there is an edit button so that one can edit their post.

I went into interfaces then opt1 and changed dhcp to static. After I saved it I could no longer connect to the wireless.

@BrainEater:

I'm going to try setting the gateway to 192.168.1.1…......

That may not help.

If the laptop is getting an IP address from pfSense it should also be getting the default gateway address from pfSense (and probably the IP address of the DNS server.) So, in your configuration, for a system connected to OPT1 the default gateway will be 192.168.3.1 (the pfSense OPT1 IP address). For broadcast media such as Ethernet and WiFi the default gateway needs to be on the same subnet as the interface in use unless you have a static route to the gateway through a system on the same subnet.

If you change the firewall rules you generally need to reset states to have the rule change take effect. See Diagnostics -> States, click on the Reset States tab. Did you reset firewall states?

For troubleshooting, from the pfSense console you could try pinging your laptop and pinging somewhere on the Internet. If both succeed then try pinging the same internet destination from the laptop. If the ping from the laptop doesn't succeed then look in the pfSense firewall log and system log to see if there are any "interesting" reports.

The interface does not require an IP address for it to show as enabled/working.

What is the interface's status on Status: Interfaces?

there are pci based dsl modems that are still sold (unlike pci cable modems which are not sold anymore)

the pci dsl modems are around $120 USD+, you would be best to bridge (disable the router portion of it) the dsl gateway and use it as a modem only.

Yes From your topic i have learned many more things. thanks

The router hardware is going to be determined by the bandwidth available and the packages you use.  Adding something like snort will dramatically increase the hardware requirements.

As to the wireless, most vendors recommend no more than 25 clients per AP.  My personal recommendation would be something more along the lines of 15-20.

I've had really good luck with Netgear's ProSafe APs & Wireless Controllers.  They're a high-quality but cheap alternative to something like Cisco hardware.  You can do multiple SSIDs and forcibly tag them with VLANs which can then be routed, filtered, etc. by your pfSense box.

@Citymesh:

I found the issue. It seems that some Atheros chipsets are just not supported. I used other wifi cards and the work without any issue.

That the ath driver apparently recognised the chipset on the card and claimed ownership suggests that the driver is erroneously recognising a chipset it doesn't really know about OR the card is broken. In the interests of better understanding the problem it would be helpful if you could put the card back in the system, reboot, collect the output of the two shell commands:

# dmesg # pciconf -l

and post it here. Its possible there is something about your card (a different chipset revision for example) that requires a driver tweak.

@Citymesh:

Any idea on the ATH9K kernel development? Will it be completed soon?

That question would probably be better asked in an appropriate FreeBSD forum.

There is no support for "wireless N" cards in pfSense 1.2.3.

There is some support for some "wireless N" cards in pfSense 2.0 which is still under development.

In common with many open source projects, with pfSense it is better to check the support for a particular piece of hardware before buying it rather than buy the hardware and then look for support.

http://doc.pfsense.org/index.php/Supported_Wireless_Cards describes some of the problems with recommending particular wireless cards.

My usual source for finding the type of chipset in wireless cards (http://linux-wless.passys.nl/) doesn't appear to list your card. Unless you are prepared for the discomfort and discouragement of being a pioneer you would probably be better off using a TP-Link TL-WN651G (PCI card, uses Atheros chipset) or Tenda W54P. I've had satisfactory experience with the TP-Link TL-WN651G on pfSense 1.2.3 but others have been less impressed. I have no experience with the Tenda W54P but the chipset it apparently uses is supported in pfSense 1.2.3. In USB devices I've had good experience with light usage of TP-Link TL-WN321G and D-Link DWL-G122 rev C1 (both supported by rum driver) in pfSense 1.2.3 but the rum driver in snapshot builds of pfSense 2.0 is broken for hostap and ad-hoc modes.

@gilbertoyee:

i need know how many users simultaneous support one PCI WIFI on Pfsense AP Mode.

It depends on what you want them to be able to do. If you want the users to be able to simultaneously watch streamed high definition video the answer is probably one (maybe!). If you want them to be able to concurrently browse public web sites that are mainly text then I suspect the answer could be hundreds (provided your bandwidth to the internet is high enough).

You can always add an additional card to get more bandwidth (but don't have them using overlapping radio frequencies).

@gilbertoyee:

what PCI card wifi is good?

On pfSense 1.2.3 I've had good results with a Atheros based card, the TP-Link TL-WN651G, on my home network where I've probably had no more than six concurrent users. Others have been less happy with their Atheros based card.

On pfSense 2.0 BETA I've been using a Ralink RT-2561 based card from Gigabyte which seems to be no longer available. The Tenda W54P and ASUS G31 seem to use a similar chipset. I haven't given the wireless interface on this setup  any serious work.

It should work.

@cruzades:

after I plugged-in the USB Adapter into the USB port of pfsense box luckily it was detected,

But which driver recognised it? If ugen, then its not a supported adapter.

It took me a while to set it up and fine tuning it.
Exactly what i needed !
I've just added a syslog-ng  to keep the logs.

Thanks again leoalfa09

@wallabybob:

OK, so your earlier report that you can't ping a computer on the LAN from a computer on the wireless is no longer current?

sorry i miss read that from the wireless to lan computer i get no reply. from lan computer to wireless computer i get 100% reply.

@danswartz:

you're missing the key point though: if you have a default "allow any" rule, there IS no extra control, so you are complicating your setup for no real gain.

i understand what you are saying and it does make since. if i put the wireless on the lan do i need to bridge it with anything or just plug it in and good to go?
nvm  thats a dumb question once i think about it im going to hook the wireless into the Lan. if i ever need to add some restrictions to it i might move it back.

and amazing enough it worked perfectly thanks a lot for all your help many next time i have to do this kind of stuff i will be more familiar with the firewall rules.

I found it easy enough to add a wireless interface to pfSense AFTER I had been using it with wired interfaces for some weeks. After installation of the hardware (assuming its supported by the underlying FreeBSD) there are just a couple of clicks in the web GUI to tell pfSense that the new interface is available for pfSense to use ad then filling in the configuration screen for the interface.

1. Those two connectors should be labeled MAIN and AUX. If you use only one antenna, use the MAIN connector.
2. Using two antennas you can take benefit of antenna diversity (assuming you are using omnidirectional antennas).

Didn't notice that the first time - I think you may be right (the gateway entry.)

Tell us about your clients. I'm aware of a couple of quirky issues with wireless encryption with my pfSense acting as an access point

1). A Windows Vista laptop that suddenly stopped seeing DHCP responses. It needed a registry tweak to get it working again. I can't say for certain but my guess is that an automatic Windows Update broke something. A tcpdump on pfSense showed the DHCP requests from the windows client (suggesting the encryption wasn't the problem) but there was no sign the client was acting on the DHCP response I could see in the trace.

A netbook running gOs (based on Ubuntu 8.04) worked fine with WAP2 encryption and pfSense WPA Pairwise set to Both. The netbook was upgraded to Ubuntu Netbook 10.04 and the WAP2 encrypted wireless link wouldn't come up using the internal VIA WiFi adapter. The WAP2 encrypted wireless link came up when I plugged in a Ralink based USB WiFi adapter. I changed the pfSense AP WPA Pairwise setting to AES and the internal WiFi adapter worked fine on the encrypted link.

I should mention the repeater config:

<pfsense><version>3.0</version>
<lastchange><theme>pfsense</theme>
<system><optimization>aggressive</optimization>
<hostname>node2</hostname>
<domain>wifi.local</domain>
<username>root</username>
<password>pass</password>
<timezone>EST5EDT</timezone>
<time-update-interval><timeservers>pool.ntp.org</timeservers>
<webgui><protocol>https</protocol>
<port><certificate><private-key></private-key></certificate></port></webgui>
<disablenatreflection>yes</disablenatreflection>
<enablesshd>yes</enablesshd>

<maximumstates>20000</maximumstates>
<dnsserver>10.0.1.1</dnsserver></time-update-interval></system>
<interfaces><lan><if>ath0</if>
<mtu><media><mediaopt><bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<wireless><standard>11g</standard>
<mode>adhoc</mode>
<protmode>rtscts</protmode>
<ssid>WiFi</ssid>
<channel>6</channel>
<authmode><txpower>99</txpower>
<distance>9000</distance>
<wpa><macaddr_acl><auth_algs>1</auth_algs>
<wpa_mode>1</wpa_mode>
<wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
<wpa_pairwise>CCMP TKIP</wpa_pairwise>
<wpa_group_rekey>60</wpa_group_rekey>
<wpa_gmk_rekey>3600</wpa_gmk_rekey>
<passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></macaddr_acl></wpa></authmode></wireless>
<spoofmac><ipaddr>10.129.0.1</ipaddr>
<subnet>24</subnet>
<bridge><disableftpproxy></disableftpproxy></bridge></spoofmac></mediaopt></media></mtu></lan>
<wan><if>vr0</if>
<media><mediaopt><bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<bridge><use_rrd_gateway><spoofmac><mtu><disableftpproxy><ipaddr>10.0.1.1</ipaddr>
<subnet>24</subnet>
<gateway>10.0.1.1</gateway></disableftpproxy></mtu></spoofmac></use_rrd_gateway></bridge></mediaopt></media></wan></interfaces>
<staticroutes><route><interface>lan</interface>
<network>0.0.0.0/1</network>
<gateway>10.129.0.1</gateway></route>
<route><interface>lan</interface>
<network>10.0.0.0/24</network>
<gateway>10.129.0.1</gateway></route></staticroutes>
<pppoe><pptp><bigpond><dyndns><type>dyndns</type>
<username><password></password></username></dyndns>
<dhcpd><lan><range><from>192.168.1.100</from>
<to>192.168.1.199</to></range>
<defaultleasetime><maxleasetime><netmask><failover_peerip><gateway></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></lan></dhcpd>
<pptpd><mode><redir><localip></localip></redir></mode></pptpd>
<ovpn><dnsmasq><enable></enable></dnsmasq>
<snmpd><syslocation><syscontact><rocommunity>WiFi</rocommunity>
<modules><mibii><netgraph></netgraph></mibii></modules>
<enable><pollport>161</pollport>
<trapserver><trapserverport><trapstring></trapstring></trapserverport></trapserver></enable></syscontact></syslocation></snmpd>
<diag><ipv6nat></ipv6nat></diag>
<bridge><syslog><nat><ipsecpassthru><enable></enable></ipsecpassthru>
<advancedoutbound><rule><source>
<network>10.129.0.0/24</network>

<sourceport><descr>Auto created rule for LAN</descr>
<target><interface>lan</interface>
<destination><any></any></destination>
<natport></natport></target></sourceport></rule>
<rule><source>
<network>10.129.0.0/24</network>

<sourceport><descr>Auto created rule for LAN</descr>
<target><interface>wan</interface>
<destination><any></any></destination>
<natport></natport></target></sourceport></rule>
<rule><source>
<network>any</network>

<sourceport><descr><target><interface>lan</interface>
<destination><any></any></destination>
<natport></natport></target></descr></sourceport></rule>
<rule><source>
<network>any</network>

<sourceport><descr><target><interface>wan</interface>
<destination><any></any></destination>
<natport></natport></target></descr></sourceport></rule></advancedoutbound></nat>
<filter><rule><type>pass</type>
<interface>wan</interface>
<max-src-nodes><max-src-states>5000</max-src-states>
<statetimeout><statetype>keep state</statetype>
<os><protocol>tcp/udp</protocol>
<source>

<address>10.0.1.0/24</address>

<destination><address>10.0.1.0/24</address>

<port>698</port></destination>
<descr>olsr:,sta:5k,tim:u</descr></os></statetimeout></max-src-nodes></rule>
<rule><type>pass</type>
<interface>wan</interface>
<max-src-nodes><max-src-states>5000</max-src-states>
<statetimeout>3600</statetimeout>
<statetype>keep state</statetype>
<os><source>

<address>10.0.1.1</address>

<destination><any></any></destination>
<descr>gw-from:,sta:5k,tim:1h</descr></os></max-src-nodes></rule>
<rule><type>pass</type>
<interface>wan</interface>
<max-src-nodes><max-src-states>2000</max-src-states>
<statetimeout>3600</statetimeout>
<statetype>keep state</statetype>
<os><source>
<any><destination><address>10.0.1.1</address></destination>
<descr>gw-to:,sta:2k,tim:1h</descr></any></os></max-src-nodes></rule>
<rule><type>pass</type>
<interface>wan</interface>
<max-src-nodes><max-src-states>2000</max-src-states>
<statetimeout>3600</statetimeout>
<statetype>keep state</statetype>
<os><source>
<network>lanip</network>

<destination><any></any></destination>
<descr>gw-to:,sta:2k,tim:1h</descr></os></max-src-nodes></rule>
<rule><type>pass</type>
<interface>wan</interface>
<max-src-nodes>40</max-src-nodes>
<max-src-states>1000</max-src-states>
<statetimeout>1800</statetimeout>
<statetype>keep state</statetype>
<os><source>
<any><destination><any></any></destination>
<descr>*,con:40,sta:1k,tim:30m</descr></any></os></rule>
<rule><type>pass</type>
<interface>lan</interface>
<max-src-nodes><max-src-states>5000</max-src-states>
<statetimeout>3600</statetimeout>
<statetype>keep state</statetype>
<os><source>

<address>10.0.1.1</address>

<destination><any></any></destination>
<descr>gw-from:,sta:5k,tim:1h</descr></os></max-src-nodes></rule>
<rule><type>pass</type>
<interface>lan</interface>
<max-src-nodes><max-src-states>2000</max-src-states>
<statetimeout>3600</statetimeout>
<statetype>keep state</statetype>
<os><source>
<network>lanip</network>

<destination><any></any></destination>
<descr>gw-to:,sta:2k,tim:1h</descr></os></max-src-nodes></rule>
<rule><type>pass</type>
<interface>lan</interface>
<max-src-nodes>40</max-src-nodes>
<max-src-states>1000</max-src-states>
<statetimeout>1800</statetimeout>
<statetype>keep state</statetype>
<os><source>
<any><destination><any></any></destination>
<descr>,con:40,sta:1k,tim:30m</descr></any></os></rule>
<rule><interface>enc0</interface>
<type>pass</type>
<source>
<any><destination><any></any></destination>
<descr>Permit IPSEC traffic.</descr>
<statetype>keep state</statetype></any></rule></filter>
<ipsec><preferredoldsa></preferredoldsa></ipsec>
<aliases><proxyarp><wol><installedpackages><revision><description>/system_routes_edit.php made unknown change</description></revision>
<cron><minute>0</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 newsyslog
<minute>1,31</minute>
<hour>0-5</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 adjkerntz -a
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
<minute>1</minute>
<hour>1</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1800 snort2c
<minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/local/bin/checkreload.sh</cron>
<rrd><enable></enable></rrd></installedpackages></wol></proxyarp></aliases></syslog></bridge></ovpn></bigpond></pptp></pppoe></lastchange></pfsense>

dnsmasq is:

Save file as: /root/dnsmasq.conf Find ".N." Replace "N" with IP Number (2-254).

domain-needed
bogus-priv
interface=vr0
interface=ath0
bind-interfaces
expand-hosts
domain=olsr
dhcp-range=sis0,10.0.1.10,10.1.0.250,255.255.255.0,7200
dhcp-range=ath0,10.129.0.10,10.129.0.250,255.255.255.0,300
dhcp-option=119,olsr
dhcp-lease-max=254
no-negcache

Started with:

#!/bin/sh

Save file as:  /usr/local/etc/rc.d/dnsmasq.sh TURN OFF DHCPD - Verify DHCP Server is disabled on all interfaces.

killall dnsmasq
/usr/local/sbin/dnsmasq -C /root/dnsmasq.conf -l /var/dhcpd/var/db/dhcpd.leases -s wifi.local

olsrd is:

Save file as: /root/olsrd.conf Find ".N." Replace "N" with IP Number (1-254).

DebugLevel 0
IpVersion 4
ClearScreen yes
Hna4
{
    #0.0.0.0 0.0.0.0
    10.0.1.0 255.255.255.0
    10.129.0.0 255.255.255.0
}
AllowNoInt yes
Willingness 6
IpcConnect
{
    MaxConnections  0
    Host            127.0.0.1
}
UseHysteresis no
LinkQualityLevel 2
LinkQualityWinSize 100
Pollrate 0.1
TcRedundancy 2
MprCoverage 7
LoadPlugin "/usr/local/lib/olsrd_httpinfo.so.0.1"
{
    PlParam    "port"  "8069"
    PlParam    "Net"    "0.0.0.0 0.0.0.0"
}
Interface "ath0"
{
    HelloInterval 5.0
    HelloValidityTime 90.0
    TcInterval 2.0
    TcValidityTime 270.0
    MidInterval 15.0
    MidValidityTime 90.0
    HnaInterval 15.0
    HnaValidityTime 90.0
}
Interface "vr0"
{
    HelloInterval 5.0
    HelloValidityTime 90.0
    TcInterval 2.0
    TcValidityTime 270.0
    MidInterval 15.0
    MidValidityTime 270.0
    HnaInterval 15.0
    HnaValidityTime 90.0
}

Started with:

#!/bin/sh

Save file as: /usr/local/etc/rc.d/olsrd.sh Optional: mount -w /  chmod 555 /usr/local/etc/rc.d/olsrd.sh

cp /root/olsrd.conf /var/etc/
killall olsrd
sleep 1
olsrd -f /var/etc/olsrd.conf &