Route 2 Lans

danesco

Hi. Im trying to do something like this:
I have 2 LAN
172.16.0.xx/16
172.16.1.xx/16

What i want its to have "clients" in separate lan adress than "infraestructure"
Using pfsense to give dhcp in 172.16.1.xx and configuring a route to reach the access points in 172.16.0.xx. But if i add a static route with 172.16.0.xx does not work

pfsense(172.16.1.1dhcp)–-----AP(172.16.0.1)---------------------AP2(172.16.0.2)----
                                                        -Client(172.16.1.2)                    -Client(172.16.1.3)

Note: The access points are in bridge mode, so all clients are in same collision domain

ptt

http://forum.pfsense.org/index.php/topic,40795.msg210697.html#msg210697

@Cry:

You have overlapping subnets - that will never work. For OPT2 use a different subnet, say 192.168.2.0/24.

danesco

But in this case, i cant have a second physical interface. Because the links are wireless between pfsense and access point 1. And the others AP

Oh sorry, i see what you say, is 172.16.xx.yy and 172.17.xx.yy But the my problem its the same, how to use another net or subnet for my access points

ptt

I'm not an expert, but IMHO, i think the best way to isolate traffic will be trough a separate interface. If you cant add a third phisical interface, then go for a managed switch + VLANs, this way you can have each AP in a separte network and your wired LAN in another, this way you will have full control over the traffic of your network.

WAN –pfSenseBox-- Managed switch|– LAN ( wired )
                                                  |-- OPT1 ( AP 1 )
                                                  |-- OPT2 ( AP 2 )

this way you can set rules to allow / block traffic through / from / to LAN / AP1 / AP2
You can get this with a cheap RB250GS.

danesco

This scheme is possible in a physical conditions like this?:

My network is like a bus i think.

Pfsense connects trough utp to AP1 and AP2 are 5Km away with bridge.. and AP3 are 800m more with Bridge to PFsense
All the links after pfsense are wireless so i cant connect directly AP1 and AP2 to a managed switch

ptt

But, at least one of your APs is connected to pfSense LAN, then add a third interface and you can isolate easily your APs traffic from your Wired LAN traffic.

If you want a "more accurrate" answer, please post a "clear" network diagram, with "all" the details of your network topology ( except the public IPs ).

danesco

Hi, this is a simplied diagram. Bridge 172.16.0.3 are far far away from pfsense (its a PtP link with 172.16.0.2)