Forgot your password?
Or sign in with one of these services
Wellan, 13 May 2014
Posted 13 May 2014
I'm a student and have to configure a captive portal for my project using pfsense.
My project is to configure a '' WAN network '' but on a private lab. For that, I need to configure a UNREAL Tournament game server on a DMZ, and the clients are separated from it by another router and can access it in order to play it.
It's simpler with a picture so the network I have is the following :
So, what I want to do, is telling the clients that as long as they are not authenticated by the captive portal, they can't access to the network and therefore they can't access the game.
The problems are : I dont have a dedicated machine to run pfsense so I have to run it on VMs, and my all network doesnt have internet access.
I've managed to do this so far :
NIC1 is my WAN interface and NIC2 is my LAN interface.
I can access the webConfigurator.
But from the LAN I can't ping the WAN interface.
THe LAN interface is setup as 192.168.1.1, DHCP Disable because I have my own DHCP server on the ROUTER 1
The WAN interface is setup statically as 192.168.10.2 and upstream gateway is 192.168.10.1.
I'm pretty sure the problem is from this WAN interface setup but I don't know how to fix it really so some help would be nice.
"and my all network doesnt have internet access."
What does this mean - you clearly have internet.. Since you posted this?
What does the internet have to do with anything if "your" running the game server? This could be all done on vm.. So both routers are pfsense? Everything even the clients could be vms
You show 2 routers, and your pfsense vm? So there are 3 routers? So this router1 and router2 and the game server all reside in physical?
And the host your on is on this 192.168.10.0/24 network? And your clients that need to get to the game server are going to be physical or vms?
This means, my host machine has internet access but I can't allow VMs to have the access because this is an university network with so much restrictions.
No both routers are ciscos, the only reason I'm using pfsense is to do the captive portal.
Kinda hard to explain but I hope it's understandable.
And yeah everything is physical except the clients who plays the game from Virtual Machines and the pfsense
Is your host connected to this switch that is the 192.168.10.0/24 network? From the drawing its not.
You have a line from the 192.168.10.0/24 switch to pfsense -- but to what?
You say your lan can not ping what wan? Pfsense 192.168.10.2? Can pfsense ping 192.168.10.1?
The host machine is not connected to the 192.168.10.0/24 network because I can't touch any ethernet interfaces -.-
I forgot on the drawing that the VMs are connected to the switch, all of them.
Also I need to know, with my setup , the VM clients should have an IP address like 192.168.10.x with 192.168.10.1 gateway or 192.168.1.x with 192.168.1.1 gateway ?
Sorry i'm new to this and really confused.
When my VM client has the address 192.168.10.x I can ping the WAN interface but not the lan and vice-versa.
Pfsense can't ping 192.168.10.1
"The host machine is not connected to the 192.168.10.0/24 network because I can't touch any ethernet interfaces -.-"
Then how and the F is pfsense suppose to be able to talk with 192.168.10.1 ?? So that it can then talk to the game server?? Magic??
So you have no wire that runs from this switch to the host box that pfsense is running vm on? Then how do you show a wire from that switch to pfsense??
The host that is running your VM software, that pfsense is a vm on has to have a physical connection to that switch 192.168.10.0/24 or it is not possible for pfsense to be connected to that network - yet you show a line.. Your pc does not have to have an IP in that network.. But it needs a physical connection so that your vm can connect.
what are the current connections on your host machine?
Here like this
BTW that 172.108 is a public IP space.. rfc1918 space that starts with 172.16-31.x.x
BTW why are you doing nat on the other routers? Are you not just pretending those are internet services - the nat is of no point when everything is rfc1918 space.. Is that really 172.108 public IP space?
Ok that was pretty stupid from me. I did the config with my personal laptop, which means I don't have internet access though :
WAN Interface : Bridged : Configured by DHCP ( because the ROUTER 1 does DHCP server ) : address 192.168.10.7 , gatewway : 192.168.10.1.
LAN Interface : Internal network intnet : 192.168.1.1.
so pfsense can now ping 192.168.10.1.
Although, from my client VM which is setup as 192.168.10.8 with 192.168.10.1 gateway. The VM is on my personal laptop and is in Internal network intnet.
When i try to ping the WAN interface of pfsense ( which is now 192.168.10.7 ) it says " Destination host unreachable. "
So now, is this a route problem or something else ? I'm so lost with VMs
( I also tried with VM setup as 192.168.1.8 and gateway 192.168.1.1 , because it makes more sense, and it says Request timed out )
EDIT : Didnt see your last post, 172.108 is a public space but the lab where i'm working is like isolated from the rest so i can put any IP addresses I want, this part will actually be a DMZ later on
Hm ok thanks for all the answers.
With all your help I managed to make it work so thanks a lot !
Posted 14 May 2014
Hm actually I had to find a free captive portal solution , considering most of the computers in the lab are using windows I thought of Firstpot but it was not free and then I found pfsense which seemed pretty simple to use. Then my supervisors agreed with that solution even if they didn't know pfsense can be used as a captive portal lol
Posted 15 May 2014
Nice -- so lets hear about that A when you get it ;)
Posted 3 Jun 2014
Well, the project is not finished yet and I have another problem and I don't know how to fix it again -_-
So, once I did the captive portal and radius everything works fine if I have internet, but considering in my test lab I don't have internet, I can't use the ISP DNS so the redirection to the captive portal does not work.
That's why I installed the bind service. I configured it like this http://ejnetwork.wordpress.com/2014/01/17/blocking-domains-with-pfsense-using-bind/.
I am really new to DNS configurations and I still don't know if it is possible to redirect every http or https request to the captive portal. For now if a user enter an IP address in the URL I am able to redirect it but if he types in any domain name like "rjwiepjpweihgpwerihgew" for exemple it doesn't work.
So I think it's coming from the DNS server that I configured badly but I don't really know.
Sorry again and thank you in advance
And why can you not just use the built in dns of pfsense, you can create host over rides for anything you want.. This would be the common setup for using pfsense.. Yes you would have pfsense forward to something for public dns like your isp or googledns, opendns, etc..
But for testing you can create whatever host records you need.. For example if you want www.google.com to resovle to 18.104.22.168 its a simple over ride. While I love Bind, and it is the golden standard for dns - its not something you start using without some decent understanding of the underlaying principles of dns, etc..
I really would suggest you use pfsense built in dns..
Pinging www.google.com [22.214.171.124] with 32 bytes of data:
I use bind because I have basic linux knowledges and the point of my project is to know more about this, my supervisors just said " use bind " so I did lol
THe only point of that is actually this :
A client will access our game server, but he can't access it as long as he doesn't authenticate himself on the captive portal.
So i saw that on BIND I can modify the file /etc/hosts and tell him like this : " 126.96.36.199 gameserver "
So then, if i try to connect onto 188.8.131.52, does the captive portal webpage is supposed to pop ?.
Posted 5 Jun 2014
Oh ok i definitely didn't understand a damn thing ahah thank you.
Yes my client needs to go on my game server. His fqdn is GameServer-HP. I wanted to use the pfsense bind package as a local DNS to resolve it.
But if i understood everything correctly, which I am really not sure, if the clients wants to connect to the gameserver he will be redirected to the captive portal webpage if I set up the host file ? I don't even need a local DNS ??
I'm really sorry for all these questions and I'm really grateful for all the help budman thank you !
You need to be a member in order to leave a comment
Sign up for a new account in our community. It's easy!
Already have an account? Sign in here.
No registered users viewing this page.
Existing user? Sign In