Having trouble with DHCP and access point
-
unifi makes some decent AP.. Entry level is $70 pro is 200, AC is 300.
-
running pfSense 2.2.2 with ddwrt accesspoint kong build r7000 runs great. Try this link to see if it helps you. Personally why not just have it modem–pfSense--ddwrt--computers (or switch)--more computers
also in the guide it will show you how to create a separate guest with its own dnsmasq
Read the guide and tell me how it goes
http://www.mediafire.com/view/vn61b93b0yv7x12/Setting_up_Virtual_Interface_guest_as_access_point_behind_ddwrt_or_pfsense.docx
-
How does that prevent your guests on 192.168.10.0/24 from accessing everything on your LAN on 192.168.1.0/24.
-
in ddwrt i save to firewall rule
#Block access between private and guest iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP -
also on a side note the guest handles its own dnsmasq but funny thing that if i block youtube though pfSense in dns fowarder it blocks it on the guest too, been trying to unblock it no luck :-[
-
running pfSense 2.2.2 with ddwrt accesspoint kong build r7000 runs great. Try this link to see if it helps you. Personally why not just have it modem–pfSense--ddwrt--computers (or switch)--more computers
also in the guide it will show you how to create a separate guest with its own dnsmasq
Read the guide and tell me how it goes
http://www.mediafire.com/view/vn61b93b0yv7x12/Setting_up_Virtual_Interface_guest_as_access_point_behind_ddwrt_or_pfsense.docx
Well, my setup will be fairly similar to that, it's just we have a number of cell phones in the house that usually want to be connected to wifi. Otherwise, very similar except for the plan to add a nas box. Just in the process of building a 4x HDD box from some old parts (And some new(er) ones that we need to get.
-
Well, my setup will be fairly similar to that, it's just we have a number of cell phones in the house that usually want to be connected to wifi.
but arent you trying to do that with the ddwrt as an access point?
Otherwise, very similar except for the plan to add a nas box. Just in the process of building a 4x HDD box from some old parts (And some new(er) ones that we need to get.
Also if your router supports usb which im not sure, you can have a small NAS. I love DDWRT but it sometimes lacks in blocking sites. And to utilize it fully you would need to get AC router with 256mb but besides that its amazing. :)
-
Yes, well the current situation on wireless/AP is that the lil router I flashed works, but wireless doesn't. I can't find any right now where it does work on the E2500 V3, but looking in the dd-wrt forums, it seems tehre are a number of complaints about it being just fine except the wifi. So, at this point, I jsut plan to buy an AP.
-
ohh then in that case i suggest buying R7000 ($140) or a unifi LR ($80)
-
I've looked into them, that unifi actually looks pretty good. Only thing is here, I would have to order it in, but I probably will. thanks for the tip on that.
-
unifi is awesome if you have dead spots (no wifi or low wifi signal) in the house. But usually that's not the case in America unless you have a huge house. The unifi can also have ddwrt but I haven't tried it and not sure how stable it is but wouldn't change it to ddwrt because the webGUI is awesome. If you do change it to ddwrt tell me how it goes ;)
-
Thanks, I ordered the unifi AP-LR today, on rush. Pretty excited. Thats cool it can take dd-wrt too.. but I will probably stick with the mfg interface
-
if you put dd-wrt on it I don't think there is a way to put it back.. So think carefully about that, or validate that you can put it back.
-
Yeah I looked, only briefly, but I think you are right, it seems there is no way (currently) to revert back. I still plan to stick with the original firmware.
I guess my plan, right now is to have 2 different SSIDS and 2 VLANs. Not too experienced with VLANs, but if I get the gist, I will ahve to configure the same (2) vlans on the router and the AP, and assign /link the SSID's to their respective vlan? -
yeah exactly.. So I have my guest wlan run on it a vlan.. Simple enough to do with the unif software. The only 1 complaint that I hear is there is no way to change the management vlan from 1.
I don't see a problem with that in my setup, but it would be a nice feature to be able to do that.
You can run 4 SSIDs with unifi per radio. Then in pfsense you just create that vlan assign it to a physical interface and on your switch trunk the connections so you can carry the vlans you want.
-
actually you can use VLANS if you get the nighthawk with DDWRT. I have 3 access points unifi and 2 VLANS configured on the nighthawk. The only bad thing about that is trying to block webpages because the nighthawk has its own DNSmasq. Its possible to block pages but if lets say VLAN 1(192.168.3.1) i block facebook it will also block VLAN 2 (192.168.40.1).
If you do get the nighthawk ill help you out
-
I have received the Unifi AP-LR. I am trying to configure it but having some issues. However, firstly, I need to sort out this…. When I connect the AP-LR to LAN interface it will detect in Unifi software. but when attached to OPT1 which I want to use for wireless devices, it does not show up. So it seems communication is not working between the 2 interfaces.
My first thought is firewall rules? I did mess around with them a bit.. so I probably screwed it up myself. And a few I added based on some articles but they didn't seem(?) to turn out as the articles suggested. I think this is because the version used for the article was older.
My current FW rules are attachedAs a few additional notes, DHCP is enabled, and I can connect to WAN fine through LAN (Don't know yet with OPT1) I have a domain set, and a router name set and DNS forwarding seems to be working right(I think)
-
From my limited experience with the ubiquitis they like to be managed on the untagged (primary) VLAN. So your management VLAN should reach the access points untagged. If that is in place you can create SSIDs on tagged VLANs to your heart's content.
Other than that, please be more specific.
-
hmm…the lack of experience i have with OPT on pfSense not sure what you did wrong but what i know it should work essentially is first install the software(has its own web server) to configure the unifi https://www.ubnt.com/download/unifi/ install it ( you need java ) after connect it to the the LAN of the pfSense. It should give an IP ex: (192.168.1.80) to find the IP check either in ARP or download a network scanner like netscan. enter the IP on the url and configure the AP. Now if you want to create more SSID with different pool its possible though VLANS but they have to be tagged. If you look at the pic before you can see the config of DDWRT. Tag means that the unifi gets the DHCP of (192.168.1.80) but can also handle another DHCP (192.168.3.80), and untagged it can only handle on DHCP Pool (192.168.1.80). The only thing now is to find how to tag the LAN on pfSense lets say VLAN 3 And VLAN 4 then you put VLAN 3 And 4 on the unifi as the picture before.
-
Ok couple things on your rules - the rule on our lan that allows you to opt1 net is pointless since the rule above that lets you go anywhere.
The rules on your opt 1 you don't need that rule that allows to opt1 net, devices on opt1 don't talk to pfsense to access opt1 network. Your allowing them access to lan net so what is the point of saying !rfc1918 and using ppoe gateway?? Where do you think they are going to go with that 53 rule, when you told them if they are going anything not rfc1918 go out your ppoe gateway?
What exactly do you want to accomplish for this wifi segment?
As mentioned management of the unifi is native vlan 1, no tagging. While you can have your controller on your lan and your AP on opt1 - its easier to put your controller and AP on the same network, atleast for setup - then you can move the AP to different segment if you want. L3 managment http://wiki.ubnt.com/UniFi_FAQ#L3_.28Layer_3.29_Management
But if you run both controller and ap on opt1 network is very simple to get going and you can play with changing that after you get some more experience with it. If you then want to put a ssid on vlan then create vlan on pfsense put it on your opt1 interface and trunk the ports on your switch and then trunk the port going to your AP and your good.
