Captive Portal and LAN problems

Captive Portal
Log in to reply
  • A

    Good evening, we installed pfSense on a 80/80 fiber network testing speeds for several clients connected to the captive portal network we saw that these reached a maximum speed of 40 in download and 80 upload. By turning off the LAN (we thought there were problems of loop) and testing from the same machine data are reversed, becoming 80 down and 40 up. The LAN does not use pfSense as a gateway to the Internet, but it has its own reserved on another line. Testing instead directly attacked the captive pfSense door we go to 80/80 with both the LAN active both with LAN off.
    Another problem is that disabling the LAN I can not browse the network captive (I reach via the web even more access points of the network). Possible that by turning off the LAN stops functioning even Captive

    0
  • Gertjan

    Some rules can't be broken, like : a firewall need at least TWO interfaces.
    and
    Captive Portal works on a 'LAN' type interface.
    etc.

    0
  • A

    thanks for your reply, i have 3 interfaces WAN, LAN and OPT1. The Captive Portal is on the OPT1, my problem is if i pull down the LAN NIC the Captive Portal cannot reach internet or other machines in the same network

    0
  • Gertjan

    Ah, more useful info ….

    I advise you to NOT pulling down the LAN (use 192.168.1.1/24 except if you are a network expert) interface - just don't use it will do fine.
    Captive Portal on OPT1 : that good. Use 192.168.2.1 - same criteria.

    What is your WAN IP (settings) Note some local IP I hope ... (that won't work except if you took the counter measures ...).

    0
  • A

    the WAN ip is one of the eight the my ISP gave to me.
    In the LAN i have the "office" network (but the LAN have another gateway, not pfsense )
    The OPT1 is the captive, which cannot access to the LAN, OPT1 can only go on internet through the WAN.

    So why if i pull down LAN the OPT cannot access to internet?

    WAN: 213.x.x.x/29
    LAN: 192.168.0.0/24
    OPT: 192.168.100.0/22

    0
  • Derelict
    LAYER 8 Netgate

    What are you giving your CP clients for DNS and gateway? What are the rules on OPT1?

    0
  • A

    CP Client DNS: 192.168.100.1 (OPT1 Address)
    CP Client Gateway: 192.168.100.1 (OPT1 Address)

    I'll attach my CP rules


    0
  • Derelict
    LAYER 8 Netgate

    So when LAN is disabled can CP clients resolve names?

    Can they ping OPT1 address?

    Do you have anything in Allowed IP addresses or Allowed Hostnames?

    What happens if you put http://10.10.10.10/ into a browser on a CP client?

    What version of pfSense is it?

    0
  • A

    @Derelict:

    So when LAN is disabled can CP clients resolve names?

    Can they ping OPT1 address?

    Do you have anything in Allowed IP addresses or Allowed Hostnames?

    What happens if you put http://10.10.10.10/ into a browser on a CP client?

    What version of pfSense is it?

    No when i disable LAN i can't resolv names on CP

    Yes i can ping the entire OPT1 network, but i can't open the  webpages oh the antennas.

    Yes in the allowed IP addresses i have about 70 antennas and about 20 Allowed Hostnames

    Nothing happens if i try to open http://10.10.10.10, my OPT1 address is 192.168.100/22

    My version of pfSense is 2.1.1

    0
  • Derelict
    LAYER 8 Netgate

    @assistenzanet95:

    @Derelict:

    So when LAN is disabled can CP clients resolve names?

    Can they ping OPT1 address?

    Do you have anything in Allowed IP addresses or Allowed Hostnames?

    What happens if you put http://10.10.10.10/ into a browser on a CP client?

    What version of pfSense is it?

    No when i disable LAN i can't resolv names on CP

    You have something hosed. You are going to have to post screenshots of all your interfaces, all your firewall rules, and all your CP settings. Could be one or more of of a 1000 different things.

    Yes i can ping the entire OPT1 network, but i can't open the  webpages oh the antennas.

    I presume antennas means access points. I don't know why you would want to be able to access your access point web interfaces from the portal network. Most people want the opposite.

    Yes in the allowed IP addresses i have about 70 antennas and about 20 Allowed Hostnames

    Again, no idea why you care about the access point web interfaces from the portal network.

    Nothing happens if i try to open http://10.10.10.10, my OPT1 address is 192.168.100/22

    The point is to eliminate the need for working DNS to get the portal page. If it doesn't come up it's broken. Again, screenshots of everything.

    My version of pfSense is 2.1.1

    Ancient. Upgrade. At least to 2.1.5 if you want to take small steps.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy