No Internet on OPT1 WLAN in 2.0.1
-
Hello,
This has been stumping me for a few days now. I have checked various things mentioned in other posts, i.e. rule to allow OPT1 outbound, DNS Forwarder, Auto vs. Manual Outbound NAT but so far no dice.
I have a single cable WAN from my ISP, a LAN 10.22.33.0/24 which is working fine and a WLAN on OPT1 192.168.0.0/24. Clients are able to associate, receive a DHCP lease and resolve DNS queries but there is no web access and WLAN clients cannot ping their gateway (192.168.0.1), nor can they reach or be reached by the wired hosts on the LAN. Wired hosts can ping 192.168.0.1. In the firewall logs I can see that no OPT1 packets are being blocked. It seems like a NATing issue but I've tried both auto and manual with the following rules and still nothing:
WAN 10.22.33.0/24 * * * * * NO Auto created rule for LAN to WAN
WAN 192.168.0.0/24 * * * * * NO Auto created rule for OPT1 to WAN
There should be a way to get WLAN out to the web without static routes or bridging right? Any tips much appreciated.
Thanks!
R
-
It is not a NAT issue from what you have said. If the WLAN hosts cannot even ping the gateway, you have a fundamental network issue. Are you using a wireless card in pfSense or a NIC directly hooked up to a WAP?
-
And I would check Diagnostics -> Packet Capture to see if there was any traffic hitting the OPT1 interface.
-
Hey Podilarius,
It's a wireless NIC directly in the PFS box.
ral0_wlan0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether <mac_redacted>inet6 fe80::214:a5ff:fe31:335f%ral0_wlan0 prefixlen 64 scopeid 0x9
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
ssid <ssid_redacted>channel 8 (2447 MHz 11g) bssid <mac_redacted>country US authmode WPA2/802.11i privacy MIXED deftxkey 2
AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 0 scanvalid 60 pureg
protmode OFF -apbridge dtimperiod 1 -dfsI am getting packets in the diagnostic capture and the firewall logs when I attempt to visit a website from a connected WLAN client. I see DNS traffic going both ways between the client and the gateway, then I see http requests going from the client to the gateway but not coming back.
Any ideas?
R</mac_redacted></ssid_redacted></hostap></performnud,accept_rtadv></mac_redacted></up,broadcast,running,simplex,multicast>
-
Are you using manual outbound NAT or auto? Looks like manual, though Auto should work. What rules did you add to the WLAN firewall? It is very unusual that the clients behind WLAN cannot ping 192.168.0.1.
Next, not all Wireless cards are equal in FreeBSD. I would check online to make sure the one you are using is supported and to see if others have found they need to adjust settings to make is work correctly. -
I have tried both Manual and Auto NATing and it doesn't seem to make a difference. On the firewall I added a rule like the default LAN rule: OPT1 pass any protocol to any destination.
I will run pciconf later today and look for any known issues with the hardware on FreeBSD 8.1. I also have an extra wireless NIC I could try in case it's a hardware/driver issue. I had thought it couldn't be a hardware problem since clients are associating, getting leases and DNS but now I'm starting to wonder.
More info to come…
R
-
Hmm, pciconf -lvv gives me the following for ral0:
ral0@pci0:0:10:0: class=0x028000 card=0x25611814 chip=0x03011814 rev=0x00 hdr=0x00
class = networkI checked the compatibility list at http://www.freebsd.org/releases/8.1R/hardware.html but I'm not sure how the output above maps to the following list of compatible NICs. Does this mean my card's running RT2561 and isn't compatible? Could this really be the issue even though clients can connect, get leases and resolve DNS? If this is the cause, would switching cards be the only option? Thanks for the tips. In the meantime I'll try another NIC and post back.
[i386,amd64] The ral(4) driver supports PCI/CardBus wireless adapters based on the Ralink Technology RT2500, RT2501, and RT2600 chipsets, including:
A-Link WL54H
A-Link WL54PC
AirLink101 AWLC5025
AirLink101 AWLH5025
Amigo AWI-914W
Amigo AWI-922W
Amigo AWI-926W
AMIT WL531C
AMIT WL531P
AOpen AOI-831
ASUS WL-107G
ASUS WL-130g
Atlantis Land A02-PCI-W54
Atlantis Land A02-PCM-W54
Belkin F5D7000 v3
Belkin F5D7010 v2
Billionton MIWLGRL
Canyon CN-WF511
Canyon CN-WF513
CC&C WL-2102
CNet CWC-854
CNet CWP-854
Compex WL54G
Compex WLP54G
Conceptronic C54RC
Conceptronic C54Ri
Digitus DN-7001G-RA
Digitus DN-7006G-RA
E-Tech WGPC02
E-Tech WGPI02
Edimax EW-7108PCg
Edimax EW-7128g
Eminent EM3036
Eminent EM3037
Encore ENLWI-G-RLAM
Encore ENPWI-G-RLAM
Fiberline WL-400P
Fibreline WL-400X
Gigabyte GN-WI01GS
Gigabyte GN-WIKG
Gigabyte GN-WMKG
Gigabyte GN-WP01GS
Gigabyte GN-WPKG
Hawking HWC54GR
Hawking HWP54GR
iNexQ CR054g-009 (R03)
JAHT WN-4054P
JAHT WN-4054PCI
LevelOne WNC-0301 v2
LevelOne WPC-0301 v2
Linksys WMP54G v4
Micronet SP906GK
Micronet SP908GK V3
Minitar MN54GCB-R
Minitar MN54GPC-R
MSI CB54G2
MSI MP54G2
MSI PC54G2
OvisLink EVO-W54PCI
PheeNet HWL-PCIG/RA
Pro-Nets CB80211G
Pro-Nets PC80211G
Repotec RP-WB7108
Repotec RP-WP0854
SATech SN-54C
SATech SN-54P
Sitecom WL-112
Sitecom WL-115
SMC SMCWCB-GM
SMC SMCWPCI-GM
SparkLAN WL-685R
Surecom EP-9321-g
Surecom EP-9321-g1
Surecom EP-9428-g
Sweex LC500050
Sweex LC700030
TekComm NE-9321-g
TekComm NE-9428-g
Unex CR054g-R02
Unex MR054g-R02
Zinwell ZWX-G160
Zinwell ZWX-G360
Zinwell ZWX-G361
Zonet ZEW1500
Zonet ZEW1600
-
Trying one that is Atheros based would be your best bet. If you are unsure of the chipset you are running, you can search your card model in http://www.wikidevi.com/wiki/Main_Page and it will let you know.
-
Success! I had another NIC with an atheros chipset lying around. That's all it took.
I guess that's what I get for blazing ahead without checking the compatibility list. It turned out to be the card even though it didn't seem like a driver problem. OPT1 is fully operational now that it's reassigned to an Airlink 101 awlh4130.
thx,
R9