Routing between two pfsense boxes via wireless bridge
-
Can you run something like wireshark on a PC on one LAN and then try pinging that host from the other side and see if anything at all shows up? The firewall packet logging doesn't seem to be useful since you know you can see each pfsense's LAN.
-
Thanks danswartz, I had not thought about that. I will set this up and get back with results.
Adair
-
I'm waiting for the other end of the link to get connected back up correctly to fully test.
But a ping from my wireless device back to my desktop was failing, I fired up wireshark and saw that the ping was reaching my desktop but my desktop was not responding…...Yep you guessed it, bone head move. Windows firewall was blocking the pings. I turned if off and can ping my desktop thru my router from my wireless bridge.
This tells me that PF is setup correctly and should mean everything will work ok once the link is back up.Damn windows!
I will test and post back a final outcome.
Next time I will test pinging hostes other than windows devices!
Thanks,
Adair -
good to hear! everything i was seeing looked 'impossible' :)
-
good to hear! everything i was seeing looked 'impossible' :)
Why do you say 'impossible'?
-
I mean it all looked correct - i couldn't see how you could be pinging the LAN IP of the pfsense but not the host, given what the rules and such looked like.
-
Now I have everything setup just like before and when I try to ping the a host on the other LAN I get a TTL expired in transit..
Trace routing shows the ip address of the OPT interface of my router.
From either side I can ping the bridge IP's and bridge interface but not the LAN router or any host IP's.this is beginning to get really frustrating.
Adair
-
What I wanted to see was the results of a wireshark trace on the host on the remote LAN when you try pinging…
-
That's just it, I can't even get as far as I was getting before.
Before I could ping the LAN interface of the each others router but not a host on the LAN (because of the windows firewall)
I'll still do some captures with wireshark later.Thanks,
Adair -
This is old but I now have this working. (it's actually been working for awhile, just didn't think to update the thread)
I had two major problems the entire time I was trying to get this working
First with the Ubiquity Bullets you have to put them in Client/Server WDS mode in order for them to do layer two bridging. DOH!
Second, at someone in a midst all the testing I screwed my my static route to the other subnet.
What I needed was LAN 192.168.2.0/24 via 172.16.10.2.
172.16.10.2 being the pfsense routers opt interface on the other side of the bridge.Somehow I had put 172.16.10.3 (my routers opt interface address)
Getting the bullets our of a semi/mini nat mode and putting the correct routing statement on each pfsense box fixed everything right up!
-
Cool.