APU set up with Wi-Fi

eiger3970

Thanks for the suggestion.

I ordered that link.
Still not sure how the screw holes will hold down the Wi-Fi card, as the APU has no screw holes for the mini or this link to the full size card.
The mini ones right now sit at a 15 degree angle, so as long as the full size Wi-Fi card works without the screws, should be ok.

stephenw10

Ah, Ok now I look at a larger photo I see it has a pair of plastic pegs with metal clips instead of screws. Better in many ways.

Steve

eiger3970

Wow, you have good eyes :-)

Yes, not that you suggested that, I can see the plastic pegs/clips on my APU and know what they're for.

Ok, I'll wait for the new Wi-Fi card to arrive.
Can't wait to ditch my old cheap Wi-Fi router.

Then just a nice big switch board to handle the network as I will lose the 4 ports on the old Wi-Fi router.
My current little 8 port switch can be removed too for one nice big switch.
Any good switches friendly to pfSense?

stephenw10

Not much difference between switches with regards to pfSense. You could get one that supports VLANs to allow for any future network segregation you might want. If you're getting a large switch it will probably be managed and have that anyway.

Steve

eiger3970

Ok, the 2nd Wi-Fi card arrived.

I stuck it into the ALIX MOBO PCIe > logged into pfSense > Interfaces > but no OPTn to select?

How do I configure the Wi-Fi card?
I'm following this pfSense guide.

kpa

All new interfaces have to be first assigned, either from the console menu or from the webgui interfaces menu. PfSense can't read your mind so by default it does nothing with new interfaces.

eiger3970

Ok, so that assignment of the new Wi-Fi card worked in pfSense > Interfaces > (assign).

I now need to configure the Wi-Fi card so I navigated to:
pfSense > Interfaces > OPT1 > Enable: ticked Enable Interface > Description: WLAN > IPv4 Configuration Type: Static IPv4 > ?
I'm not sure on the rest of the configuration as the Configuring pfSense as a Wireless Access Point doesn't coincide with my pfSense 2.1.3-RELEASE (amd64) version.

Any suggestions please?


stephenw10

I don't think that is your wifi interface, I expect to see the wireless configuration in between the 'General configuration' and 'Private networks' sections. Did it appear as ath0 when you assigned it? It could be the third NIC in the APU if you hadn't already assigned that.
If you go back to Interfaces: (assign) is there still the '+' button indicating there are further interfaces still to assign?

Steve

eiger3970

When I navigated to pfSense > Interfaces > (assign) > Interface assignments > there were the WAN and LAN and a new interface named OPT1 automatically added.
I assumed this is the Wi-Fi card I plugged into the APU?

Previously I only had 2 of the 3 NICs assigned and the 3rd NIC never appeared.

Yes, there is a '+' in the Interfaces.
I pressed the '+' and now there is another Interface OPT2 with Network port  ath0.
Now the Interfaces > OPT2 > gives more options for setting up the Wi-Fi.

stephenw10

Looks like that wifi card works then, at least that far anyway.  ;)
You could leave OPT1 assigned but disabled if you don't need to use it.

Remember that under 2.1.3 that card will only work at 'G' speeds. There may be an option there to set it to 'N' mode but that will likely only give you trouble. That will change when 2.2 is released.

Steve

eiger3970

Ok, thanks for the tip.
I have selected 802.11g, so that's good.
I had to select an IP address so I took 192.168.1.156 and the pfSense LAN in 192.168.1.155.
My device finds the pfSense Wi-Fi connection, but won't connect?

Once connected, I can then figure out how to use the MAC filter on pfSense, which I use on the still running router Wi-Fi.

I'm trying to figure out why the pfSense Wi-Fi is found, but the device is unable to connect?

stephenw10

Unless you have the interfaces bridged together they must be in different subnets.
The guide you linked to covers this quite well. Set the interface to static. Use an address and mask that doesn't overlap your LAN, for example use 192.168.10.1/24. Go to Services: DHCP Server: and enable DHCP on the wifi interface. Go to Firewall: Rules: select the wifi interface tab and add a rule to allow traffic from wifi clients out.

Steve

eiger3970

Interfaces aren't bridged.
Don't quite understand why different subnets are needed, as the router can use IP 192.168.1.180/24.
Anyways, I set the pfSense router to 192.168.1.155/24 and the pfSense Wi-Fi card to 192.168.10.1/24.

Enabled DHCP server and add firewall rule.
Device now connects to pfSense Wi-Fi but won't load websites.

I'll look at that tomorrow.

Then all the new APU hardware should be working and I can ad the security like the old router with MAC filtering.
Maybe add snort or some other security features now to pfSense too.

Thanks for the help.

stephenw10

@eiger3970:

Don't quite understand why different subnets are needed, as the router can use IP 192.168.1.180/24.

I'm not quite sure what you mean by this.  :-\ The interfaces themselves need to be in different subnets in order for pfSense to route traffic between them correctly. Clients on the interfaces will obviously be in the same subnet.

@eiger3970:

Device now connects to pfSense Wi-Fi but won't load websites.

What firewall rule did you add? Check the firewall logs for blocked traffic.

Steve

eiger3970

Sorry if I was unclear.
I meant my currently working Wi-Fi router uses IP 192.168.1.180/24.

The new pfSense Wi-Fi router just has a default firewall rule added, as the pfSense Wi-Fi setup tutorial didn't have any instructions on settings to make the Internet connection work, just how to configure the Wi-Fi interface.
Seems to be missing some final steps to connect to the Internet?

So, the firewall rule is
Action: Pass
Disabled: unticked
Interface: Wi-Fi
TCP/IP Version: IPv4
Protocol: TCP
Source: unticked
Destination: unticked
Destination port range: from: any. to: any
Log: unticked
Description: blank

stephenw10

@eiger3970:

I meant my currently working Wi-Fi router uses IP 192.168.1.180/24.

Ah, OK. In that situation your router is bridging the wireless network to the LAN and the same subnet spans both. You can do that in pfSense with your new card using a software bridge but I suggest you first get it working as a separate interface.

Your firewall rule only allows TCP which means that DNS on UDP port 53 is still blocked. I imagine your browser if giving errors like 'cannot resolve host'. You need to either change the protocol in your existing rule to tcp/udp or 'any' or add a new rules to allow UDP port 53.

Steve

eiger3970

I tried changing the pfSense > Firewall > Rules > edit rule > Edit Firewall rule > Protocol > but the protocol says TCP/UDP and is greyed out.
This means I can't change the greyed out TCP/UDP setting to allow Wi-Fi to load webpages?

stephenw10

Hmm, seems odd. I don't know why you wouldn't be able to change the protocol. That was on the new wifi interface?
You can always add an extra rule to allow it. See my example screenshots below. The LAN4 rule simply allows out all traffic, this would work fine on your wifi interface. The WIFI1 rules are significantly more complex! They prevent wireless clients talking to machines on my wired networks whilst allowing them to connect to the internet. You can see my rule to allow DNS in there.

Steve

eiger3970

Thank you for the screen shots.
I'm not sure how you setup your Wi-Fi, however my Firewall rule I setup with defaults seems wrong or different to yours and won't change due to greyed out fields.

I have included 3 attachments with the screenshots.


stephenw10

That's not your wifi rule, that's a rule on your WAN interface to allow in traffic to your internal webserver. It's probably greyed out because it's autogenerated by a port forward you setup.

Go to the WIFI TAB at the top to see your rules on the wifi interface. Edit that instead.  ;)

Steve