Conect 3 building with PFSENSE & ALIX PC at 5GHz

ktims

You won't be able to ping BBS1 LAN address until you set up the static routes. But yes, you must have wireless connectivity and be able to ping the BBS OPT1 interface.

prodzekshn

I think this is the main problem.
From PFSENSE AP interface OPT1-AP I can't ping PFSENSE BBS interface OPT1-BBS.
From PFSENSE BBS interface OPT1-BBS I can ping PFSENSE AP interface OPT1-AP.

I think this means that PF BBS is conected to PF AP.
First step that I need to solve is to ping from AP to BBS, or not?
And how to do that?
Again thanks for the fast reply.

wallabybob

First step that I need to solve is to ping from AP to BBS, or not?

Just to be clear, I presume you mean that from the console of PFSENSE-AP you give the command

ping x.y.11.12

How does it fail? What does it report?

I don't know if this matters, but I assume the wireless interface on PFSENSE-AP is in Access Point mode and the wireless interface on PFSENSE BBS is in Infrastructure mode.

prodzekshn

not from console, from web interface on PFSENSE AP.
Yes,
Wireless interface on PFSENSE AP is in AP mode,
Wireless interface on PFSENSE BBS is in BBS (infrastructure) mode.

From web interface on BBS PFSENSE I can ping AP.
Thanks for reply.

ktims

What do your firewall rules look like?

prodzekshn

First:
Thanks to ALL who answered on my post. Thanks to people on this forum and ofcourse thanks to builders of PFSENSE
I have been out of town from couple days and yesterday I have continue my work.
My PFSENSE AP had some strange behaviour and I decided to start from scratch.
Factory default on all pf-s and after a short configuration everything is working.
I will deal with the security issues after I put PF-s and antena in place
here is my PFSENSE AP config

STATIC ROUTES
Interface    Network       Gateway
LAN         x.y.12.0/24     x.y.11.11

Advanced Outbound NAT
interface|source|source port|destination|dest port|nat address|nat port|staticport
lan           any          *               *             *            *              *           no
opt1         any          *               *             *            *              *           no

firewall rules
lan default rule
opt1
protocol|sourceport|destination|port|gateway|schedule
     *          *               *          *         *

If I complite my goal I will put detailed description here.

Thanks again

chmodman

I am trying to set up this same configuration, as I have a similar need.  I have a strange problem however…

Both PF boxes can ping each other across the wireless link (Diagnostics>ping menu) on both LAN & OPT1.  However, the laptop I have connected cannot ping the PF on the other side of the wireless link (in either direction) or access the pf webserver.

If my laptop is connected to the BBS1 network on x.y.12.22, what should the gateway be? I would think x.y.12.10.  (I have tried x.y.12.10, x.y.10.205, x.y.10.11, x.y.10.10 and none of them worked.)

I have firewall rules on AP and BBS1 with allow all for LAN and OPT1 for testing.  I also set up the Advanced Outbound Nat (Manual) for OPT1 and LAN as shown in the example by the main poster.

I need machines at the BBS1 site to be able to communicate with machines at the AP site.  Do I need RIP to get this to work correctly?

Thanks!

wallabybob

@chmodman:

Both PF boxes can ping each other across the wireless link (Diagnostics>ping menu) on both LAN & OPT1.  However, the laptop I have connected cannot ping the PF on the other side of the wireless link (in either direction) or access the pf webserver.

If my laptop is connected to the BBS1 network on x.y.12.22, what should the gateway be? I would think x.y.12.10.  (I have tried x.y.12.10, x.y.10.205, x.y.10.11, x.y.10.10 and none of them worked.)

You didn't say enough about how the laptop's networking is configured. I presume its interface is x.y.12.22/24. If so, the pfSense box at x.y.12.10/24 is on the same subnet and the two should be able to communicate. Have you tried that? To get off the same subnet the laptop needs a default route or (possibly) a number of more specific routes. Does it have suitable routes? (If the laptop got its IP address from pfSense by DHCP then the default route would normally be setup correctly.)

A good way to get a better idea of what is going on is to use the traceroute utility (linux/BSD) or tracert utility (windows). For example,

traceroute x.y.11.12

will list you the IP addresses on the way to x.y.11.12 On windows type tracert at a command prompt.

chmodman

Yes, my laptop is configured as x.y.12.22/24 - and I am able to pull up the local pf box at x.y.12.10 just not the pf box at the other side of the wireless link.

I was able to resolve this problem by disabling the firewall on the AP, which I guess is ok for this setup as the AP is behind another firewall.  (Advanced>Disable all Packet Filtering)

Any idea why this would need to be disabled?

Thanks

wallabybob

@chmodman:

Any idea why this would need to be disabled?
Thanks

Guess your AP had a firewall rule (or rules) that blocked your traffic from the laptop.

Looking at the firewall log on the AP or pf statistics can sometimes give a clue as to which rule is causing the blocking.