Blocking off wireless network.
-
before I do the transition itl assign the router an IP from the AP interface. usually 10.0.1.10
Buffalo and a buffalo WZR-HP-n450.
Build v24sp2
-
I'm not sure I understand this:
"before I do the transition itl assign the router an IP from the AP interface. usually 10.0.1.10"
Lets take baby steps then. 1st. Lets make sure that both your LAN and your OPT1 work, have separate IPs and dish out DHCP as expected and that the firewall rules allow traffic.
Could you plug a computer into both of those and test make sure they are up and can access internet. Then start in on DD-WRT again.
-
I'm not sure I understand this:
"before I do the transition itl assign the router an IP from the AP interface. usually 10.0.1.10"
Lets take baby steps then. 1st. Lets make sure that both your LAN and your OPT1 work, have separate IPs and dish out DHCP as expected and that the firewall rules allow traffic.
Could you plug a computer into both of those and test make sure they are up and can access internet. Then start in on DD-WRT again.
What I do know is when I have router plugged into AP interface, no WAN connectivity.
-
Thats not what I asked about.
I want to know if the LAN and the OPT1 work and provide internet to a computer if one is plugged directly into it.
Once I know pfsense is working as advertised, then it will be easy to focus on DD-WRT, confident that any problems encountered are DD-WRT and not pfsense.
-
Thats not what I asked about.
I want to know if the LAN and the OPT1 work and provide internet to a computer if one is plugged directly into it.
Once I know pfsense is working as advertised, then it will be easy to focus on DD-WRT, confident that any problems encountered are DD-WRT and not pfsense.
Nah thatd be a big fat negatory, nothing if I plug it into my computer.
Lan yes, OPT1, no.
OPT1 assigned IP, No internet.
-
OK - Do you know how to take snapshots and post to forum?
Go to Interfaces > OPT1
Post whats there.
Then go to Firewall > Rules >OPT1 and then post that here.
We will need to fix this 1st and DD-WRT second. It will work.
(My guess is that you need to create a firewall rule on OPT1 to allow ALL to ANY)
-
Here they are, and you're probably right I imagine the rules should be similar to how the rules in LAN are set up.
-
Considering you have no traffic allowed… WTF, LOL :D Also, you do NOT want to block private networks on an interface with private IP. ;)
-
Considering you have no traffic allowed… WTF, LOL :D
It configured itself that way hush. lol.
-
Need to unblock private networks on that interface. Un-Check that block.
You don't need to block bogon networks either.Those two blocks really only need be checked on WAN, not on any LAN or LAN-like interface.
Next, you need to go to the firewall > rules > AP tab and create a rule to pass interface AP, protocol any, source AP subnet, destination any, and give it a description like "Allow AP to any"
After you do all this, go to status > filter reload
Then try your computer on that interface again.
Also, would you please go to services > DHCP server > AP and post what is there also.
WTF - Why not check that too right?
-
Well
- uncheck those private network checkboxes at the bottom
- set up an allow rule on the AP iface like this:
Action: Pass
Interface: AP
Protocol: any
Source: AP subnet
Destination: NOT LAN subnet -
Like this?
-
-
Im gonna have to wait a bit to finish out working on anything else, Roommate just got up. hes pissed because I keep dropping the wlan. lol.
Ill wait til he goes to work in a couple hours. In the mean time I'm gonna go run some errands.
Told him was srs bsns. He didn't care.
-
WTF
Are you screwing with me now?
Go back into the firewall rule you just created and uncheck "Not" and change destination to any.
I don't think you want anything to be limited yet.
-
WTF
Are you screwing with me now?
Go back into the firewall rule you just created and uncheck "Not".
DONT BLAME ME BLAME DOKTOR. he told me to do it :D haha
So
Action : Pass
interface: AP
Protocol ANY
Source AP subnet
Destination ANY -
Go back into the firewall rule you just created and uncheck "Not".
LOL WTF? Why? Wasn't the main point to to isolate the WLAN from LAN and allow everything else?
-
Go back into the firewall rule you just created and uncheck "Not".
LOL WTF? Why? Wasn't the main point to to isolate the WLAN from LAN and allow everything else?
Yes but its on a totally seperate interface so doesn't it do that anyways if the subnet is different?
And what if there were particular devices I wanted to have access to certain things on the LAN network from the WLAN network. how would I go about doing that. Cause I do have a networkable receiver that i've an app on my phone to control it, as well as airplay abilities.
-
"I don't wanna block off WLAN from LAN entirely."
I think he will need to block per client. But I'd rather do that after DHCP is known to work on the AP subnet and after DDWRT is up.
I think he will want to create an alias of things to either allow or block and add that rule after things are working.
But yeah - doktornotor's way would isolate the AP subnet from the LAN subnet totally while still allowing internet - I just though selective isolation was the point.
If you keep that rule as doktornotor says, that can also work fine so long as you create an alias of clients you wish to allow to the LAN subnet, put that rule first on the list of firewall rules.
However, I prefer to not block anything at all until DD-WRT is up and going because you will probably be accessing the DD-WRT menu from the LAN interface, unless I'm mistaken?
-
"I don't wanna block off WLAN from LAN entirely."
I think he will need to block per client. But I'd rather do that after DHCP is known to work on the AP subnet and after DDWRT is up.
I think he will want to create an alias of things to either allow or block and add that rule after things are working.
Correct. More so I want to block all clients, and allow the ones I wish.