Wifi to Lan Bridge problems

morph0

Hi all, i have been reading different guides and been in mIRC asking for assistance but keep running into a wall.

I am trying to install a WiFi card into an existing pFsense box which is currently running the following,

Load Balanced
Wan1 (ADSL PPPoE Connection)
Wan2(opt1) (Cable DHCP Connection)

Lan (192.168.10.x)

DHCP is being handled by a 2k3 box and i have setup DHCP relay on pFsense to point to the 2k3 box.

I have installed the WiFi card and set it up under the webgui as WLAN1(opt2). I then setup the WiFi as an access point with no security just as a test. I then bridged wlan to lan and also I created rules under

Firewall | Nat Outbound |

WLAN1    192.168.10.0/24  *  *  *  *  *  YES

Firewall | Rules | Wlan1 |

UDP  *  68  255.255.255.255  67  *
UDP  *  68  192.168.10.1  67  *

• *  *  *  *  *
• LAN net  *  *  *  *
• WLAN1 net  *  *  *  *

This has left me what i thought pretty safe to pass everything the WiFi card gets sent but i was wrong. DHCP doesnt work on the wifi card on the laptop or the iphone and setting it to static only works half the time to reach the internet.

Any advice would be muchly appreciated.

wallabybob

There are a number of things that could go wrong here.

Lets start with a couple of possibilities:

Does the DHCP server reliably see the DHCP requests from the wireless LAN?

Does the DHCP server reliably return the correct gateway address?

I presume 192.168.10.1 is the DHCP server.

On pfsense, a shell command like

tcpdump -i <lan-interface-name>udp and host 192.168.10.1

will show all udp traffic on the lan interface to or from 192.168.10.1. Depending on your network you might want to refine the filter in the command line but that would be somewhere to begin your investigation.

Oh, and it could also be helpful to know what WLAN interface you are using and what version of pfSense.</lan-interface-name>

morph0

I do appologise i did have all that info in notepad and did mean to include it, pFsense version is

Version 1.2.3-RC1
built on Wed Apr 22 15:45:47 EDT 2009
FreeBSD 7.1-RELEASE-p5 i386

Linksys Wireless-G PCI adapter WMP54G v 4.1

# tcpdump -i ral0 udp and host 192.168.10.1
tcpdump: WARNING: ral0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ral0, link-type EN10MB (Ethernet), capture size 96 bytes
23:56:31.014919 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:56:41.448983 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:56:56.442742 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:57:39.048282 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:58:11.094631 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:58:22.770061 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300

# tcpdump -i rl1 udp and host 192.168.10.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rl1, link-type EN10MB (Ethernet), capture size 96 bytes
23:56:31.014559 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300
23:56:31.014779 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:56:31.015036 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
23:56:41.448746 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300
23:56:41.448909 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:56:41.449076 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
23:56:52.225585 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 61
23:56:52.605929 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 109
23:56:56.442527 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300
23:56:56.442675 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:56:56.442841 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
23:57:33.346429 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 61
23:57:33.720987 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 109
23:57:37.716999 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 52
23:57:38.218903 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 52
23:57:38.219249 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 52
23:57:38.315670 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 48
23:57:38.315857 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 40
23:57:38.530824 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 52
23:57:38.531199 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 90
23:57:38.666294 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 52
23:57:38.666582 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 108
23:57:38.749128 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 165
23:57:38.750119 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 84
23:57:38.883610 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 183
23:57:38.970828 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 159
23:57:39.048030 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:57:39.048631 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:1f:d0:8a:b3:0d (oui Unknown), length 300
23:57:39.048962 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
23:57:39.051159 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 88
23:57:39.276599 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 163
23:58:11.094560 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:58:11.094891 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300
23:58:11.095216 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
23:58:15.143315 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 89
23:58:15.361334 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 164
23:58:20.192217 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 52
23:58:20.635392 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 52
23:58:22.769789 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300
23:58:22.769985 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
23:58:22.770152 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
23:58:53.326088 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 61
23:58:53.702375 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 109

I ran the tcp dump command on both the wireless(ral0) and the lan(rl1) and that was the output of the DHCP request the laptop just ends up timing out.

wallabybob

Is 192.168.10.1 your DHCP server. If not, what is it?

What OS is running on your wireless laptop client?

What is the signal strength show on the wireless client?

morph0

192.168.10.1 is the 2k3 dhcp server, laptop is running vista with a intel card and the iphone is is doing the same symptoms. Signal strength is full bars.

wallabybob

It would appear from the tcpdumps you have posted that pfSense is sending DHCP replies to the laptop.

Do you have some means of doing a similar trace on the laptop? (The tcpdump on pfSense displays the frames BEFORE they are given to the device driver. Its possible the driver is discarding them and not transmitting them. Its possible the frames are being sent but the laptop discards them because they are damaged.)

Is there some sort of log on the laptop in which you can look for reports on DHCP? (Perhaps the laptop doesn't like the format of the DHCP reply and is not acting on it.)

Have you tried using pfSense as the DHCP server for the wireless clients? It might not be where you want to go long term, but it could give some information relevant to to this problem.

morph0

@wallabybob:

Have you tried using pfSense as the DHCP server for the wireless clients? It might not be where you want to go long term, but it could give some information relevant to to this problem.

In actual fact I have spent the last week and a half on this bloody thing. I also decided Windows has DHCP and DNS provided me with no added benifit really and dumped them both and installed DHCP and DNS onto my pFsense box.

After little configuration I managed to get all laptop clients accepting there IP address and what not.

How ever I have still hit one wall. The Apple iPhone is not allowing me to browse the internet from wireless. I have setup rules to pass all traffic from the IP address and it doesnt matter if its static or DHCP it refuses to go out.

The iPhone is showing up in the logs blocking

Sep 14 17:07:48 WAN  192.168.10.253    224.0.0.252  IGMP
Sep 14 17:24:15 WAN  192.168.10.1    224.0.0.252  IGMP
Sep 14 17:24:33 WAN  192.168.10.1:138    192.168.10.255:138  UDP

For the life of me I don't know where to add acceptable rules to allow this traffic and it seems to be ignore a permit all traffic under rules.

lsf

Is your wireless interface on pfSense? did you bridge it?
If not did you remeber to add a NAT rule so that the traffic from wireless actually get's natted?

morph0

Sorry for my late reply. Been to frustrated to continue playing with the configs.

I have Manual Outbound NAT rule generation enabled with

  WAN    192.168.10.0/24  *  *  *  *  *  YES Auto created rule for LAN    

  WAN1    192.168.10.0/24  *  *  *  *  *  YES Auto created rule for LAN    

  WLAN1    192.168.10.0/24  *  *  *  *  *  YES Auto created rule for LAN   

I also enabled bridge to LAN from the WLAN interface. So far i have been able to get windows laptops all talking and Nokia E series phones talking but the iPhone still refuses to talk properly.