Blocking off wireless network.
-
"I don't wanna block off WLAN from LAN entirely."
I think he will need to block per client. But I'd rather do that after DHCP is known to work on the AP subnet and after DDWRT is up.
I think he will want to create an alias of things to either allow or block and add that rule after things are working.
But yeah - doktornotor's way would isolate the AP subnet from the LAN subnet totally while still allowing internet - I just though selective isolation was the point.
If you keep that rule as doktornotor says, that can also work fine so long as you create an alias of clients you wish to allow to the LAN subnet, put that rule first on the list of firewall rules.
However, I prefer to not block anything at all until DD-WRT is up and going because you will probably be accessing the DD-WRT menu from the LAN interface, unless I'm mistaken?
-
"I don't wanna block off WLAN from LAN entirely."
I think he will need to block per client. But I'd rather do that after DHCP is known to work on the AP subnet and after DDWRT is up.
I think he will want to create an alias of things to either allow or block and add that rule after things are working.
Correct. More so I want to block all clients, and allow the ones I wish.
-
If you keep that rule as doktornotor says, that can also work fine so long as you create an alias of clients you wish to allow to the LAN subnet, put that rule first on the list of firewall rules.
However, I prefer to not block anything at all until DD-WRT is up and going because you will probably be accessing the DD-WRT menu from the LAN interface, unless I'm mistaken?
Anyway - Try out that port with a computer and see if it works. And please post the Services > DHCP server > AP screen.
We want to make sure DHCP is good to go before starting into DDWRT again.
Still
-
I think we got AP working, I can now get internet access through the DD-WRT router. Next up. need to work on configuring the router as the AP.
-
Cool - Can you post your DHCP for the AP on pfsense page?
I just want to be sure there will be no issues.
If that is fine, I think you will be ready for configuring the DD-WRT again.
I think its probably best to have a IP range on the AP subnet that is reserved for static so that your AP will work well and not conflict with the DHCP range that pfsense will assign.
-
Issue resolved. Apparently I cant use the WAN port on my AP to plug in from the pfsense box. as soon as I switched the cable over from the WAN port to a LAN port on the router(AP) it started pulling DHCP requests from the pfsense box & I was able to get WAN access.
So now everything is working okay. But what I can do still is ping devices on my LAN network from the AP which I don't want.
And thanks to Kejianshi and Doktor for all of the help they've been giving. I appreciate it greatly.
-
Thats fixable - Wanna fix it now?
-
-
OK - The original rule that doktornotor gave you will allow web access but block access to LAN subnet.
Set that as he said before.
Then onece you have that working let me know.
Make sure you have web access but cant ping lan. Then let me know when that part is done.
-
WTF - Its working…
I'm glad too. I said you would get this going and I hate being wrong. :P
-
WTF - Its working…
I'm glad too. I said you would get this going and I hate being wrong. :P
haha, Thanks.
Turns out the AP didnt like using WAN port as LAN.
As for the denied access from AP to LAN and exceptions being created. that works as well all thanks to Kejianshi.
thanks once again :)
-
Oh noes, it's working? WTF really :D
-
Between the epic CaptainWTF saga and the Pink floyd I was down to one last breath and 6 feet from the edge and wondering…
Will this ever work?
(might have been some Creed in there also)