前幾天,我把我的PFSENSE DEVICE由我筆電上的oracle virtualbox的虛擬環境,轉移到PC上的vmware vsphere 6.0的虛擬環境上.我主要是使用backup/restore設定檔的方式,搬移我的環境,另外為求區分,還換了Interface IP, 應該所有功能都正常,包括防火牆,squid proxy, squidguard (content filtering)都正常運作,唯獨captive portal我沒有測試,結果今早發現,我一台未被允許的EPC,竟然可以直接連線出去!!
我做了一些設定檢查的動作,但依然還是一樣的問題,同時在這個過程中,也了解了更多captive portal的要求,首先, USER由DHCP裡得到的IP,包括DNS的設定,必須指向到PFSENSE自己,否則CAPTIVE PORTAL的USER CLIENT,可能無法重導向回登入網頁,同時PFSENSE必須啟動DNS FORWARDER.
不過,這回我遇上的問題,應該和我換INTERFACE IP有關, 在我刪除掉PORTAL的ZONE,重新設定一次過後,就又恢復正常了!!
以下是官網看到的說明,
Captive portal not redirecting
If clients are not being redirected to the portal page when attempting to browse on an interface with captive portal enabled, it’s most always one of the following causes.
- DNS resolution not functioning – the clients on the captive portal interface must either be using the DNS forwarder on pfSense, on the IP of the interface where the client resides (which is the default configuration), or if using some other IP for DNS, it must be an allowed IP entry. If DNS fails, the browser never issues the HTTP request, hence it cannot be intercepted and redirected.
- Firewall rules on the captive portal interface do not allow the initial HTTP request – if the user is trying to browse to google.com, but HTTP connections are not allowed to google.com, the HTTP request will be blocked and hence cannot be redirected. Under Firewall > Rules, on the interface where captive portal is enabled, the traffic to be redirected must be allowed to pass. This is most commonly HTTP to any destination.
- The client has an HTTPS home page – The request must be to an HTTP site in order for the portal to redirect the client.