Cant See or Ping Local LAN Clients
-
But from a android Tablet PFsense is not letting wireless items talk to each other.
-
Go to Interfaces –> WLAN
Enable the option "Allow intra-BSS communication"Some discovery services need this. I can recall a problem with Chromecast devices for example, unless this is checked they wouldn't work.
Best regards!
-
That is enabled.
-
You mention router - are you talking about pfsense as your router, or do you have some other router?
I don't even see where you say that pfsense is providing your wireless, other then when asked if intra-BSS is on you say it is, so assume pfsense has a wireless card in it. You have no other wireless routers running wireless that your devices are connected to?
Can you draw up your network, on a napkin if that is all you have and take a picture of it with your phone if need be to post it.
-
Well here is the Layout
Internet <> Cable Modem <> WAN (DC0) <> Pfsense <> [Bridge {LAN (Bridge) <> OPT1 (DC1)}] <> WIFI (RAL0)
-
"[Bridge {LAN (Bridge) <> OPT1 (DC1)}]"
So your bridge has 1 interface in it? DC1 - if it was a bridge between your wireless and your wired it would have both interfaces in.. What is the point of a bridge with 1 interface?
-
thats what everybody told me to do i will post a picture of the setup.
-
Show your bridge setup please - I would think that should show both interfaces.
See how added test bridge see how it has 2 interfaces in it.
-
Here it is.
-
Ok what IPs do you have setup on these interfaces, and the bridge interface - and what firewall rules do you have setup?
-
Ok what IPs do you have setup on these interfaces, and the bridge interface - and what firewall rules do you have setup?
I think that needs to be flipped around a little…
Ok what IP do you have setup on BRIDGE0 (WIFI and OPT2 should have none), and what firewall rules do you have setup on BRIDGE0, WIFI, and OPT2?
-
I agree they should have none - which should be his answer..
-
wifi and opt 2 have no IP.
As for rules they will be below in pictures.
In the lan rules dont mind the Andy Stuff.
 -
What does Andy IP resolve too - I am curious to what you think those rules will accomplish? With that one rule source IP being andy IP, if that is a local IP you could be blocking all kinds of stuff outbound from lan, like normal web traffic. Source ports could be pretty much anything above 1024 with normal traffic.
-
Just so I'm clear, LAN is assigned to BRIDGE0 right?
-
Andy's ip covers his wired and wireless IP 192.168.103, 192.168.1.113.
Wel he was using Bittorrent and i told him not to and he still did it. It blocks the ports for Bittorrent and opens up the others for web surfing and things.Yes LAN is the BRIDGE0 and all my ips are static to keep track of who is on.
-
Sorry - now I see your interface assignment screen cap in post #9.
Andy's ip covers his wired and wireless IP 192.168.103, 192.168.1.113.
Why two different subnets? The point of bridging the two (OPT2/WIFI) is to get them on the same subnet/broadcast domain.
-
My Mistake its 192.168.1.103 wired and 192.168.1.113 wireless sorry.
-
Then it should be working. Check the software firewalls/LAN modes (public,work,etc) on the devices that can't talk to each other. Are they getting ARP for each other?
-
"It blocks the ports for Bittorrent and opens up the others for web surfing and things."
Not it doesn't!! So on rule that reads that from 192.168.1.113 if source port is 5k to 65k block
Well how do you know firefox is not going to us port 7212 to go to pfsense.org ?? You do understand that applications will use a random port above 1024 as their source port.. See example attachment of my firefox connection currently – see the local ports in the 30k range Your rule would block that from happening.
And you blocking him from going to anything with 5k to 65k as dest, is going to break way more than just bittorrent ;) Which is fine blocking outbound traffic to non standard ports standard practice.. But blocking source ports is going to be a problem!! I would think he would be complaining all the time that he can not get to websites.. Maybe reboot would fix it so he starts using ports just above 1024, but as applications start going through the ports and get to above 5k they are going to stop working for new connections to websites even on 80 or 443.
Lets clarify what the problem is -- so wireless clients can not talk to other wireless clients. So if you ping a wireless client from another wireless client by IP, do you see the mac in your arp table on the client pining it?
So for example if I ping 192.168.1.8, you can see its mac in my arp table on the client
C:>ping 192.168.1.8
Pinging 192.168.1.8 with 32 bytes of data:
Reply from 192.168.1.8: bytes=32 time=1ms TTL=128
Reply from 192.168.1.8: bytes=32 time<1ms TTL=128C:>arp -a
Interface: 192.168.1.100 --- 0xc
Internet Address Physical Address Type
192.168.1.3 00-0c-29-c8-f2-dc dynamic
192.168.1.7 00-0c-29-dd-02-ba dynamic
192.168.1.8 00-0c-29-55-4f-95 dynamic
192.168.1.31 b8-27-eb-1c-6e-09 dynamic
192.168.1.40 00-1f-29-54-17-14 dynamic
192.168.1.210 00-0c-29-73-eb-07 dynamicEven if doesn't answer you should see the MAC – do you??
I personally never understand why anyone would set up pfsense like this - if you want wireless on your lan network - then use a AP.. Pfsense wireless support is lets call it limited at best, your going to get way better performance, way more coverage and way more control using any wifi router you have laying around the house as just an AP, or going with a real AP - something like unifi for example with a wireless controller in software.
To be honest if me, I would yank all the wifi out of pfsense all together other than say some support for a wifi connection to be used as a link.
if you have this set
"Enable the option "Allow intra-BSS communication""And wifi client can not talk to each other then yes there is a problem - do the devices see the other devices mac is a start to figure out what is wrong.
