Blocking off wireless network.

kejianshi

Its ok. You know what they say.
If at first you don't succeed - WTF - Try, Try again. And again. And sometimes again.
You will get it right.
BTW - All of the things they list as "Optional" and "recommended" in that how-to aren't optional.
Disable all the optional stuff as well and take all the optional steps.
(Sorry if I didn't mention that before - Shutting face now :P)

CaptainWTF

@kejianshi:

Its ok. You know what they say.
If at first you don't succeed - WTF - Try, Try again. And again. And sometimes again.
You will get it right.
BTW - All of the things they list as "Optional" and "recommended" in that how-to aren't optional.
Disable all the optional stuff as well and take all the optional steps.
(Sorry if I didn't mention that before - Shutting face now :P)

BLAHHHHHH, Okay. I'll give it another shot :) thanks lol.

kejianshi

O Captain! My Captain! WTF not I say. Good luck.

CaptainWTF

Still doesn't seem to work. what the hell am I doing wrong lol

kejianshi

What version of DD-WRT are you using? What build number? (upper right hand corner of screen).
Also, what type of router? Lets start there.

Also, if you remove DD-WRT router and you plug a computer into the new OPT1 interface, does that work?

CaptainWTF

before I do the transition itl assign the router an IP from the AP interface. usually 10.0.1.10

Buffalo and a buffalo WZR-HP-n450.

Build v24sp2

kejianshi

I'm not sure I understand this:

"before I do the transition itl assign the router an IP from the AP interface. usually 10.0.1.10"

Lets take baby steps then. 1st. Lets make sure that both your LAN and your OPT1 work, have separate IPs and dish out DHCP as expected and that the firewall rules allow traffic.

Could you plug a computer into both of those and test make sure they are up and can access internet. Then start in on DD-WRT again.

CaptainWTF

@kejianshi:

I'm not sure I understand this:

"before I do the transition itl assign the router an IP from the AP interface. usually 10.0.1.10"

Lets take baby steps then. 1st. Lets make sure that both your LAN and your OPT1 work, have separate IPs and dish out DHCP as expected and that the firewall rules allow traffic.

Could you plug a computer into both of those and test make sure they are up and can access internet. Then start in on DD-WRT again.

What I do know is when I have router plugged into AP interface, no WAN connectivity.

kejianshi

Thats not what I asked about.

I want to know if the LAN and the OPT1 work and provide internet to a computer if one is plugged directly into it.

Once I know pfsense is working as advertised, then it will be easy to focus on DD-WRT, confident that any problems encountered are DD-WRT and not pfsense.

CaptainWTF

@kejianshi:

Thats not what I asked about.

I want to know if the LAN and the OPT1 work and provide internet to a computer if one is plugged directly into it.

Once I know pfsense is working as advertised, then it will be easy to focus on DD-WRT, confident that any problems encountered are DD-WRT and not pfsense.

Nah thatd be a big fat negatory, nothing if I plug it into my computer.

Lan yes, OPT1, no.

OPT1 assigned IP, No internet.

kejianshi

OK - Do you know how to take snapshots and post to forum?

Go to Interfaces > OPT1

Post whats there.

Then go to Firewall > Rules >OPT1 and then post that here.

We will need to fix this 1st and DD-WRT second. It will work.

(My guess is that you need to create a firewall rule on OPT1 to allow ALL to ANY)

CaptainWTF

Here they are, and you're probably right I imagine the rules should be similar to how the rules in LAN are set up.

fwrules.png_thumb

AP.png_thumb

doktornotor

Considering you have no traffic allowed… WTF, LOL :D Also, you do NOT want to block private networks on an interface with private IP. ;)

CaptainWTF

@doktornotor:

Considering you have no traffic allowed… WTF, LOL :D

It configured itself that way hush. lol.

kejianshi

Need to unblock private networks on that interface. Un-Check that block.
You don't need to block bogon networks either.

Those two blocks really only need be checked on WAN, not on any LAN or LAN-like interface.

Next, you need to go to the firewall > rules > AP tab and create a rule to pass interface AP, protocol any, source AP subnet, destination any, and give it a description like "Allow AP to any"

After you do all this, go to status > filter reload

Then try your computer on that interface again.

Also, would you please go to services > DHCP server > AP and post what is there also.

WTF - Why not check that too right?

doktornotor

Well

uncheck those private network checkboxes at the bottom
set up an allow rule on the AP iface like this:

Action: Pass
Interface: AP
Protocol: any
Source: AP subnet
Destination: NOT LAN subnet

CaptainWTF

Like this?

wut2.png_thumb

doktornotor

@CaptainWTF:

Like this?

Yeah.

CaptainWTF

Im gonna have to wait a bit to finish out working on anything else, Roommate just got up. hes pissed because I keep dropping the wlan. lol.

Ill wait til he goes to work in a couple hours. In the mean time I'm gonna go run some errands.

Told him was srs bsns. He didn't care.

kejianshi

WTF

Are you screwing with me now?

Go back into the firewall rule you just created and uncheck "Not" and change destination to any.

I don't think you want anything to be limited yet.