Problem with optional interface

mathias

Hi there.

Iam having some trouble with my optional interface.
I've just installed pfsense (embedded on soekris 5501, for the first time).

I got the LAN interface working (seems like there is no filtering at all?)At the buttom in the firewall menu there is the following text "Everything that isn't explicitly passed is blocked by default." But even if I have no rules, my LAN interface works fine and all ports are open to the WAN.

When I try to set up an optional interface (one for WIFI) and connects a LinksysWRT54g to it (acting as a Access Point) the filtering begins, I got it so far so the clients on the WIFI can get an IP address (from pfsense' DHCP server) but they cannot do anything allthough I have opened several ports in the firewall (http, https, dns etc.).
But if I plug my LinksysWRT54g in the LAN interface it all works fine, so it must be something with the WIFI interface on the soekris.

I've have no firewall rules for the WAN interface and no NAT rules.
I tried with adding some NAT rules to the WIFI interface but that didn't work.

For know it seems like the LAN and WIFI interface have the same setup in the WebGUI but the WIFI interface just dosen't work, is pfsense doing something behind the GUI, I mean is the LAN interface special in some way so it dosen't need the same rules as the WIFI interface to work properly?

An another thing how do I filter the LAN interface, since all ports are open even though I didn't add any rules to it?

Thanks in advance.

mathias

I don't know how but I got the firewalling working on the LAN interface, now the "only" problem is the firewalling on the optional interfaces.

GruensFroeschli

http://forum.pfsense.org/index.php/topic,7001.0.html

mathias

Ive read this post some times (also before posting here) but I can't see what I am doing wrong.

I got the filtering to work with the LAN interface, and have applied the same rules to the WIFI interface but it doesn't work, the clients connecting to the WIFI interface gets an IP address but thats it, they cannot surf the net etc.

GruensFroeschli

Please show screenshots of your rule.

mathias

The LAN interface looks like this:

And the optional interface looks like this:

GruensFroeschli

And this is a purely routed setup?
No bridging WLAN to LAN or having the same IP-range on the WLAN as on the LAN?

mathias

I do not have any bridging between WLAN and LAN and the ip-range is different.

On the LAN it is: 192.168.1.1 and on the WLAN it is 192.168.2.1

I guess it is a purely routed setup if by that you mean that Iam not using any NAT rules?

mathias

Not anyone that knows what iam doing wrong?

Bern

You've got 53/TCP opened for DNS. Try 53/UDP.

Same for NTP - use UDP.

mathias

Thanks that worked perfect, I don't know how I could miss that :D

Thank you!