[block websurfing to unauthoriced users]

Hi all. Perhaps this is not the correct way to do this, so sorry.

I use CP to block websurfing to unauthoriced users, but would be desirable to allow some services to cross CP (like smtp, rdp, etc), since I haven't configured a DMZ, to permit some servers to connect to internet, but without websurfing.

So will be a good improvement to allow to config some services to cross CP without authentication (something like "allowed hostames" tab, but with ports )

Great job!! Many thanks!!

I think if you just need block web surfing, I have new choice for your consider.
let you see squid+squidGuard package, it can handle for block and bypass the website by user password and you also can specific the ip group. it easy over than CP.   

add automatic redirect in 5 sec
edit file captiveportal.inc

add new meta tag in section of <HEAD>.......</HEAD>

<META http-equiv="REFRESH" content="5;url=<?=\$my_redirurl;?>">

ex.
<HTML>
<HEAD>
<TITLE>{$g['product_name']}</TITLE>
<META http-equiv="REFRESH" content="5;url=<?=\$my_redirurl;?>">
</HEAD>
<BODY>

There have been exactly two changes to functions.inc in the past two years, and none of them were anywhere near the second line you received the error about.

Something definitely happened to just your system, and then your browser probably cached the error. This was never a problem for anyone else as far as I'm aware.

I think so that cause nobody said about that before I will try in many more...  thank for share )

no body idea here???
by the way, today i tried to install release 2.01 and make an upgrade to 2.1 beta. all working correct and perfect.... no any error message..

no any package installed in it, pure clean install not from update. after i login in gui mode it will show wizard page and look like redirect to other page and that error show up. will capture in vdo after moment in new snapshot

//==== Add VDO with snapshort pfSense-2.1-DEVELOPMENT-4g-i386-nanobsd-20120612-0515.img ====//
http://youtu.be/GBDyTgtgmd8

PS. on case of no ip for wan will take more long waiting time...

try with new snapshort, problem still remain. any idea??



pfSense-2.1-DEVELOPMENT-4g-i386-nanobsd-20120611-2204.img
Alix 3d2 system board

Hi all,
I got this message on GUI first page (after login page), anybody face with this??


snapshort pfSense-2.1-DEVELOPMENT-4g-i386-nanobsd-20120610-1718.img
alix3d2 system board

after play a moment with my 3G usb I got a real information about it, my usb 3g is E173s so it did not support current by PF-Sense.

and I got something from http://www.draisberghof.de/usb_modeswitch/bb/viewtopic.php?t=552

Code:

# Huawei E173s

DefaultVendor=  0x12d1
DefaultProduct= 0x1c0b

TargetVendor=  0x12d1
TargetProduct= 0x1c05

CheckSuccess=20

MessageEndpoint= 0x0f
MessageContent= "55534243000000000000000000000011060000000100000000000000000000"

any body have idea?

[dmesg | grep usbus1]

hi all
I need somebody guide me to resolve my problem. I have HUAWEI E173 and I already read on http://doc.pfsense.org/index.php/Known_Working_3G-4G_Modems, so I not sure about my E173 is really support with PF-Sens 2.01. and how I do next.

dmesg | grep usbus1

usbus1: EHCI version 1.0
usbus1: <AMD CS5536 (Geode) USB 2.0 controller> on ehci0
usbus1: 480Mbps High Speed USB v2.0
ugen1.1: <AMD> at usbus1
uhub1: <AMD EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus1
Root mount waiting for: usbus1 usbus0
Root mount waiting for: usbus1
ugen1.2: <HUAWEI> at usbus1
umass0: <HUAWEI HUAWEI Mobile, class 0/0, rev 2.00/1.02, addr 2> on usbus1
umass1: <HUAWEI HUAWEI Mobile, class 0/0, rev 2.00/1.02, addr 2> on usbus1

usbconfig -d ugen1.2 dump_device_desc

ugen1.2: <HUAWEI Mobile HUAWEI> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON

  bLength = 0x0012
  bDescriptorType = 0x0001
  bcdUSB = 0x0200
  bDeviceClass = 0x0000
  bDeviceSubClass = 0x0000
  bDeviceProtocol = 0x0000
  bMaxPacketSize0 = 0x0040
  idVendor = 0x12d1
  idProduct = 0x1c0b
  bcdDevice = 0x0102
  iManufacturer = 0x0002  <HUAWEI>
  iProduct = 0x0001  <HUAWEI Mobile>
  iSerialNumber = 0x0000  <no string>
  bNumConfigurations = 0x0001

Thank you

Thanks zcache for your response.
I will be trying your suggestions in the next couple of hours.
One thing I want to confirm. You have mentioned that I can add allowed hostnames. But what happnes when a user browse to a non allowed hostname?
I do want to force them to access the same host no matter what they type on the browser - sort of DNS poisoning
Will this be achievable?

browse to other from registered host will immediately asking for authorize code

hi..
after running captive portal a while, I look at radacct table I feel some time data package is not correct look at a picture, is it a bug??

Hi   
I think your requirement can handle on pfsense
1. yes, you can. in captive portal of pfsense you can make allow access to other host name with out any authenticate follow by
Services: Captive portal -> look allowed Hostnames tab
other address of your design host will asking for password.
2. not sure.
3. complete in 1.
let try 

Hi all,
many few day ago I tried to make a modified captive portal code in section of logout page to avoid a popup logout windows. and I tried with my office, it's working correct with feature.
1. no popping up windows
2. call back a logout page by address like 192.168.0.1:8000
completely testing on pfsense release 2.0 x86 platform

so would like to share with other platform maybe helpful. 

Download Captiveportal.rar code
it containing with 3 files
- captiveportal.inc
original location \etc\inc\

- index.php
original location \usr\local\captiveportal

- services_captiveportal.php
original location \usr\local\www

to make a try, turn off your captive portal first, replace those files with correct location and start your captive again
pls. share is it working with other??


** post move from http://forum.pfsense.org/index.php/topic,38856.0.html

Hi zcache, the files posted are not working ... can u repost it again . Thanks

post remove to http://forum.pfsense.org/index.php/topic,41845.0.html

I also face with this.. not yet solve till now.... any guru pls, guide how to manual page logout..

post remove to http://forum.pfsense.org/index.php/topic,41845.0.html