Wireless Router behind PfSense?!?!?
-
I'm sorry I'm a huge noob. I've wasted at least 3 hours trying to find out something that is probably really easy to do.
Would anybody please direct me to the place where i can figure out how to configure my wireless router.
It's going to be connected on the "LAN" interface. I don't know what to set on the router? Should I set "WAN" on the router to DHCP? and the internal "LAN" to DHCP too? I have no idea! :(
So this is what it's going to look like
WAN LAN
Modem –--> pfSense -----> Wireless Router (Tomato Firmware)Please help a noob. :)
-
Ok, In your tomato config page in Basic\Network:
WAN / Internet
Type: Disabled. (use the lan ports instead)LAN
IP Address: Same subnet as Pfsense connected interface.
Subnet Mask: Same subnet as Pfsense connected interface.
Gateway: Pfsense Ip
Static DNS: Pfsense IpDHCP Server: Disabled.
Now in your pfsense box you'll have to enable dhcp for that interface
if you would like dhcp. -
Thanks a lot for helping.
A couple more questions:
What settings do I set on pfSense? From trying to read all the threads on the forum, I gather that I'm supposed to do something to the firewall page? Also for the IP Address on Tomato, I basically set the LAN IP Address to legal value right? So would 192.168.2.1 work?
I'm guessing if I disable DHCP on the router and enable it on the LAN interface in pfsense, one of the computers connected to the router will be able to access the pfsense webgui through the router by typing the pfsense ip? (i.e. 192.168.1.1) Also that pfsense would then be the interface assigning ip numbers and the wireless router essentially acts like a tunnel and hands the clients the ip generated by pfsense DHCP.
Thanks
-
the IP Address on Tomato, I basically set the LAN IP Address to legal value right? So would 192.168.2.1 work?
Probably not but depends on your netmask.
If you do not have more than 254 hosts (devices) on your network then a netmask of 255.255.255.0 (similar to /24 in writing) is sufficient.
This also means that all hosts in your subnet have to have an IP starting with 192.168.1. if you want to access them (e.g. web gui of your Tomato).
You must not use .0 (this is the network) or .255 (this is the broadcast) on your LAN subnet, btw.So if you put your Tomato on 192.168.2.1 it is out of reach for other hosts in your 192.168.1.0/24 subnet.
…and usually it is not too good an idea to use the host address of 192.168.1.1/24 for anything because lots of devices tend to use this exact address as factory default. This means that everytime you add such a device to your network you'll have an IP conflict to resolve before you can use that device or even the whole network if your DHCP server and gateway uses exactly this one host address...
All the above doesn't matter if you use a bigger subnet mask (eg 255.255.0.0). But you would have a max of 65023 hosts which is pretty unlikely to be needed at home (at least while not every wall switch has an IP).
Wikipedia has some nice writings about subnets and netmasks to read and learn from.
-
Ahh I see that makes sense.
Ok so what I tried to do was set the pfsense at 192.168.1.0
Then I tried to set tomato at 192.168.1.2.
In terms of settings:
On pfsense I believe I enabled DHCP (by choosing DHCP rather than static)
Then on the firewall rules I set up a rule to allow everything from the LAN interface.On Tomato
WAN/Internet : None
LAN
IP: 192.168.1.2
Gateway: 192.168.0.1
DHS: 192.168.0.1
Subnet: 255.255.255.0
Disabled DCHP.If I connect my laptop straight into the LAN port, I can actually get internet. I don't know what is wrong w/ my tomato settings. :(
-
Ahh I see that makes sense.
Obviously I haven't been clear enough.
Ok so what I tried to do was set the pfsense at 192.168.1.0
You must not use .0 (this is the network) or .255 (this is the broadcast) on your LAN subnet, btw.
Did you read articles about subnetting already? Do so! … Wikipedia is great for that.
In terms of settings On Tomato:
LAN
IP: 192.168.1.2
Gateway: 192.168.0.1
DHS: 192.168.0.1
Subnet: 255.255.255.0Do you see that 192.168.0.0 and 192.168.1.0 are different subnets?
Please read the available articles about netmasks and subnetting carefully. You have to understand these basics before working with them!
