Blocking off wireless network.
-
Thats not what I asked about.
I want to know if the LAN and the OPT1 work and provide internet to a computer if one is plugged directly into it.
Once I know pfsense is working as advertised, then it will be easy to focus on DD-WRT, confident that any problems encountered are DD-WRT and not pfsense.
Nah thatd be a big fat negatory, nothing if I plug it into my computer.
Lan yes, OPT1, no.
OPT1 assigned IP, No internet.
-
OK - Do you know how to take snapshots and post to forum?
Go to Interfaces > OPT1
Post whats there.
Then go to Firewall > Rules >OPT1 and then post that here.
We will need to fix this 1st and DD-WRT second. It will work.
(My guess is that you need to create a firewall rule on OPT1 to allow ALL to ANY)
-
Here they are, and you're probably right I imagine the rules should be similar to how the rules in LAN are set up.
-
Considering you have no traffic allowed… WTF, LOL :D Also, you do NOT want to block private networks on an interface with private IP. ;)
-
Considering you have no traffic allowed… WTF, LOL :D
It configured itself that way hush. lol.
-
Need to unblock private networks on that interface. Un-Check that block.
You don't need to block bogon networks either.Those two blocks really only need be checked on WAN, not on any LAN or LAN-like interface.
Next, you need to go to the firewall > rules > AP tab and create a rule to pass interface AP, protocol any, source AP subnet, destination any, and give it a description like "Allow AP to any"
After you do all this, go to status > filter reload
Then try your computer on that interface again.
Also, would you please go to services > DHCP server > AP and post what is there also.
WTF - Why not check that too right?
-
Well
- uncheck those private network checkboxes at the bottom
- set up an allow rule on the AP iface like this:
Action: Pass
Interface: AP
Protocol: any
Source: AP subnet
Destination: NOT LAN subnet -
Like this?
-
-
Im gonna have to wait a bit to finish out working on anything else, Roommate just got up. hes pissed because I keep dropping the wlan. lol.
Ill wait til he goes to work in a couple hours. In the mean time I'm gonna go run some errands.
Told him was srs bsns. He didn't care.
-
WTF
Are you screwing with me now?
Go back into the firewall rule you just created and uncheck "Not" and change destination to any.
I don't think you want anything to be limited yet.
-
WTF
Are you screwing with me now?
Go back into the firewall rule you just created and uncheck "Not".
DONT BLAME ME BLAME DOKTOR. he told me to do it :D haha
So
Action : Pass
interface: AP
Protocol ANY
Source AP subnet
Destination ANY -
Go back into the firewall rule you just created and uncheck "Not".
LOL WTF? Why? Wasn't the main point to to isolate the WLAN from LAN and allow everything else?
-
Go back into the firewall rule you just created and uncheck "Not".
LOL WTF? Why? Wasn't the main point to to isolate the WLAN from LAN and allow everything else?
Yes but its on a totally seperate interface so doesn't it do that anyways if the subnet is different?
And what if there were particular devices I wanted to have access to certain things on the LAN network from the WLAN network. how would I go about doing that. Cause I do have a networkable receiver that i've an app on my phone to control it, as well as airplay abilities.
-
"I don't wanna block off WLAN from LAN entirely."
I think he will need to block per client. But I'd rather do that after DHCP is known to work on the AP subnet and after DDWRT is up.
I think he will want to create an alias of things to either allow or block and add that rule after things are working.
But yeah - doktornotor's way would isolate the AP subnet from the LAN subnet totally while still allowing internet - I just though selective isolation was the point.
If you keep that rule as doktornotor says, that can also work fine so long as you create an alias of clients you wish to allow to the LAN subnet, put that rule first on the list of firewall rules.
However, I prefer to not block anything at all until DD-WRT is up and going because you will probably be accessing the DD-WRT menu from the LAN interface, unless I'm mistaken?
-
"I don't wanna block off WLAN from LAN entirely."
I think he will need to block per client. But I'd rather do that after DHCP is known to work on the AP subnet and after DDWRT is up.
I think he will want to create an alias of things to either allow or block and add that rule after things are working.
Correct. More so I want to block all clients, and allow the ones I wish.
-
If you keep that rule as doktornotor says, that can also work fine so long as you create an alias of clients you wish to allow to the LAN subnet, put that rule first on the list of firewall rules.
However, I prefer to not block anything at all until DD-WRT is up and going because you will probably be accessing the DD-WRT menu from the LAN interface, unless I'm mistaken?
Anyway - Try out that port with a computer and see if it works. And please post the Services > DHCP server > AP screen.
We want to make sure DHCP is good to go before starting into DDWRT again.
Still
-
I think we got AP working, I can now get internet access through the DD-WRT router. Next up. need to work on configuring the router as the AP.
-
Cool - Can you post your DHCP for the AP on pfsense page?
I just want to be sure there will be no issues.
If that is fine, I think you will be ready for configuring the DD-WRT again.
I think its probably best to have a IP range on the AP subnet that is reserved for static so that your AP will work well and not conflict with the DHCP range that pfsense will assign.
-
Issue resolved. Apparently I cant use the WAN port on my AP to plug in from the pfsense box. as soon as I switched the cable over from the WAN port to a LAN port on the router(AP) it started pulling DHCP requests from the pfsense box & I was able to get WAN access.
So now everything is working okay. But what I can do still is ping devices on my LAN network from the AP which I don't want.
And thanks to Kejianshi and Doktor for all of the help they've been giving. I appreciate it greatly.