Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Multiple Captive Portal zones and network interfaces
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multiple Captive Portal zones and network interfaces (Read 760 times)
GeoffW
Newbie
Posts: 29
Karma: 0
Multiple Captive Portal zones and network interfaces
«
on:
January 07, 2023, 11:31:54 am »
Having just solved a problem that's been bugging me half the day I thought I would share. Maybe the behaviour should have been expected and obvious, but it wasn't to me.
OPNsense 22.7 with WAN, LAN and DMZ interfaces. Also two separate Captive Portal zone definitions, one for LAN and one for DMZ, and each defined a few addresses (that being the only option) that could access the network without seeing the login screen.
I could have used just one captive portal zone, but since I find the interface for managing allowed devices to be a bit cramped and awkward, I thought it would be easier to use separate zones ... and therein lies the problem.
I later introduced a firewall rule to let LAN devices access a HTTP server on the DMZ and it didn't seem to be working. What I found was that a connection would make to the server, but the responses never got back. It appears Captive Portal was blocking it.
The device in question did have its address in the LAN Captive Portal zone, but did not have it in the DMZ Captive Portal zone. As soon as I added it there too, the connection started working.
All good, I have merged the two Captive Portal zones into one, so I have just one list of device exceptions, and now I can move on. In my situation this arrangement is not going matter very much, but I can imagine it could be inconvenient in some more complex networks.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Multiple Captive Portal zones and network interfaces