Looking for help re-arranging my network
-
I have an idea. Since at the house here I tend to use "old junk" I think I could walk you through it.
I have two DDWRT linksys routers acting as switchs and AP on my network, so I've been through it.
You have to take it in little bytes and not huge chomps.1. Make sure pfsense is working fine and handing out DHCP on its LAN side before hooking up your DDWRT to it.
2. You will basically have to turn off every setting in your DDWRT. It shouldn't do any routing, firewalling, SPI or anything and it will have to get a static IP. You will also need to turn off any servers you have running on them. I'll send you a how-too link on that. Cool?And you will also deactivate the WAN on the DDWRT so that it gives you all its ports available as gigabit switch.
(As a side benifit, these will end up with some VLAN capability - You can experiment with that later)
(Yeah - Your slightly managed DDWRT switch's IP will be on the same subnet as the pfsense lan you connect it too. OUTSIDE PFSENSE DHCP RANGE)
make sure the DHCP range you specified on pfsense LAN leaves space for static assignments. -
But It's always worked with the DD-WRT and the Belkin, now all of a sudden it doesn't work with pfSense.
Because it's not been the same at all? You connected yet another router in there (instead of just ditching the DD-WRT thing altogether). At least that's what I get from the confused description. I'd suggest to get rid of useless devices needlessly complicating things. At least until you get your basic setup working.
-
I have an idea. Since at the house here I tend to use "old junk" I think I could walk you through it.
I have two DDWRT linksys routers acting as switchs and AP on my network, so I've been through it.
You have to take it in little bytes and not huge chomps.1. Make sure pfsense is working fine and handing out DHCP on its LAN side before hooking up your DDWRT to it.
2. You will basically have to turn off every setting in your DDWRT. It shouldn't do any routing, firewalling, SPI or anything and it will have to get a static IP. You will also need to turn off any servers you have running on them. I'll send you a how-too link on that. Cool?And you will also deactivate the WAN on the DDWRT so that it gives you all its ports available as gigabit switch.
(As a side benifit, these will end up with some VLAN capability - You can experiment with that later)
Thank. But I'm already stuck in step 1. It doesn't hand any DHCP with 192.168.1.1.
and as for Step 2; I used http://www.dd-wrt.ca/wiki/index.php/Wireless_Access_Point (the Long Vesion part) to set this up.But if you have another how-to, I'd be interested in trying that too. Was it this complicated when you tried it?
Because it's not been the same at all? You connected yet another router in there (instead of just ditching the DD-WRT thing altogether). At least that's what I get from the confused description. I'd suggest to get rid of useless devices needlessly complicating things. At least until you get your basic setup working.
It's not needlessly complicating things. I have devices that are wired to 2 different rooms, and hence have routers that I'm using as switches in 2 different rooms. This isn't complicated at all. It should be straightforward to set up.
-
Actually - DDWRT does make super slick switch and wireless AP if you turn of all the crap the will cause issue. I wouldn't trade mine for a new dumb switch and a shiny new AP. No way. But there is lots of opportunity to screw yourself in the settings.
-
Thank. But I'm already stuck in step 1. It doesn't hand any DHCP with 192.168.1.1.
Does it hand out IPs once you have disconnected the useless DD-WRT thing?
Actually - DDWRT does make super slick switch and wireless AP if you turn of all the crap the will cause issue.
Yeah. If. Apparently not what's been done here.
-
Thank. But I'm already stuck in step 1. It doesn't hand any DHCP with 192.168.1.1.
Does it hand out IPs once you have disconnected the useless DD-WRT thing?
As I mentioned before, No. It will only hand out IPs if I change the IP to something other than 192.168.1.1.
This is with NOTHING ELSE connected. -
As I mentioned before, No. It will only hand out IPs if I change the IP to something other than 192.168.1.1.
This is with NOTHING ELSE connected.Eh. Have you rebooted the devices (the DHCP clients)?
-
As I mentioned before, No. It will only hand out IPs if I change the IP to something other than 192.168.1.1.
This is with NOTHING ELSE connected.Eh. Have you rebooted the devices (the DHCP clients)?
Yes.
edit: After rebooting the pfSense box itself, now it will accept devices as 192.168.1.1.
-
Well, then post some screenshots of the configuration. I'd once again urge you to consider that you can only have one and exactly one DHCP server on any one network normally. Definitely STILL not convinced even about this being the case, considering "Also, If I turn off WAN and DHCP on the DD-WRT router, I lose the ability to go to it's configuration page…"
-
Please tell me exactly how your internet flows. From the ISP > Modem > PFsense.
How many NIC ports does pfsense have?(This is a physical machine? I'd hate to find out on page 4 of the thread its a VM)
Also, tell me how you went about assigning WAN and LAN?
Are you 100% sure you don't have your WAN and LAN cables swapped on pfsense? Thats crazy easy to do.
Unplugging a cable then plugging it back in should show which interface was affected. That will make it easy to know if you swapped them by accident.
If you plug and unplug a cable into both ports seperately and the other end is attached to a computer it will tell you which interface that is. For example em0.
Make sure the interface you are calling LAN is actually correct.
Once, I even accidentally assigned LAN to a firewire interface… YES it can happen.Assuming they are not swapped. Did the WAN get an IP from your ISP?
If it did, lets get into IP assignment on the LAN
did you make its IP 192.168.1.1? did you tell it to use DHCP on that interface? And then did you assign a DHCP range that doesn't overlap with the IPs your DDWRT switches will use? for instance start at 192.168.1.55 and end 192.168.1.155 (leaving big gaps before 55 and after 155 for static maps)?
If there is something wrong with those assignments you can reassign interfaces or IPs via the pfsense console. (I assume there is a monitor/keyboard attached)
-
doktornotor is right. Configuring the DDWRT correctly as switch REQUIRES shutting off its DHCP as final step. If you don't get all those services turned off, it will break pfsense. You will later be able to access the DDWRT menues via static IP you should have assigned it. What you do is as you are disabling this and that service in DDWRT, at every screen you SAVE settings (NOT APPLY). Then after you are sure all the setting are correct. Firewall all set to off, no SPI, no routing, no DHCP, no services like VPNs active and everything. And you have set a static IP. Then you APPLY settings and reboot DDWRT. Hope you wrote down its static IP, admin username and password because that is where you will access it on the LAN.
If you made even the slightest deviation from this, you will only break your network.
-
This is my configuration. And yes, the WAN got a public IP.
I set the LAN IP to 192.168.1.1 (this works now), I started DHCP and gave it a range of 192.168.1.100-192.168.1.254And yeah, there's a monitor and keyboard attached.
-
Have done anything with the outbound NAT? Again, if you traceroute from a computer on the LAN to say 8.8.8.8, what do you get?
-
Your network is arranged fine.
If pfsense hands out DHCP after a reboot and workd without DDWRT attached the DDWRT is a problem.Need to make sure all services on it are off. It will work, although it needs to be exactly correct.
-
Alright, I'm going to set it all up again. I'll be back in a few minutes when I get internet access again.
Thanks, all.
-
Another little trick I do is I save several configurations of DDWRT.
I set it up as a basic wireless router then I save the config on thumbdrive.
I set it up as a wireless router and with a Openvpn Client to pfsense then I save the config on thumbdrive.
I set it up as switch and wireless AP then save the config on thumbdrive.Then later, if I get ready to go somewhere, I can just restore the openvpn client config grab it and go.
When I'm back home, restore the switch/AP settings.Very convenient. If you don't miss some little setting and break pfsense.
-
Alright, I changed some settings and now things are working ALMOST as they should.
From here on out, they're DD-WRT config problems.The wireless radios never come up. So I have no wireless.
Also, could you please give me step by step instructions on how to get to the DD-WRT configuration page when it's set up this way?The pfSense box's IP is 192.168.1.1 and the DD-WRT switch's IP is 192.168.1.2
-
well - I always go to http://192.168.1.2 or https://192.168.1.2
(hope you didn't turn off access to the administration)
After that, you can turn on wireless and set that up. (I use E2000s for this. They are "slower" but super compatible)
I have several nice high dollar switches in the basement that are plugged directly into pfsense. I have dual CAT6 cables to all rooms in the house. I usually attach a DDWRT to those in the rooms on the second and third floor for additional switch ports and AP and because I like to have wireless N if I want it.
-
I tried that, but It doesn't work. It times out. I can't ping it either.
And yes, web administration and remote administration are both on.
Please don't tell me I have to restart again.
-
"DD-WRT switch's IP is 192.168.1.2"
So why would you need to ask how to access its configuration page if you set its IP?? How do you think you would access it?? How were you accessing them/it before??
