Trying to get 2nd Interface for Wifi

JollyCloudyCheergoose

I'm trying to get a 2nd Interface for my Wifi Router to work with pfSense. Forget about the router for a second, I can't even get the same PC to get internet plugged into that interface. I can connect to the pfSense router though through that interface, just not outside net.

These are the settings, please take a look and let me know what I'm doing wrong. It's probably something with the firewall rules

gabacho4

@jollycloudycheergoose your rule denying access to 192.168.2.1 in its entirety won’t work because I am going to assume your pfsense is functioning as the DNS server. So right now, any client that tries to reach 192.168.2.1 to resolve a website like Google.com is being denied, cannot therefore get the IP address of the site, and so your client has no internet.

Based on the previous thread with the other router that stopped working suddenly, I think you’d be very well served to do some studying up about what goes on within a network as your firewall rule would suggest somewhat of a lack of knowledge there.

the other

Hi there,
you might want to read more about...

...Aliases (first screenshot), there choose not network but host, since you put just ONE host there

...usage of inverted rules (screenshot 2)

...rules in general, since your firewall rules show an entry for IPv6, although you did not activate IPv6 for that interface at all (screenshots 3 and 5)

...and, as stated by @gabacho4 , you might want to read into basics like DNS, what it does, why it fails in your setting

I definitly do not want to sound demotivating. It is a lot of reading and understanding necessary when one has no professional background in networking.
Been there, done that (and still do, since the whole networking stuff is...hm...rather complex, learning never ends). But it is worth it and given a bit of time and motivation you see more and more through the fog and that when the fun with pfsense begins.
:)

johnpoz

@jollycloudycheergoose before you go start limiting stuff with firewall rules.

Just make the rule an any any, make sure everything works - then you can start with firewall rules that allow or block stuff.

For starters - as mentioned you have no rule that allows clients on this network to ask pfsense for dns. So no trying to go to www.something.tld is not going to work, because where is the client going to actually find the IP for that?

Other thing, your first rule is IPv6 - but you have in your alias IPv4.. And its not even a network 192.168.2.0/24 would be the network. 192.168.2.1/24 is a host address not a network.

! rules can get tricky as well - I would suggest you don't use those until your familiar with firewalling on pfsense. And even then, I wouldn't suggest them unless you have some very specific thing your trying to do.

So set the firewall rules on this interface to be IPv4 any any.. Just like the default lan rule.. Then once your sure things are working you can get more restrictive.

JollyCloudyCheergoose

Thanks so much to everyone who replied. I will do more research on the things suggested and come back

gabacho4

@jollycloudycheergoose as mentioned, keep everything simple to start with just to make sure things work as intended. Then you can start to tweak things until they are set up as you want them. Importantly, pay close attention to what you change so that you can revert if things don’t work right.

We’re more than happy to help and I don’t think any of us means to beat you down. There IS however something to be said for posting a problem you are having and asking for help, rather than declaring that pfsense is broken. 95% of the issues I see posted on the forum end up being user config errors or misunderstandings in how things works, though many users like to blame pfsense right out of the gates.

Best of luck on your technical journey. Hit us up as you go!