Guide to setting up Atheros AP with pfsense?

GoldServe

Right now, I call my ath0 lan so it is always up and lan bridged to it. Is this a good idea?

Is there a way to achieve the same thing but I want captive portal to work on the ath0 but now it won't work on a bridged interface.

Are there some easy steps to make two networks bridged but manually using firewall rules, etc?

hoba

@GoldServe:

Right now, I call my ath0 lan so it is always up and lan bridged to it. Is this a good idea?

This confuses me a bit. if ath0 is LAN what is the other LAN that you are talking about and what is ath0 then bridged to?

GoldServe

I call ath0 lan and the wired ports as LAN2, bridged to LAN.

GoldServe

It doesn't seem like it is going to work. Lan (ath0) is giving out an IP but Wired (Lan2 bridged to lan) is not giving out an IP.

Is there an official and clean up to set up an AP bridged to LAN on pfsense?

hoba

I haven't tried that kind of setup. I usually bridge the wireless interface to the wired lan in such scenarios which works fine. I know there are some limitations when bridging a wireless interface (you only can bridge a wireless interface to another one if it's in AP mode).

GoldServe

I can't believe pfsense doesn't work when I bridge the WLAN with the LAN with no LAN device plugged in. I'm not understanding why that is a problem? How do other platforms overcome this issue?

hoba

Afaik it's a freebsd issue.

GoldServe

Really…I'm surprised no one tried to fix this. How much would a bounty do?

sullrich

This is a kernel issue not a pfSense issue.

GoldServe

One more problem. I've got the wireless not bridged and on a seperate subnet from the wired now. Two clients connected and can ping the gateway of own and lan but can not ping another wireless client. Anything required in the firewall rules? Seems like it's doing AP isolation.

GruensFroeschli

you need set the checkbox "Allow intra-BSS communication"

GoldServe

Thanks for the response. Works like a charm.

sokar311

Hi, i also have a PfSense configuration with 2 Nics and 1 Wireless Card set as an access point (infrastructure gives me "no carrier"!?), i also have the "Allow Intra-BSS", but seems that the firewall rules don't apply between the wireless clients anymore!, any help?, thanks.

GruensFroeschli

Infrastructure = Client
Access Point = Access Point

Firewall-rules are and were never applied for traffic between clients.

sokar311

Thak you, but do you know any way to control the traffic between wireless clients with the firewall?

lsf

Vlans might do the trick. I never tested this tho.

hoba

@lsf:

Vlans might do the trick. I never tested this tho.

How should tat work? The only option that we provide is to seperate the clients from each other meaning they completely can't talk to each other. Besides that there is no way that I can think of to do that.

flamegrilled

@GoldServe:

What are your Ap settings? WPA/TKIP?