Belkin F5D7000 E

ARMac

Hi. After banging my head after 2 days I decided to ask for help. I have pfsense installed on p3 866Mhz box as main router firewall. I've  been using it for my LAN setup for almost 2 months now and everything is great, until I decided to make it Wireless AP too.

In short the PCI wifi card is Belkin F5D7000 E with Atheros chipset. No matter what I do I cannot make traffic between opt1 and the rest of the LAN and WAN.

Here is a sample diagram

FTTh
                  |
                  |
                  xl0
(192.168.1.1)pfsense ath0 –----- Opt1 (192.168.1.0/24)
                  rl0
                  |
                  |
              24port switch ----- LAN Clients (192.168.1.0/24)

Simple as that. I tried the following rules for opt1:
*  OPT1 net  *  *  *  *   
  TCP/UDP  OPT1 net  *  *  *  *

Opt 1 interface is configured with static IP of 192.168.1.9 and clients can connect and the DHCP server is leasing properly (DNS servers and default gateway are forwarded too) but they can't ping anything except the default gateway 192.168.1.1 and ofcourse they can't open anything.
I also tried bridging opt1 with lan interface but the problem persists. I even tried setting it on different subnet.

To summarize:
Clients can connect to AP, but no traffic gets thru, and they can only ping the gateway.

I have 4 of those PCI cards and tried them all with same result.
Any suggestions?

ARMac

It just started working by itself  ??? I think its some kind of bug or this particular manufacturer has some problems under BSD. Time will tell.

jimp

There are a couple problems with how you had that setup.

If you started with separate subnets, it probably would have worked.

What you really want, if you intend to have them on the same subnet, is this:

• OPT1 bridged to LAN - NO IP address should be configured on OPT1.
• When bridged, you need a rule at the top of the OPT1 rules to allow DHCP - Pass udp from 0.0.0.0 port 68 to 255.255.255.255 port 67.
• The other firewall rules on opt1 should have a source of "LAN Subnet" - They're bridged, so there is no OPT1 subnet, because OPT1 has no IP address.

It's a good idea after setting or unsetting a bridge on 1.2.x to reboot the router afterward. If you make a bridge, and then unset it, it does not get removed from the OS until you reboot. That might explain some of the odd behavior you are seeing.

ARMac

I didn't want it bridged since I am going to add another subnet soon witch is going to be bridged with this opt interface. Nevertheless that was not the problem. It seems those cards have some trouble keeping up with wpa encryption. WEP and open work fine. Going to buy some d-links later see how that comes out.

ARMac

I couldn't find D-Link that falls under supported hardware in BSD, so I bought ASUS WL-130g. Problems gone. It works in WPA, WPA2, same subnet, different subnet and bridged. 7 clients connected simultaneously (some of them even have the F5D7000e PCI cards) no problems so far.

I guess that Belkin F5D7000e just doesn't work as it should in pfsense no idea why. All 4 of them were giving the same problems and I did test them on other machines with Ubuntu and Win XP they are working fine there. Cheers and thanks for the help.