Chris Buechler wrote:
On Wed, Jun 8, 2011 at 1:22 PM, Roberto Nunnari
<roberto.nunn...@supsi.ch> wrote:
Hi all.
I'm new to pfSense, and I'd like to get some help.
I just trying to set up a captive portal using pfSense 2.0-RC1
Up to now it works like a charm and if our requirements will
be satisfied, we'll go with pfSense.
In any case, pfSense looks like a great software.
Congratulations to the developers and all contributors.
My setup should be something like this:
------------
| internet |
------------
|
-----------------------
| department firewall | --------------
----------------------- | freeradius |
| | --------------
| | |
| ------- dep. network -------
|
-----------
| pfsense |
-----------
| | |
| | --------- captive network 1 ----------
| --------- captive network 2 ----------
--------- captive network n ----------
I hope the above schema made it through correctly,
keeping spaces and monospaced font..
pfSense HW will have
- 1 nic on the dep. network
- 9 to 12 nic for captive networks (all ethernet)
Authentication will be done on a freeradius server
on the department network.
we would like to, and we I ask for the experts advice/hints:
1) be able to reach the administrative interface (http/ssh)
from the department network, that to my understanding
should be the wan interface.
Just need to add a firewall rule to allow that.
Ok. I remember I read somewhere that pfSense uses openbsd pf as firewall
even though it is based on FreeBSD. In any case I guess it's possible to
do it via the web interface, right?
2) given the wan nic address, as seen by the dep firewall,
be able to track down a client (or at least the captive network)
Either route the traffic so the original source IP is retained, or NAT
each subnet to a unique virtual IP. The former is probably better in
such an environment.
We do not enough public IPs, so we'd rather go with the latter, ie NAT
each subnet to a unique virtual IP. That should give us a way to track
down the public ip to a classroom (mapped to a captive network).
Is it possible to define the virtual ips for the wan nic via the web
interface, or is it necessary to go to the shell and/or edit files?
Thank you and best regards.
Robi
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org