Noob needs help please!
-
If you have wireless ap and want to have it in same subnet just connect that device to switch and forget to use wan port, use only lan ports
if you want to have all different subnets, then opt1 should have all different ip subnet and connect ap from lan ports to pfsense opt1 nic. setup dhcp from opt1
-
disable the dhcp of your wireless router first to act it as an ap. connect a cable from the wireless router lan port to your pfsense LAN.
sir metu already answered your question.
-
disable the dhcp of your wireless router first to act it as an ap. connect a cable from the wireless router lan port to your pfsense LAN.
sir metu already answered your question.
I have been using the router as an access point for months, connected to a cheap netgear firewall, it has been working great, thats not the problem. The port on the PFsense fire wall is configured and status shows everything is in order but you cannot connect to it in anyway what so ever, through wireless, Lan connection, etc. The reason I'm building this is cost and the netgears throughput is horribly slow.
-
If you connect it to lan swith you shoud have connectivity?
If this is the case, you have no allowing rules in opt1 then.Pfsense quick 101:
Lan is only nic which has auto rule to allow traffic anywhere
Other nics should have rules to allow traffic
rules work on ingress -> if you want that opt1 works differently no matter where that traffic is sent, you put the rule on opt1 -
rules work on ingress -> if you want that opt1 works differently no matter where that traffic is sent, you put the rule on opt1
And if you change firewall rules you should also reset states: Diagnostics -> States, click on Reset states tab.
-
Highroller
You have a basic network problem. You cannot have two ports on a router within the same address space. The router will not know which port to route traffic out of. I would guess that the router will always route traffic out of the lowest cost port (Meaning the fastest). If you would like to use a wireless router as a access point and keep the IPs in the same address space, you have a couple of things that you can do. Take your access point and connect it to your switch. Disable the DHCP in your wireless router and then connect from switchport to a switchport on the back of your wireless router. I would also manually assign the lan side of your access point an IP within the address space of your LAN NIC on your pfsense box so that way you can manage it going forward.
If you have 3rd party software on your wireless router like DD-WRT then all you have to do is Bridge your LAN and WAN ports and then connect your wireless router to your switch like normal, that is to say connect from switchport to Wan port on your wireless router and your done!
Another way you can do this is to bridge your two LAN NICs (Meaning put them in the same broadcast domain) that should accomplish what you are trying to do also. Then just connect from your second LAN NIC from the PfSense box to the switchport on the back of your wireless router. Make sure again that you have the DHCP disabled and that you assign the LAN side of your wireless a IP within your LANs IP range so you can manage it.
If you don't care about what IPs your wireless router gets, then just make another LAN in the PFsense box for your second NIC for example 192.168.2.1 /24 and you should be good. Remember Disable DHCP and connect from switch to LAN side of your wireless router not WAN side, and assign the LAN IP of your wireless router so that it is in the same address space of your second NIC. For example in this case you could assign the wirless router 192.168.2.2. Remember to make your rules on the Pfsense box to allow traffic out of this interface. I would also set the DHCP to be something like 192.168.2.100 - 199.
Just some quick trouble shooting tools if you are using Windows you can drop to the dos prompt and try to ping the interface with the command "ping 192.168.x.x" replace x with your IP, if you get no response then use the command "arp -a" to see if you have a layer 2 connection. If you cannot see the MAC of the NIC on your PfSense box then you have a bigger issue. You probably are on a different broadcast domian.
Hope this helps.
-
Another way you can do this is to bridge your two LAN NICs (Meaning put them in the same broadcast domain) that should accomplish what you are trying to do also. Then just connect from your second LAN NIC from the PfSense box to the switchport on the back of your wireless router. Make sure again that you have the DHCP disabled and that you assign the LAN side of your wireless a IP within your LANs IP range so you can manage it.
It's not quite that simple, but there's a thread in the Networking section about doing this. Really, though, it's only worthwhile if you want to do different firewall rules for wired and wireless. Otherwise plugging it into the switch is easier.
-
Highroller
You have a basic network problem. You cannot have two ports on a router within the same address space. The router will not know which port to route traffic out of. I would guess that the router will always route traffic out of the lowest cost port (Meaning the fastest). If you would like to use a wireless router as a access point and keep the IPs in the same address space, you have a couple of things that you can do. Take your access point and connect it to your switch. Disable the DHCP in your wireless router and then connect from switchport to a switchport on the back of your wireless router. I would also manually assign the lan side of your access point an IP within the address space of your LAN NIC on your pfsense box so that way you can manage it going forward.
If you have 3rd party software on your wireless router like DD-WRT then all you have to do is Bridge your LAN and WAN ports and then connect your wireless router to your switch like normal, that is to say connect from switchport to Wan port on your wireless router and your done!
Another way you can do this is to bridge your two LAN NICs (Meaning put them in the same broadcast domain) that should accomplish what you are trying to do also. Then just connect from your second LAN NIC from the PfSense box to the switchport on the back of your wireless router. Make sure again that you have the DHCP disabled and that you assign the LAN side of your wireless a IP within your LANs IP range so you can manage it.
If you don't care about what IPs your wireless router gets, then just make another LAN in the PFsense box for your second NIC for example 192.168.2.1 /24 and you should be good. Remember Disable DHCP and connect from switch to LAN side of your wireless router not WAN side, and assign the LAN IP of your wireless router so that it is in the same address space of your second NIC. For example in this case you could assign the wirless router 192.168.2.2. Remember to make your rules on the Pfsense box to allow traffic out of this interface. I would also set the DHCP to be something like 192.168.2.100 - 199.
Just some quick trouble shooting tools if you are using Windows you can drop to the dos prompt and try to ping the interface with the command "ping 192.168.x.x" replace x with your IP, if you get no response then use the command "arp -a" to see if you have a layer 2 connection. If you cannot see the MAC of the NIC on your PfSense box then you have a bigger issue. You probably are on a different broadcast domian.
Hope this helps.
Mikeisfly,
I can’t thank you enough! This solved my connection issue. THANK YOU!
Now, the reasoning behind this. This connection is for my son, in the past he has cause me a lot of grief with viruses and other issues, that have effected my network. I would like to totally segregate this connection from the rest of my network. Now at this point to get the system up the firewall rule is passing all.
He plays online computer games, plays online Xbox, uploads and downloads youtube videos and other things of this nature. With this in mind, what should I pass and what should I block to protect my network? And how do I segregate this wireless connection from the rest of my network?
My network consists of a media server and 4 desktops, all wired. Internet connection is 10mbs Cable service.
I have a managed Netgear 108 switch, I think that’s the model, anyway it is a managed 8 pot gigabit switch. Trashing the Netgear 318 firewall due to throughput issues.
Thanks again
-
Mikeisfly,
I can’t thank you enough! This solved my connection issue. THANK YOU!
Now, the reasoning behind this. This connection is for my son, in the past he has cause me a lot of grief with viruses and other issues, that have effected my network. I would like to totally segregate this connection from the rest of my network. Now at this point to get the system up the firewall rule is passing all.
He plays online computer games, plays online Xbox, uploads and downloads youtube videos and other things of this nature. With this in mind, what should I pass and what should I block to protect my network? And how do I segregate this wireless connection from the rest of my network?
My network consists of a media server and 4 desktops, all wired. Internet connection is 10mbs Cable service.
I have a managed Netgear 108 switch, I think that’s the model, anyway it is a managed 8 pot gigabit switch. Trashing the Netgear 318 firewall due to throughput issues.
Thanks again
If you're running the wireless AP on a separate nic with it's own dhcp(not bridged), it's already segregated from your wired network. You'll be able to connect to it from the wired network, but not vice versa.
As for blocking things, it really depends on how much you want to have to mess with it. You could go the standard router route and just block all inboud(the default) and allow all outbound. If you're worried about your son getting a virus, try installing HAVP. You can also add squidgard to help block malicious urls.
-
Guy's I want to thank you for all the help!
Problem solved, it was a simple matter of Firewall rules. Everything is working. Now I just have to figure out what firewall rules to apply to keep things safe.
Thanks again!
-
What do you mean by safe?
if you want a good way of blocking sites, you can try squidguard, ipblock or countryblock. Snort is also a good thing but I found it "complicated".