Wireless Router behind PFsense problem
-
I adjusted the one IP like I said earlier for the interface on PFsense, & tried it before going to work. It didn't fix it. Been doing some reading while at work today. I was wanting to have separate subnets for each of my networks. i.e. 192.168.1.x for LAN, 192.168.2.x for WLAN, & 192.168.3.x for my DMZ (Server), however, this may not be possible, or at least easy to configure.
I was reading about bridging connections. I may have to bridge the wireless router to the LAN subnet to get it to actually work. I wouldn't prefer to run the WLAN on the 192.168.1.x subnet (for LAN) permanetly, but I need to be able to get WLAN up & running until I can figure out how to give WLAN it's own subnet of 192.168.2.x. Then while messing around trying to get WLAN on 192.168.2.x subnet, I can default back to the bridging connection if I need to.
-
The pfSense WLAN IP address needs to be a host address (e.g. 192.168.2.254/24) not a network address (192.168.2.0/24) and this address needs to be outside the range of DHCP allocated addresses on the interface. Suggest you allocate the WLAN IP addresses something like:
192.168.2.1 - Netgear router
192.168.2.100 to 192.168.2.199 DHCP (will probably be ample, but you have room to expand the range if you wish)
192.168.2.254 - pfSenseI'm confused by what you mean WLAN IP needs to be a host address & not a network address?? Does the PFsense WLAN IP under interfaces>WLAN>IP Address need to be changed to 192.168.2.254? Remember first nine ranges of 192.168.2.x are reserved already (in my example), wouldn't one of those work for the WLAN IP? Does router IP need to be different than PFsense interface IP? i.e. 192.168.2.2 for interface IP & 192.168.2.1 for router?
Perhaps I'm confused because you don't seem to have explicitly said what IP address you have assigned the pfSense WLAN interface. Its probably something OK (else you would have had a problem with the DHCP configuration). However the pfSense WLAN interface IP address must be different from the static IP address of any other system on your network. In particular, it must be different from the IP address of your wireless router.
You might find http://en.wikipedia.org/wiki/IP_address helpful reading on IP addresses.When you get your IP addresses and basic wireless sorted out you will need to add firewall rules to the pfSense WLAN interface to allow downstream systems to access anything off their subnet. (pfSense LAN interface gets a default firewall rule allowing access to anything; for security reasons other interfaces have nothing allowed.
I tried to already do this, I believe i created a default allow all rule for the WLAN interface just like the LAN comes setup with. This shouldn't be the problem.
When you change firewall rules you also need to reset firewall states - see Diagnostics -> States and click on the Reset States tab.
If your firewall rule on the WLAN interface is too like the default LAN rule it won't work. For example, if you set source on the WLAN rule to LAN net then nothing will match the rule and hence nothing will be allowed to pass the firewall. (No system on WLAN net should have an IP address in LAN net.) If the firewall rules are blocking internet access attempts you should see that in the firewall log: Status -> System Logs, click on Firewall tab -
Following screenshots would help a lot: wan, lan, wlan rules and assignments(without public ip)
and images of what you have + what you want to have. <– these images should contain ip-knowledge and port knowledge -
Well the good thing is I got it to work. I peeked at the pfsense book under the Wireless part in a last ditch effort to understand what might need to be done. I'm also going to pick up the book (since I read it will be a while before 2.0 version of book is release).
It talked about 2 types of wiring. One is basically running a cord from LAN switch to WLAN router. However this would have the WLAN technically on the LAN side, which I don't want for security reasons. I have each network (LAN, WLAN, DMZ) there own NICs for a reason.
Then it talked about having separate NICs for each interface (like I wanted) & mentioned bridging. It talked about having to bridge WLAN to LAN. It also mentioned that then the WLAN could run off LAN IP subnet. I guess that's doable but not what I wanted.
After I got off work last night & tinkered with it. I did bridge WLAN to LAN, but got it to work & assign IPs to my WLAN in the 192.168.2.x range. Everything is now working like it should for my WLAN clients.
LAN IP (PFsense)-192.168.1.1
WLAN IP (PFsense)-192.168.2.2
WLAN Router IP-192.168.2.1
WLAN IP Range-192.168.2.10-192.168.2.166However I want to know why internet was not being passed to the WLAN clients without bridging enabled. What exactly does bridging do, that wasn’t happening without it enabled? I was able to see my WLAN client connected under pfsense DHCP lease menu, but it wouldn’t pass the internet to it unless bridging was enabled. Does bridging present any security problems?
-
By default any non-LAN interfaces won't have any rules to pass internet traffic, only the LAN can access any of the interfaces without rules. Take a look at the one for LAN and mirror it over to your wireless interface.
Dakrk
-
Did you bridge pfsense interfaces, or what you did?
-
By default any non-LAN interfaces won't have any rules to pass internet traffic, only the LAN can access any of the interfaces without rules. Take a look at the one for LAN and mirror it over to your wireless interface.
Dakrk
I did set a firewall rule for the WLAN interface similar to the LAN firewall rule. I also did the firewall filter reload option & it still would not give internet to my WLAN unless i bridged the connections.
Did you bridge pfsense interfaces, or what you did?
Yes, I went to Interfaces>Assign>Bridges tab. Didn't select any advanced options. Just clicked, LAN & WLAN & clicked bridge & it magically worked.
-
bridged interfaces don't usually have ip's only the bridge is having ip-adress.
did you have external wireless router/accesspoint or buildin version? -
bridged interfaces don't usually have ip's only the bridge is having ip-adress.
did you have external wireless router/accesspoint or buildin version?My setup has a dedicated NIC in the PFsense box which connects to LAN port of dedicated wireless router (NetGear WNR3500). My router is not plugged into my LAN switch, which my desktop & PS3 are connected to. I think by bridging the connection, it fools my router into thinking that a ethernet cable is connecting my LAN switch to the router, even though they are on physically separate NIC interfaces.
I'm thinking that mabye when you create different subnets, each subnet needs a public IP to function on it's own, independent of other subnets/interfaces. I think upon initial configuration of the PFsense box it default assigns the LAN the only public IP I have (since i'm a home user with a single IP). So that when you create various physical subnets, they have to leach internet access off a single public IP (if you only have 1, in the case of most home users like me), then you have to bridge any other subnets made to your main subnet, ie LAN.
Now I did read that comcast offers extra IP addresses to it's customers. I'm sure I could purchase more IPs from comcast (there dynamic I heard) & then assign my WLAN a 2nd IP & it would work without being bridged.
But as far as i'm able to see right now, with only one public IP you must bridge any additional subnets to your main interface ie LAN, for additional subnets to have public internet access.
-
That is the reason NAT exists, it can handle multiple subnets into one public ip
So you don't have to bridge for that. Bridging is ok, if you like to have some rules for that network trafic(it does go thru firewall -> it will be checked)Automatic outbound nat handles that one ip-address, if you like to have multpile ip's then you need manual outbound nat.
I'm sorry you're doing this hardway ;)