2 weeks still nothing.
-
@pfsensenewbie1 said in 2 weeks still nothing.:
packets would take and should have taken into account dns.
DNS is not in the "path".. has nothing to do with the "path" that your traffic takes from getting from A to B..
DNS is a phone book.. It has nothing to do with how traffic is routed from point A to B.
pfsense has all of them on it to use from the cmd line.. And traceroute, and a gui dns lookup and traceroute interface as well.
But if your looking to see the path that is taken from a device "behind" pfsense you would want to run the tool on that device - then pfsense would be in the path. If your wanting to see what device is using for dns - you would want to check again on the device. Maybe it defaults to googledns, or your dhcp is handing out something other than what you want it to hand out, etc.
Out of the box pfsense would hand out its own IP for dhcp clients behind it to use for their dns. It would then resolve vs forwarding. If you want all your clients to use your PI for dns - then you either need to tell them to use that directly, or have pfsense forward to it vs resolving. None of which would be in the actual path that traffic takes.
-
@pfsensenewbie1 There are such tools in the Diagnostics menu.
@johnpoz I think you’re confusing the normal use of DNS and OP is asking how the traffic routes to the internal DNS server.
Traceroute would help you see that yes. But, using the default setup it should work, just as if the wireless device tried to talk to 8.8.8.8 or some other DNS server. pfSense knows where your DNS server is (its WAN) so routes the packet there.
The downside to not bridging is the wireless devices aren’t in the same broadcast as the devices in your LAN (pfSense WAN) and while they can connect (e.g. by IP) they aren’t going to auto discover devices on another network.
I have not looked but I would almost expect there is software to make a PC into an access point…
-
@steveits said in 2 weeks still nothing.:
wireless devices aren’t in the same broadcast as the devices in your LAN (pfSense WAN)
If that is what he wants - pfsense is not what should be used here then. He should pickup an actual AP, or find some wifi router and use it as an access point.
Be like trying to use a corvette for delivering stuff - sure it can do that, but it has very little storage for the stuff your delivering. Gets horrible gas mileage, and insurance on it way more than some say delivery van ;)
Pfsense is a layer 3 firewall/router - while sure it can bridge, and sure it can even be wifi AP if you will. But if the goal adding wifi to some area, and you want those devices to be on the same L2 as your other device - it is not the correct choice.
-
@johnpoz thank you. I didn’t quite follow the analogy but from the discussion it sounds like I will need bridging. My original intent was to use the box to route all traffic, hence the reason for the expense. Now I know I can’t do that I just have to make it work until I have a better option. I kinda like the vette analogy.
if this software is like a corvette and is not suitable for the task, does that mean the software is specifically designed for larger networks where many advanced features would be used regularly? I honestly want to redo my network entirely and the pi is barely suitable for the dns server, so I was going to have it all on one box then forward all traffic and actually use the firewall features as well hence the box. If I didn’t need the modem/router for the wireless range it offers and obviously the modem features I would ditch it and use pfsense box for the lot with a switch for the wired connections. Unfortunately cash is short this time of year so buying anything is out of the question, I simply need to make this work or totally forget all about it.
With that said removing the bridge had no effect so I’m now going to dig into the tools to check dns forwarding etc.
-
@pfsensenewbie1 and in fact removing the bridge I now have no access to the firewall interface. I did last night now I don’t.
Both wan and lan are set to dhcp yet both are on the same subnet - how is this possible if they must be on separate subnets?
I’m going to reboot everything - when it fails I’m starting from scratch, I’m not putting much more effort into this especially as I can’t make it do what I need.
In case this is my last post I thank you for trying to help.
-
Ok I’m done. Totally lost access yet still got dhcp in the same subnet with no changes other than enabling dhcp and enabling Wifi. This is not supposed to happen so I’m taking your advice and trying something else.
-
Just catching up here...
This sort of setup should be quite simple as long as you have WAN and LAN in separate subnets.If you need the wifi clients to be in the same subnet as the WAN they must be bridged. However if you do that you can't apply layer3 forwarding rules to redircet DNS traffic. You would have to use layer2 rules, like the captive portal does, and there's no facility to do that in the pfSense GUI. Yet.
Steve
-
@A Former User said in 2 weeks still nothing.:
at least fairly proficient with networks.
Dunning-Kruger in action ;)
-
@A Former User said in 2 weeks still nothing.:
when it fails I’m starting from scratch, I’m not putting much more effort into this especially as I can’t make it do what I need
Just accept what is proposed by default.
"Default" is : A DHCP client on the WAN interface.
This way, pfSense will grab an IP, actually a lease, from an upstream, probably ISP router, just like any other device already present on your ISP router network. This is a plug and play operation.The LAN interface has to be set to a static IP, like the default 192.168.1.1/24
And you have to think now.
if your WAN network is already using 192.168.1.1/24 (many ISP router do !) then you have to ** set your (static) LAN interface to, for example, 192.168.2.1/24 - it could be any network, but not 192.168.1.1/24
Adapt DHCP server settings for this LAN interface accordingly.See it like this : a router can not route between two identical networks.
** like this : your see a red light ? Stop the car. Don't ask why for now.
If you think this is what you need, please reconsider, ask advise, write down what you want. We'll help.
-
@gertjan As I said earlier, he doesn't have things connected correctly.
If I had to guess, I'd say the WAN and LAN are both connected to his ISP router. -
@jarhead he left.. Deleted his account..
