Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking off wireless network.

    Scheduled Pinned Locked Moved Firewalling
    64 Posts 3 Posters 14.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CaptainWTF
      last edited by

      before I do the transition itl assign the router an IP from the AP interface. usually 10.0.1.10

      Buffalo and a buffalo WZR-HP-n450.

      Build v24sp2

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        I'm not sure I understand this:

        "before I do the transition itl assign the router an IP from the AP interface. usually 10.0.1.10"

        Lets take baby steps then.  1st.  Lets make sure that both your LAN and your OPT1 work, have separate IPs and dish out DHCP as expected and that the firewall rules allow traffic.

        Could you plug a computer into both of those and test make sure they are up and can access internet.  Then start in on DD-WRT again.

        1 Reply Last reply Reply Quote 0
        • C
          CaptainWTF
          last edited by

          @kejianshi:

          I'm not sure I understand this:

          "before I do the transition itl assign the router an IP from the AP interface. usually 10.0.1.10"

          Lets take baby steps then.  1st.  Lets make sure that both your LAN and your OPT1 work, have separate IPs and dish out DHCP as expected and that the firewall rules allow traffic.

          Could you plug a computer into both of those and test make sure they are up and can access internet.  Then start in on DD-WRT again.

          What I do know is when I have router plugged into AP interface, no WAN connectivity.

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by

            Thats not what I asked about.

            I want to know if the LAN and the OPT1 work and provide internet to a computer if one is plugged directly into it.

            Once I know pfsense is working as advertised, then it will be easy to focus on DD-WRT, confident that any problems encountered are DD-WRT and not pfsense.

            1 Reply Last reply Reply Quote 0
            • C
              CaptainWTF
              last edited by

              @kejianshi:

              Thats not what I asked about.

              I want to know if the LAN and the OPT1 work and provide internet to a computer if one is plugged directly into it.

              Once I know pfsense is working as advertised, then it will be easy to focus on DD-WRT, confident that any problems encountered are DD-WRT and not pfsense.

              Nah thatd be a big fat negatory, nothing if I plug it into my computer.

              Lan yes, OPT1, no.

              OPT1 assigned IP, No internet.

              1 Reply Last reply Reply Quote 0
              • K
                kejianshi
                last edited by

                OK - Do you know how to take snapshots and post to forum?

                Go to Interfaces > OPT1

                Post whats there.

                Then go to Firewall > Rules >OPT1 and then post that here.

                We will need to fix this 1st and DD-WRT second.  It will work.

                (My guess is that you need to create a firewall rule on OPT1 to allow ALL to ANY)

                1 Reply Last reply Reply Quote 0
                • C
                  CaptainWTF
                  last edited by

                  Here they are, and you're probably right I imagine the rules should be similar to how the rules in LAN are set up.

                  fwrules.png
                  fwrules.png_thumb
                  AP.png
                  AP.png_thumb

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Considering you have no traffic allowed… WTF, LOL :D Also, you do NOT want to block private networks on an interface with private IP.  ;)

                    1 Reply Last reply Reply Quote 0
                    • C
                      CaptainWTF
                      last edited by

                      @doktornotor:

                      Considering you have no traffic allowed… WTF, LOL :D

                      It configured itself that way hush. lol.

                      1 Reply Last reply Reply Quote 0
                      • K
                        kejianshi
                        last edited by

                        Need to unblock private networks on that interface.  Un-Check that block.
                        You don't need to block bogon networks either.

                        Those two blocks really only need be checked on WAN, not on any LAN or LAN-like interface.

                        Next, you need to go to the firewall > rules > AP tab and create a rule to pass interface AP,  protocol any, source AP subnet, destination any, and give it a description like "Allow AP to any"

                        After you do all this, go to status > filter reload

                        Then try your computer on that interface again.

                        Also, would you please go to services > DHCP server > AP and post what is there also.

                        WTF - Why not check that too right?

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned
                          last edited by

                          Well

                          • uncheck those private network checkboxes at the bottom
                          • set up an allow rule on the AP iface like this:

                          Action: Pass
                          Interface: AP
                          Protocol: any
                          Source: AP subnet
                          Destination: NOT LAN subnet

                          1 Reply Last reply Reply Quote 0
                          • C
                            CaptainWTF
                            last edited by

                            Like this?

                            wut2.png_thumb
                            wut2.png

                            1 Reply Last reply Reply Quote 0
                            • D
                              doktornotor Banned
                              last edited by

                              @CaptainWTF:

                              Like this?

                              Yeah.

                              1 Reply Last reply Reply Quote 0
                              • C
                                CaptainWTF
                                last edited by

                                Im gonna have to wait a bit to finish out working on anything else, Roommate just got up. hes pissed because I keep dropping the wlan. lol.

                                Ill wait til he goes to work in a couple hours. In the mean time I'm gonna go run some errands.

                                Told him was srs bsns. He didn't care.

                                1 Reply Last reply Reply Quote 0
                                • K
                                  kejianshi
                                  last edited by

                                  WTF

                                  Are you screwing with me now?

                                  Go back into the firewall rule you just created and uncheck "Not" and change destination to any.

                                  I don't think you want anything to be limited yet.

                                  1 Reply Last reply Reply Quote 0
                                  • C
                                    CaptainWTF
                                    last edited by

                                    @kejianshi:

                                    WTF

                                    Are you screwing with me now?

                                    Go back into the firewall rule you just created and uncheck "Not".

                                    DONT BLAME ME BLAME DOKTOR. he told me to do it :D haha

                                    So

                                    Action : Pass
                                    interface: AP
                                    Protocol ANY
                                    Source AP subnet
                                    Destination ANY

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      doktornotor Banned
                                      last edited by

                                      @kejianshi:

                                      Go back into the firewall rule you just created and uncheck "Not".

                                      LOL WTF? Why? Wasn't the main point to to isolate the WLAN from LAN and allow everything else?

                                      1 Reply Last reply Reply Quote 0
                                      • C
                                        CaptainWTF
                                        last edited by

                                        @doktornotor:

                                        @kejianshi:

                                        Go back into the firewall rule you just created and uncheck "Not".

                                        LOL WTF? Why? Wasn't the main point to to isolate the WLAN from LAN and allow everything else?

                                        Yes but its on a totally seperate interface so doesn't it do that anyways if the subnet is different?

                                        And what if there were particular devices I wanted  to have access to certain things on the LAN network from the WLAN network. how would I go about doing that. Cause I do have a networkable receiver that i've an app on my phone to control it, as well as airplay abilities.

                                        1 Reply Last reply Reply Quote 0
                                        • K
                                          kejianshi
                                          last edited by

                                          "I don't wanna block off WLAN from LAN entirely."

                                          I think he will need to block per client.  But I'd rather do that after DHCP is known to work on the AP subnet and after DDWRT is up.

                                          I think he will want to create an alias of things to either allow or block and add that rule after things are working.

                                          But yeah - doktornotor's way would isolate the AP subnet from the LAN subnet totally while still allowing internet - I just though selective isolation was the point.

                                          If you keep that rule as doktornotor says, that can also work fine so long as you create an alias of clients you wish to allow to the LAN subnet, put that rule first on the list of firewall rules.

                                          However, I prefer to not block anything at all until DD-WRT is up and going because you will probably be accessing the DD-WRT menu from the LAN interface, unless I'm mistaken?

                                          1 Reply Last reply Reply Quote 0
                                          • C
                                            CaptainWTF
                                            last edited by

                                            @kejianshi:

                                            "I don't wanna block off WLAN from LAN entirely."

                                            I think he will need to block per client.  But I'd rather do that after DHCP is known to work on the AP subnet and after DDWRT is up.

                                            I think he will want to create an alias of things to either allow or block and add that rule after things are working.

                                            Correct. More so I want to block all clients, and allow the ones I wish.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.