

                  I'll attach my CP rules

                  firewall.jpg_thumb
                  firewall.jpg

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    So when LAN is disabled can CP clients resolve names?

                    Can they ping OPT1 address?

                    Do you have anything in Allowed IP addresses or Allowed Hostnames?

                    What happens if you put http://10.10.10.10/ into a browser on a CP client?

                    What version of pfSense is it?

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • A
                      assistenzanet95
                      last edited by

                      @Derelict:

                      So when LAN is disabled can CP clients resolve names?

                      Can they ping OPT1 address?

                      Do you have anything in Allowed IP addresses or Allowed Hostnames?

                      What happens if you put http://10.10.10.10/ into a browser on a CP client?

                      What version of pfSense is it?

                      No when i disable LAN i can't resolv names on CP

                      Yes i can ping the entire OPT1 network, but i can't open the  webpages oh the antennas.

                      Yes in the allowed IP addresses i have about 70 antennas and about 20 Allowed Hostnames

                      Nothing happens if i try to open http://10.10.10.10, my OPT1 address is 192.168.100/22

                      My version of pfSense is 2.1.1

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        @assistenzanet95:

                        @Derelict:

                        So when LAN is disabled can CP clients resolve names?

                        Can they ping OPT1 address?

                        Do you have anything in Allowed IP addresses or Allowed Hostnames?

                        What happens if you put http://10.10.10.10/ into a browser on a CP client?

                        What version of pfSense is it?

                        No when i disable LAN i can't resolv names on CP

                        You have something hosed. You are going to have to post screenshots of all your interfaces, all your firewall rules, and all your CP settings. Could be one or more of of a 1000 different things.

                        Yes i can ping the entire OPT1 network, but i can't open the  webpages oh the antennas.

                        I presume antennas means access points. I don't know why you would want to be able to access your access point web interfaces from the portal network. Most people want the opposite.

                        Yes in the allowed IP addresses i have about 70 antennas and about 20 Allowed Hostnames

                        Again, no idea why you care about the access point web interfaces from the portal network.

                        Nothing happens if i try to open http://10.10.10.10, my OPT1 address is 192.168.100/22

                        The point is to eliminate the need for working DNS to get the portal page. If it doesn't come up it's broken. Again, screenshots of everything.

                        My version of pfSense is 2.1.1

                        Ancient. Upgrade. At least to 2.1.5 if you want to take small steps.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.