Captive Portal

The Captive Portal works in a similar way to a WiFi hotspot in a public place. It presents WiFi users with a simple webpage, and prompted to agree to terms before gaining access to the network. If the user clicks on “OK, I agree!”, the gateway daemon changes firewall rules on the gateway and traffic passes for that client (based on its IP/MAC address). This prevents users from accessing the Internet without agreeing to Terms of Use.


The Captive Portal module is called “NoCatSplash”. Older versions were named “NoCatAuth”.

Captive Portal is ideal for public/semi-public networks, to remind users of the legal responsibilities linked to Internet access. The requirements are simple. That means it can also be useful when you simply want people to know whose network they are using. (Default: Disabled).


Enable function: enabling this makes FreshTomato users see a Welcome banner when they try to access the Internet.


Interface: lets you select a bridge interface on which Captive Portal will listen for connections.


Gateway Name: lets you specify the name of the gateway to appear in the Welcome banner.



Captive Site Forwarding: makes the “homepage” (see definition) appear until the user agrees to the Welcome Banner terms.


Home page: the URL that will appear after the user agrees to the Welcome Banner terms.


Welcome html Path: the path to the location of the Welcome banner .html page.


Logged Timeout: the period (in seconds) during which no Welcome banner appears when you access the device.
(Default: 3600s).


Idle Timeout: the period, (seconds), before the client sees the splash screen again, and agrees to the terms again.


Max Missed ARP: how many times a client can be missing in the ARP cache before the connection is closed.
(Default: 5).


Log Info Level: specifies how much detail will be included in log messages from this module.


(Default: 2).


Gateway Port: the port the Captive Portal will use for page redirection. (Ports 1 to 65534).

(Default: 5280).


Excluded/Included ports to be redirected: the port numbers you wish to be either:



Separate port numbers with blank spaces when configuring them.

Do not use Included and Excluded ports simultaneously. It can cause conflicts relating to whether ports are allowed or not.


URL excluded from the portal: enter URLs/links that can be accessed without the Welcome screen appearing.
Entries must be separated by spaces.


MAC address whitelist: enter the MAC addresses of clients to exclude from Portal functions.
These devices will have no barriers to Internet access. Entries must be separated by spaces.


Customized Splash File Path: lets you upload a personal Welcome banner to override the default one.


WARNING: If the Login Time expires, you must return to the splash page to regain network access.
After you click “OK, I Agree!”, nothing indicates when your usage period will expire.
You may lose Internet Access without warning.