APU set up with Wi-Fi
-
Ok, thanks for the tip.
I have selected 802.11g, so that's good.
I had to select an IP address so I took 192.168.1.156 and the pfSense LAN in 192.168.1.155.
My device finds the pfSense Wi-Fi connection, but won't connect?Once connected, I can then figure out how to use the MAC filter on pfSense, which I use on the still running router Wi-Fi.
I'm trying to figure out why the pfSense Wi-Fi is found, but the device is unable to connect?
-
Unless you have the interfaces bridged together they must be in different subnets.
The guide you linked to covers this quite well. Set the interface to static. Use an address and mask that doesn't overlap your LAN, for example use 192.168.10.1/24. Go to Services: DHCP Server: and enable DHCP on the wifi interface. Go to Firewall: Rules: select the wifi interface tab and add a rule to allow traffic from wifi clients out.Steve
-
Interfaces aren't bridged.
Don't quite understand why different subnets are needed, as the router can use IP 192.168.1.180/24.
Anyways, I set the pfSense router to 192.168.1.155/24 and the pfSense Wi-Fi card to 192.168.10.1/24.Enabled DHCP server and add firewall rule.
Device now connects to pfSense Wi-Fi but won't load websites.I'll look at that tomorrow.
Then all the new APU hardware should be working and I can ad the security like the old router with MAC filtering.
Maybe add snort or some other security features now to pfSense too.Thanks for the help.
-
Don't quite understand why different subnets are needed, as the router can use IP 192.168.1.180/24.
I'm not quite sure what you mean by this. :-\ The interfaces themselves need to be in different subnets in order for pfSense to route traffic between them correctly. Clients on the interfaces will obviously be in the same subnet.
Device now connects to pfSense Wi-Fi but won't load websites.
What firewall rule did you add? Check the firewall logs for blocked traffic.
Steve
-
Sorry if I was unclear.
I meant my currently working Wi-Fi router uses IP 192.168.1.180/24.The new pfSense Wi-Fi router just has a default firewall rule added, as the pfSense Wi-Fi setup tutorial didn't have any instructions on settings to make the Internet connection work, just how to configure the Wi-Fi interface.
Seems to be missing some final steps to connect to the Internet?So, the firewall rule is
Action: Pass
Disabled: unticked
Interface: Wi-Fi
TCP/IP Version: IPv4
Protocol: TCP
Source: unticked
Destination: unticked
Destination port range: from: any. to: any
Log: unticked
Description: blank -
I meant my currently working Wi-Fi router uses IP 192.168.1.180/24.
Ah, OK. In that situation your router is bridging the wireless network to the LAN and the same subnet spans both. You can do that in pfSense with your new card using a software bridge but I suggest you first get it working as a separate interface.
Your firewall rule only allows TCP which means that DNS on UDP port 53 is still blocked. I imagine your browser if giving errors like 'cannot resolve host'. You need to either change the protocol in your existing rule to tcp/udp or 'any' or add a new rules to allow UDP port 53.
Steve
-
I tried changing the pfSense > Firewall > Rules > edit rule > Edit Firewall rule > Protocol > but the protocol says TCP/UDP and is greyed out.
This means I can't change the greyed out TCP/UDP setting to allow Wi-Fi to load webpages? -
Hmm, seems odd. I don't know why you wouldn't be able to change the protocol. That was on the new wifi interface?
You can always add an extra rule to allow it. See my example screenshots below. The LAN4 rule simply allows out all traffic, this would work fine on your wifi interface. The WIFI1 rules are significantly more complex! They prevent wireless clients talking to machines on my wired networks whilst allowing them to connect to the internet. You can see my rule to allow DNS in there.Steve
-
Thank you for the screen shots.
I'm not sure how you setup your Wi-Fi, however my Firewall rule I setup with defaults seems wrong or different to yours and won't change due to greyed out fields.I have included 3 attachments with the screenshots.
 -
That's not your wifi rule, that's a rule on your WAN interface to allow in traffic to your internal webserver. It's probably greyed out because it's autogenerated by a port forward you setup.
Go to the WIFI TAB at the top to see your rules on the wifi interface. Edit that instead. ;)
Steve
-
Oops, I missed the Wi-Fi tab.
That fixed it, Wi-Fi working.Now I can try some of the snort and firewall advanced things, but the basics seem to be running for now.
Oh, I need to set the security to a MAC filter like my old router, so I will research how to do that.Thanks for the help:-)
-
It was working, however my mobile was connecting to the old router which has the MAC filter setup.
I haven't been able to setup a MAC filter on pfSense yet.
Today I tried to move the mobile over from the old router Wi-Fi to the pfSense Wi-Fi, however the pfSense Wi-Fi network is not found?So, 2 problems:
1. pfSense Wi-Fi network not found.
2. pfSense MAC filter not available for security?
I prefer a MAC filter as:
everything is blocked.
only permitted devices can connect.
no encryption means faster transmission rates.
as secure as a 12 character password. (yes, maybe 8 character password if a hacker knows the first 4 MAC character common to manufacturers). -
It was working, however my mobile was connecting to the old router which has the MAC filter setup.
I haven't been able to setup a MAC filter on pfSense yet.
Today I tried to move the mobile over from the old router Wi-Fi to the pfSense Wi-Fi, however the pfSense Wi-Fi network is not found?So, 2 problems:
1. pfSense Wi-Fi network not found.If you can't see the network with your mobile device, i suggest installing a wifi analyzer akin to:
https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer&hl=en2. pfSense MAC filter not available for security?
A MAC filter provides zero security.
All you need is a device with which you can listen to traffic on the air, so basically everything which is capable of connecting to said access point. After that change your own MAC to one of the "allowed" addresses.I prefer a MAC filter as:
everything is blocked.
only permitted devices can connect.
no encryption means faster transmission rates.This is something you REALLY don't want to do.
No encryption does not increase the speed.
Everyone with a wlan capable device can listen to whatever you transmit over the air.
The only thing that changes is the time it takes to connect to the network.
And even then we are talking about 5ms increased time until you are connected.
You really need to have WPA2 (or at least WPA).as secure as a 12 character password. (yes, maybe 8 character password if a hacker knows the first 4 MAC character common to manufacturers).
Not sure what you are talking here about. The password has absolutely nothing to do with the MAC addresses.
For WPA2 the password has a minimal length of 8 characters and can be up to 63 characters. -
Thank you for the reply.
My mobile has a regular Wi-Fi finder which finds other working Wi-Fi networks.
Other devices also find Wi-Fi networks and not the pfSense Wi-Fi network.
So I don't think there's a need to download another Wi-Fi finding app.Ok, I will setup the pfSense Wi-Fi network on WPA2 password encryption, once the pfSense Wi-Fi works.
-
What channel is your pfSense wifi card using? It may be one that your phone cannot use, 12,13 or 14 for example.
Steve
-
Another thing which could be wrong: Did you set the channel specifically or did you set it to "auto"?
I've seen cards not work with the "auto" setting. -
Thanks.
I think I found the right information under pfSense > Dashboard: Interfaces: WIFI > Common wireless configuration - Settings apply to all wireless network on ath0. > Channel: Auto.
There are 37 other manual channels to choose from?I should mention all devices on Wi-Fi don't find the pfSense Wi-Fi network.
-
Ok, I just tried 3 channels from the choice of 37 channels.
11b/g/n - 1 (2412 MHz @ 31.5 / 20)
11a/n - 36 (5180 MHz @ 31.5 / 30)
11a/n - 100 (5500 MHz @ 31.5 / 30)No change though.
-
You're still running 2.1.X right? Then you shouldn't be seeing any 'N' channels. Are you using 'A'? Use 802.11G mode only and you should be OK.
Steve
-
Yes, I'm on pfSense Version 2.1.4-RELEASE (amd64) FreeBSD 8.3-RELEASE-p16.
The Wi-Fi Interface Standard is 802.11g.
The Wi-Fi Interface Channel is Auto.
