The most robust solution would be to add another NIC to your setup with an external access point of some sort. I've always had outstanding luck with Linksys WRT54G and DD-WRT firmware. Enable captive portal on the new interface. For your firewall rules, you would want rules allowing access out to DNS(port 53), HTTP(80), and HTTPS(443). If a wireless client is not authenticated with the CP, no traffic will pass out unless the destined IP is in the allowed list in the CP. You will need to make sure your clients are allowed to access DNS somehow.
Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 ----- Original Message ----- From: "Dane Reugger" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Thursday, January 31, 2008 10:40:23 AM (GMT-0600) America/Chicago Subject: [pfSense Support] Pfsense public intenet w/ authentication I have a small computer shop and would like to setup free / open access point so that clients can use it while in the shop. But I don't want it so open that my neighbors are using it for nefarious purposes. Can somebody recommend a configuration. My thoughts: Add another nic and a wireless router or access point w/ captive portal Add a wireless nic Ad-Hod w/ captive portal Setup up some sort of VLan w/ Access point Any recommendation on the route I should go? Another route? And a lazy questions (I've not really looked into it) - what is best / easiest way to lock this connection down to HTTP only. And will failure to log into the captive portal block all traffic or just prevent browsing? Thanks, -Dane --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]