Re: [pfSense] My son is able to bypass my captivate portal
You can set a nat forward on dns port to force all dns request to go to a specific address. FirewallNAT Interface LAN (or your internal interface you wish to use) Protocol TCP/UDP Destination: Any Destination Port Range: 53 Redirect Target IP: Where you want it to go, Perhaps OpenDNS address. I think you could put the IP of the router in there. I never tried it like that. This may or may not fix the captive portal issue, but should let you use opendns for all dns queries. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] My son is able to bypass my captivate portal
I don’t have the brain power to rewrite this right now… but this page is pretty well written: http://en.wikipedia.org/wiki/Captive_portal Basically it takes a DNS call the first time and goes elsewhere. then it corrects itself. If he’s got a different DNS set up then either CP does not work or, potentially, it could be bypassed. — Ryan On May 11, 2014, at 8:04, Wajih Ahmed wajih.ah...@gmail.com wrote: He plays online games and i don't see him logged in the captivate portal. Furthermore i have some MAC address that i allow to passthough but i have checked and he doesn't seem to be duplicating them. Does the captivate portal cover all ports or specific one? Regards ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] My son is able to bypass my captivate portal
My Samsung Chromebook bypasses my router/OpenDNS because it has it's own DNS entries. Yudhvir Basically it takes a DNS call the first time and goes elsewhere. then it corrects itself. If he’s got a different DNS set up then either CP does not work or, potentially, it could be bypassed. — ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] My son is able to bypass my captivate portal
On May 11, 2014 1:37:01 PM CDT, Mehma Sarja mehmasa...@gmail.com wrote: My Samsung Chromebook bypasses my router/OpenDNS because it has it's own DNS entries. Yudhvir Basically it takes a DNS call the first time and goes elsewhere. then it corrects itself. If he’s got a different DNS set up then either CP does not work or, potentially, it could be bypassed. — ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list The simple solution is to block all outbound DNS at the firewall, but this can also break things (like some Google and Apple devices). Even broken devices usually have a fallback mode, but be careful of what breaks when you do this! -Adam -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] My son is able to bypass my captivate portal
Correct. Using this feature will break any client with a hard-defined DNS - as we found out in testing at the bar. On May 11, 2014, at 13:48, Adam Thompson athom...@athompso.net wrote: On May 11, 2014 1:37:01 PM CDT, Mehma Sarja mehmasa...@gmail.com wrote: My Samsung Chromebook bypasses my router/OpenDNS because it has it's own DNS entries. Yudhvir Basically it takes a DNS call the first time and goes elsewhere. then it corrects itself. If he’s got a different DNS set up then either CP does not work or, potentially, it could be bypassed. — List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list The simple solution is to block all outbound DNS at the firewall, but this can also break things (like some Google and Apple devices). Even broken devices usually have a fallback mode, but be careful of what breaks when you do this! -Adam -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] My son is able to bypass my captivate portal
Am 11.05.2014 21:28, schrieb Ryan Coleman: The simple solution is to block all outbound DNS at the firewall, but this can also break things (like some Google and Apple devices). Even broken devices usually have a fallback mode, but be careful of what breaks when you do this! Correct. Using this feature will break any client with a hard-defined DNS - as we found out in testing at the bar. (Guys, could we please use proper quoting etiquette instead of full-quoting and alternating top- and bottom-posting?) I've never tried this in combination with a captive portal, but how about redirecting *:53 to the pfsense DNS with a NAT rule that listens on LAN instead of WAN? Would that break the captive portal setup? -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] My son is able to bypass my captivate portal
Am 11.05.2014 21:48, schrieb Stefan Baur: Am 11.05.2014 21:28, schrieb Ryan Coleman: The simple solution is to block all outbound DNS at the firewall, but this can also break things (like some Google and Apple devices). Even broken devices usually have a fallback mode, but be careful of what breaks when you do this! Correct. Using this feature will break any client with a hard-defined DNS - as we found out in testing at the bar. (Guys, could we please use proper quoting etiquette instead of full-quoting and alternating top- and bottom-posting?) I've never tried this in combination with a captive portal, but how about redirecting *:53 to the pfsense DNS with a NAT rule that listens on LAN instead of WAN? Would that break the captive portal setup? -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list I have a setup where i use this together. Rewrite all dns traffic to the pfSense and capture all clients with the CP. Works quite well. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] My son is able to bypass my captivate portal
I’ll expand this: My email client defaults to top-reply. I have not found a way to fix that. My mobile client is top-reply only. Removing the cruft - I do that when necessary but when it’s a main reply to the content, no. Footers are 4 lines long, not enough to make even the most stringent of ISP and mobile data plans wince. We don’t include images (the biggest of all data hogs) or html in our emails. On May 11, 2014, at 15:48, Ryan Coleman ryanjc...@me.com wrote: No. On May 11, 2014, at 14:48, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Am 11.05.2014 21:28, schrieb Ryan Coleman: The simple solution is to block all outbound DNS at the firewall, but this can also break things (like some Google and Apple devices). Even broken devices usually have a fallback mode, but be careful of what breaks when you do this! Correct. Using this feature will break any client with a hard-defined DNS - as we found out in testing at the bar. (Guys, could we please use proper quoting etiquette instead of full-quoting and alternating top- and bottom-posting?) I've never tried this in combination with a captive portal, but how about redirecting *:53 to the pfsense DNS with a NAT rule that listens on LAN instead of WAN? Would that break the captive portal setup? -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list