DHCP not working for different subnet

killmasta93

Hi,
I was wondering if someone can help me out or help me understand?

I have my lsp modem as bridge (static ip) connected to my firewall (192.168.1.254) then i connect it to my access point r7000(192.168.1.151)(dhcp disabled) with ddwrt. So i created 2 wifi connections. One is for home which has the same subnet (192.168.1.x) and then i created a virtual which is 192.168.3.1 within ddwrt. I get perfect connection on the 192.168.1.x but I cannot connect to the wifi guest (192.168.3.1) I was wondering if someone could guide me how can i create another pool within the same LAN in pfsense or what steps do i need to take for it to work?

Thank you
FIREWALL.jpg_thumb

doktornotor

Not implemented. You can only provide DHCP for subnets defined on pfSense.

https://forum.pfsense.org/index.php?topic=65736.0

gjaltemba

I do this in ddwrt with iptables to nat 192.168.3.0/24 to access point 192.168.1.151

Lookup multiple wlan in ddwrt.

killmasta93

Hi thank you for your response

Would it be possible to send me a screen shot of how you have your ddwrt configured as an access point with your pfsense?

Thank you

gjaltemba

The configuration is done in ddwrt. It is ap mode for 192.168.1.0/24 subnet and router mode for 192.168.3.0/24 subnet with dhcpd and nat. We do not have the same hardware and ddwrt version so start here

http://www.dd-wrt.com/wiki/index.php/Multiple_WLANs

pfsense sees all traffic from 192.168.3.0/24 subnet as coming from 192.168.1.151

killmasta93

thank you so much i will let you know how it goes ill keep you posted

Thank you again

killmasta93

Hi again
I wanted to tell you that everything was working well but my guest network is not getting internet I have tried asking on ddwrt forum and they cant seem to help me either http://www.dd-wrt.com/phpBB2/viewtopic.php?p=960056#960056

My problem is the iptable for the nat it is not getting internet but I am getting DHCP

I was wondering gjaltemba if you can help me out with the ip table only to get internet or am i missing something?

Keep guest network from reaching main LAN devices.

iptables -I FORWARD -i br1 -d nvram get lan_ipaddr/nvram get lan_netmask -m state –state NEW -j DROP

NAT so the guest network can access the internet:

iptables -t nat -I POSTROUTING -o br0 -j SNAT --to nvram get lan_ipaddr

Keep the guest network users from getting at the r7000:

iptables -I INPUT -i br1 -m state --state NEW -j DROP

But let the guest network hit the DHCP and DNS ports:

iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

Thank you

gjaltemba

For the sake of "Get her done" well take care of the ddwrt config here and move on to pfsense topics.

iptables -I FORWARD -i br1 -m state –state NEW -j ACCEPT
iptables -I FORWARD -i br1 -d nvram get lan_ipaddr/nvram get lan_netmask -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to nvram get lan_ipaddr

for some hardware you may put the following as line 2
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

You can lock things down after connection is made.
Keep in mind that some firewall scripts are for wan interface. In AP mode the wan port is disabled in ddwrt.

http://blog.danjoannis.com/?p=1362

killmasta93

Hi thank you again for your effort but i figured out and made a tutorial if anyone is in need

http://www.mediafire.com/view/6tmi6uwp72mnc6j/Setting_up_Virtual_Interface_guest_as_access_point_behind_ddwrt_or_pfsense.pdf

Thank you