I cant get Opt1 to work
-
hello I have been tinkering with Pf sense and right now I have it working with one internal(motherboard) port (Wan) and 2 working (has been tested in Pfsense) network cards but I cant not get both of them to work at the same time. I think its something with me setting ip's I am trying to have to separate networks one LAN network going to my computer and the second going to a WiFi router. I can get one of them at a time to work just not both plz help.
-
Post the IP addresses and netmasks you are trying to use. They must be different, non-overlapping on every interface. Internal (private) interfaces should use addresses from private IP space.
-
When you add OPT1, your second lan connected to your AP you need to set the firewall rules on it - since there are no default any any rule like lan.
edit:
You need to allow traffic on opt1, out of the box everything will be BlOCKED
-
ok so they need to be on a different subnet mask like Lan= 255.255.255.0 and opt1 = 255.255.0.0?
One this that I have to do with my computer when i try to connect is manually change my private ip address and gate way and things like that you know why?johnoz I don't completely understand what you are saying can you please elaborate on that please.
-
They must be different subnets. The subnet mask can (and usually is) the same, because most people want about the same number of addresses in each subnet.
e.g.
LAN 192.168.1.1/24 - DHCP range 192.168.1.10-99 ()
OPT1 192.168.2.1/24 - DHCP range 192.168.2.10-99 ()(*) can be any range from 2 to 254 - that is not used by static IPs you have set up, like servers, AP management interface…
Make sure to enable DHCP on both LAN and OPT1. To get going, add an "allow all" rule on OPT1. Once it is working, then you can block some stuff from OPT1 to LAN etc, to protect LAN from any nasty WiFi visitors or... as needed.
-
Both Lan and Opt1 have to by dynamic (DHCP) I am wanting a static ip for my Lan
-
nobody said they have to serve up dhcp, the interface itself would be static. Serving up dhcp to that network just makes it easier.
Post up your firewall rules for your lan and your opt1 interface, and your interface settings.
As mention you can use something like 192.168.1.1/24 for the lan (255.255.255.0 mask) and 192.168.2.1/24 for your opt1
/24 or 255.255.255.0 would be common mask to use for local network segments this gives you the ips of .1 thru .254 to work with. .1 can be pfsense - .2 to .254 can be your other devices on that network. Then 192.168.2.0/24 can be your other opt1 segment
-
I still cant seem to get it to work. any hints?
-
As johnpoz has said, post some detail then we can see what the problem is.
- LAN and OPT1 interface IP address and netmask (CIDR)
- Is DHCP server enabled on those interfaces, if so what pool (range) of IP addresses is DHCP giving out.
- Rules on LAN and OPT1.
Anything other settings you have been changing that might be relevant.
-
LAN = 192.168.1.1/24 (static) dhcp = starting 192.168.1.100 ending 192.168.1.199 -Subnet 192.168.2.0
Opt1 = 192.168.2.1/24 static dhcp= 192.168.2.1 ending 192.168.2.50 -Subnet 192.168.1.0
Rules for lan= Block private networks(false) Block bogon networks(false)
Rules for opt1= Block private networks(false) Block bogon networks(false)tell me if you need anymore
-
The rules are in Firewall->Rules. There's a tab for traffic into LAN and a tab for traffic into OPT1.
-
Lan to wifi is my LAN and its working
LanOpt1 is the opt 1 i need to work as a lan that is not working.
-
Well you have NO rules in LanOPT1, so no its not going to allow anything into that interface - no ping, no nothing. Create a rule or rules that allow the traffic on that opt1 interface you want.
Or for testing just create a any any rule like you have on the lantowifi interface. Once its working you can adjust the rules to restrict the traffic to what you want. But with nothing on it - its not going to allow any traffic to it or through it.
See Reply #2 in this thread where I clearly stated you need to create rules on OPT interfaces ;)
-
WOW i missed that lol thx i feel dumb xD ill try that out btw sorry for wasting time
I am learning how to network while I am doing this
