Looking for help re-arranging my network
-
This is my configuration. And yes, the WAN got a public IP.
I set the LAN IP to 192.168.1.1 (this works now), I started DHCP and gave it a range of 192.168.1.100-192.168.1.254And yeah, there's a monitor and keyboard attached.
-
Have done anything with the outbound NAT? Again, if you traceroute from a computer on the LAN to say 8.8.8.8, what do you get?
-
Your network is arranged fine.
If pfsense hands out DHCP after a reboot and workd without DDWRT attached the DDWRT is a problem.Need to make sure all services on it are off. It will work, although it needs to be exactly correct.
-
Alright, I'm going to set it all up again. I'll be back in a few minutes when I get internet access again.
Thanks, all.
-
Another little trick I do is I save several configurations of DDWRT.
I set it up as a basic wireless router then I save the config on thumbdrive.
I set it up as a wireless router and with a Openvpn Client to pfsense then I save the config on thumbdrive.
I set it up as switch and wireless AP then save the config on thumbdrive.Then later, if I get ready to go somewhere, I can just restore the openvpn client config grab it and go.
When I'm back home, restore the switch/AP settings.Very convenient. If you don't miss some little setting and break pfsense.
-
Alright, I changed some settings and now things are working ALMOST as they should.
From here on out, they're DD-WRT config problems.The wireless radios never come up. So I have no wireless.
Also, could you please give me step by step instructions on how to get to the DD-WRT configuration page when it's set up this way?The pfSense box's IP is 192.168.1.1 and the DD-WRT switch's IP is 192.168.1.2
-
well - I always go to http://192.168.1.2 or https://192.168.1.2
(hope you didn't turn off access to the administration)
After that, you can turn on wireless and set that up. (I use E2000s for this. They are "slower" but super compatible)
I have several nice high dollar switches in the basement that are plugged directly into pfsense. I have dual CAT6 cables to all rooms in the house. I usually attach a DDWRT to those in the rooms on the second and third floor for additional switch ports and AP and because I like to have wireless N if I want it.
-
I tried that, but It doesn't work. It times out. I can't ping it either.
And yes, web administration and remote administration are both on.
Please don't tell me I have to restart again.
-
"DD-WRT switch's IP is 192.168.1.2"
So why would you need to ask how to access its configuration page if you set its IP?? How do you think you would access it?? How were you accessing them/it before??
-
DDWRT will just sit there like a big dumb SH$% if it doesn't get its IP from pfsense. Is it getting an IP? Can you access the pfsense menu to check?
(This has turned into more of a DDWRT issue than pfsense issue, so not best site to get that answer. But I know the answer so I'll answer)
Technically bad form though I suppose. -
"I can't ping it either". Makes me think SPI firewall is still running. I've never actually tried to ping mine but I'll give it a shot.
Also, incase you handled the deactivation and allocation of the wan port wrong on DDWRT, put all cables on only the "LAN" ports. And try.Ping works for me… And Web GUIs
-
Its a LAN PORT, that can be a dhcp server it sure an the hell is not using dhcp to get an IP address.. If you set it up to 192.168.1.2 then that is what you would access it on. If you can not ping it, it has nothing to do with the firewall - since that is from the wan side you would have to enable it to answer ping. Lan answers ping out of the box.
Your firewall is not going to be doing anything on dd-wrt because it only works between the lan/wlan bridge and the internet - it does not do anything between wlan/lan - so you might as well just disable it to save resources, etc.
If you set it IP correctly, and are connected to its lan ports with correct IP on that same network then if you can not ping it - you setup its IP wrong, you have a bad cable or your box your using is not correct ip, etc.. Or port is bad on dd-wrt lan or our pc..
Troubleshoot layer 1, then 2 then 3 – its really easy ;) is your cable good.. Do you see mac? etc..
Setting up a router as ap is like a 2 min thing.. You assign it an IP, disable its dhcp server - connect to its IP and setup wlan.. If you spend more than 5 minutes tops you got something major wrong!
-
Yeah - I can sympathize… Even knowing exactly how something should be, I've been baffled by some pretty stupid stuff before. Soooo simple like "why the hell did I plug my WAN cable into my LAN port... When did I do this?". Stuff that makes me want to slap myself.
Oh - And yesterday my wife upon learning that my laptop screen "turns and swivels" turned it 720 degrees... Trashed it.
That must have taken some serious stubborn twisting.
$4000 Laptop... My GOD must I explain the definition of "swivel"?
-
I can confirm that I turned the SPI firewall off and set it's IP to 192.168.1.2, and that I set the WAN port to Switch.
I really don't know what's going on. Wireless still doesn't work either.
-
Well - I'm not there so I can't do it personally. I promise you, some setting is wrong. Maybe try doing a hard 30/30/30 reset and start from fresh.
I'm going to read that link you sent and make sure their directions are correct. -
so you set wan to switch - so your using wan? Us a actual LAN port!!
Again there is nothing too this, if your having issue than a HARD reset might be in order.. Just reset your dd-wrt router.. Change its IP to your 192.168.1.2, turn off its dhcp server, connect it to your network via one of its lan ports = shazam is a AP.. that is all there is too it! Its at best 2 minutes..
You can tweak and play with other setting later like turning of spi, moving wan port to lan, etc.
connect your pc to its lan port nothing else - if after you change its IP to 192.168.1.2/24 and your pc is on 192.168.1.0/24 and you can not ping it - then you didn't change its IP right ;)
-
Also, I set it's IP to static 192.168.1.2 so how would pfSense give it an IP?
But it's not showing up in the pfSense DHCP leases, I guess with good reason.
I REALLY don't want to do a reset. Like REALLY. With a passion.Is there a way to check ALL clients connected to pfSense (not just DHCP)
so you set wan to switch - so your using wan? Us a actual LAN port!!
I am. I just included that bit of information because I'm sure I did. but everything is connected to actual LAN ports.
-
So your Pc is connected to lan port of dd-wrt router, your pfsense is connect to different lan port on dd-wrt router. Your PC got an IP from pfsense dhcp??
On 192.168.1.0/24 and you can ping pfsense lan port.. But you can not access dd-wrt on 192.168.1.2??
Then you did not correctly set its IP.. Or you have a mac address issue, or dd-wrt is broken ;) since its switch ports are currently working any your cables are good if you can talk to pfsense through your dd-wrt lan ports.
Why are you apposed to hard reset? It takes 2 minutes to set it up as AP from default..
and this just confuses the shit out of me
"Also, I set it's IP to static 192.168.1.2 so how would pfSense give it an IP?"So you think pfsense should be giving your dd-wrt router an IP?? What?? I am confused at this statement I can not tell if your just not getting the basics or what? As to checking devices that pfsense can see - just ping from pfsense if you want… But no pfsense is not going to list every device on the network..
edit: did you muck around with any other dd-wrt configs like putting ports in vlans or anything like that?
-
So your Pc is connected to lan port of dd-wrt router, your pfsense is connect to different lan port on dd-wrt router. Your PC got an IP from pfsense dhcp??
On 192.168.1.0/24 and you can ping pfsense lan port.. But you can not access dd-wrt on 192.168.1.2??
Then you did not correctly set its IP.. Or you have a mac address issue, or dd-wrt is broken ;) since its switch ports are currently working any your cables are good if you can talk to pfsense through your dd-wrt lan ports.
Why are you apposed to hard reset? It takes 2 minutes to set it up as AP from default..
That's exactly what's happening. Both on the same subnet. PC got served an IP from pfSense through DD-WRT Lan port.
Ughh. I'll do a hard reset then.
-
Short answer is yes. You could continue without a reset.
However if there is a typo or something in there, you would end up wasting hours or days vs minutes on the reset.Other advice. In that DDWRT document. Use the long version.
Also:
Instep 3: All the so-called optional stuff is mandatory and turn off NTP in DDWRT
Open the Setup -> Basic Setup tab
WAN Connection Type : Disabled
Local IP Address: 192.168.1.2 (i.e. different from primary router and out of primary router's DHCP pool)
Subnet Mask: 255.255.255.0 (i.e. same as primary router)
DHCP Server: Disable (also uncheck DNSmasq options)
(Recommended) Gateway/Local DNS: Make sure you use 192.168.1.1 here if thats what you set as pfsense LAN!!!!!!
(Optional) Assign WAN Port to Switch (visible only with WAN Connection Type set to disabled): Enable this if you want to use WAN port as a switch port
(Optional) NTP Client: Enable/Disable (if Enabled, specify Gateway/Local DNS above)in step 7, none of that is optional. Its mandatory.
Open the Services -> Services tab
(Optional) DNSMasq: Disable (enable if you use additional DNSMasq settings)
(Optional) ttraff Daemon: Disable
Savein step 9, all those recommended settings are not recommended. They are mandatory.
Open the Administration -> Management tab
(Recommended) Info Site Password Protection: Enable
(Recommended) Routing: Disabled (enable if you need to route between interfaces)
Apply Settings and connect Ethernet cable to main router via LAN-to-LAN uplink*
Reboot router to be sure all settings have been applied.
You may have to reboot your own PC or do "ipconfig /release" + "ipconfig /renew" from the Windows command line.If you were to follow this guide, omitting the "optional" settings, it wouldn't work for you.
