[SOLVED] Setting up Tomato Wifi Router behind PFSense

RickJ

Yep, re1 NIC is set on OPT1.

Added a screenshot of current NIC assignments under Interfaces > (assign) , all NICS have a different MAC address assigned.


Derelict

@RickJ:

Ok thanks Derelict, I've attached an updated Firewall Rules pic, I think it's updated to correctly pass traffic as you described so let me know if it's still incorrect.

As to the WiFi setup itself:

-Yes, tomato is plugged in from a LAN port into switch
-The tomato wifi signal is getting sent out
-Do not get DHCP from wifi signal (no IP being assigned to client machine)

Sounds like you have a layer 2 issue.

If you assign a static address to the wireless client in the right range and you can ping pfSense, you have a DHCP issue instead.  I think you might need help with tomato more than pfSense.  Sorry.  No experience with it.

snip

I added a static IP to the tomato AP under DHCP Server just in case, but hasn't seemed to fix anything. Still getting that OPT1 is down on the interfaces panel. From the looks of it there must be SOMETHING missing from the OPT1 port config…I can't think of any other reason the port is still not registering a carrier in Status > Interfaces.

I take it back.  You have a layer 1 issue.

Could this be a hardware issue? The box I put together has 1 Intel i211AT Gigabit LAN and 4 Realtek RTL8111E-VL-CG Gigabit Ethernet Controllers. Our WAN is on the Intel, and our current LAN is on the first Realtek port. I should be able to add OPT1 on the second Realtek port correct (or do I need another NIC for separate wifi)?

As has been suggested, what is in Interfaces > (assign)??  Start with the basics.  I don't know why you're messing with the AP if you have no carrier on your ethernet interface.

So you've messed with the MAC addresses or what?  Why?

RickJ

I think I ninja'd you Derelict, added a post just before you describing interfaces >assign

I think we're on the same page, since this morning I'm thinking it's a layer 1 issue. I didn't manually change any of the MAC addresses, was just stating the obvious that they were different for each entry.

Edit

For clarity, I've added what my OPT1 entry looks like in Interfaces > OPT1 in case you can see something glaringly missing


Derelict

That looks fine.

And you have a DHCP server enabled on OPT1 handing out IPs in 10.0.0.0/24?

If you plug a laptop directly into OPT1 do you get link/DHCP?  If so, you need to figure out why you don't get link from your switch.  You should not need a crossover cable or anything like that.

RickJ

Yep, enabled OPT1 on DHCP server, handing out on 10.0.0.0 subnet (pic below for verification)

When directly plugged into OPT1 the laptop gets no DHCP, can't ping anything.


Derelict

You sure you have the right re port?  Other than that, sorry.  No idea.  Maybe the realtek driver sucks.

RickJ

Oh my goodness.

My co-worker labelled all the re ports friggin BACKWARDS! So, after all that meticulous configuration, when I plugged the wire into the correct port, everything started working instantly. I'm going to have to do something terrible to him for this…it never even occurred to me that he wold label the ports incorrectly.

That said, thank you so much for your help Derelict, I really appreciate it. Without going through all these steps the config wouldn't have been set correctly had I had the correct port plugged in at the beginning.

A million thanks, and now I'm going to celebrate, and then beat my co-worker with the PFSense manual until justice has been served.

Nullity

@RickJ:

Oh my goodness.

My co-worker labelled all the re ports friggin BACKWARDS! So, after all that meticulous configuration, when I plugged the wire into the correct port, everything started working instantly. I'm going to have to do something terrible to him for this…it never even occurred to me that he wold label the ports incorrectly.

That said, thank you so much for your help Derelict, I really appreciate it. Without going through all these steps the config wouldn't have been set correctly had I had the correct port plugged in at the beginning.

A million thanks, and now I'm going to celebrate, and then beat my co-worker with the PFSense manual until justice has been served.

Haha. Glad to see this resolved.

Hell, I occasionally get confused about my pfSense interfaces and I only have 2 of them.  ::)

Timp1

@RickJ:

Hi Everyone!

I can't seem to get my wireless router to cooperate and I'd be forever grateful for some help. Here's the setup I'm trying to accomplish:

Gateway –-> PFSense box ----> Wifi-Router

I have referenced these two places, but neither has helped me through to the finish:

(Main PFSense help doc for this)
(Post by someone from 2008 who was trying to do the same thing)

Unfortunatley the second post petered out due to the original poster's misunderstanding of subnets.

My Tomato Wifi-Router Setup:

WAN: Disabled

LAN
IP: 192.168.0.2
Gateway: 192.168.0.1 (pfsense address)
DNS: 192.168.0.1 (pfsense address)
Subnet: 255.255.255.0
Disabled DCHP.

As far as I know things should be working from these settings, so I'm pretty sure the error is coming from my PFSense config.

I have the Wifi-Router plugged into my OPT1 port, which I"m pretty sure is the problem. What settings do I need to supply in my OPT1 interface to successfully get things running?

Current OPT1 interface settings:

(Interface Enabled)
IPv4 configuration type: DHCP
IPv6 configuration type: none

The rest of the fields are empty except for the hostname that is currently "testwifi"

I have also gone into the firewall rules for OPT1 and added a rule to let all IPv4 traffic pass.

It would probably be best if I could just bridge my OPT1 port to the LAN port that is currently configured, but barring that what do I need to do to adjust my OPT1 settings? I can't just copy/paste my current LAN port settings can I? (I assume that copy/pasting would cause a conflict when both LAN and OPT1 try and use 192.168.0.1 as their static IPv4.)

Thanks for taking a look!  :)

RickJ's post almost got me to success.  I have an R7000 wireless router running Shibby Tomato v1.28 and plugged into the LAN port on my wired only PFSENSE appliance.  In addition to RickJ's advice, I realized I needed to go into Advanced/Routing.  Under the Miscellaneous tab, I had to switch the Mode from 'Gateway' to 'Router'.  Once I did that, everything magically started working. In my case, my appliance is set to 192.168.1.1, the R7000 is set to 192.168.1.11

kcallis

@Timp1:

@RickJ:

Hi Everyone!

I can't seem to get my wireless router to cooperate and I'd be forever grateful for some help. Here's the setup I'm trying to accomplish:

Gateway –-> PFSense box ----> Wifi-Router

I have referenced these two places, but neither has helped me through to the finish:

(Main PFSense help doc for this)
(Post by someone from 2008 who was trying to do the same thing)

Unfortunatley the second post petered out due to the original poster's misunderstanding of subnets.

My Tomato Wifi-Router Setup:

WAN: Disabled

LAN
IP: 192.168.0.2
Gateway: 192.168.0.1 (pfsense address)
DNS: 192.168.0.1 (pfsense address)
Subnet: 255.255.255.0
Disabled DCHP.

As far as I know things should be working from these settings, so I'm pretty sure the error is coming from my PFSense config.

I have the Wifi-Router plugged into my OPT1 port, which I"m pretty sure is the problem. What settings do I need to supply in my OPT1 interface to successfully get things running?

Current OPT1 interface settings:

(Interface Enabled)
IPv4 configuration type: DHCP
IPv6 configuration type: none

The rest of the fields are empty except for the hostname that is currently "testwifi"

I have also gone into the firewall rules for OPT1 and added a rule to let all IPv4 traffic pass.

It would probably be best if I could just bridge my OPT1 port to the LAN port that is currently configured, but barring that what do I need to do to adjust my OPT1 settings? I can't just copy/paste my current LAN port settings can I? (I assume that copy/pasting would cause a conflict when both LAN and OPT1 try and use 192.168.0.1 as their static IPv4.)

Thanks for taking a look!  :)

RickJ's post almost got me to success.  I have an R7000 wireless router running Shibby Tomato v1.28 and plugged into the LAN port on my wired only PFSENSE appliance.  In addition to RickJ's advice, I realized I needed to go into Advanced/Routing.  Under the Miscellaneous tab, I had to switch the Mode from 'Gateway' to 'Router'.  Once I did that, everything magically started working. In my case, my appliance is set to 192.168.1.1, the R7000 is set to 192.168.1.11

I am migrating from my TL-Link WA901ND to my Netgear Nighthawk R7000. The one thing that worked nicely for me on the TL-Link was the ability to seamlessly broadcast 4 SSID's, use the same VLAN Ids and then connect it to my switch which connected to my 3 port pfSense APU. After many attempts to factory reset my R7000, I have had nothing but issues. First off, after I create new bridge interfaces (br1, br2, br3), after I create the VLAN, I found that the VLAN 1 is required for br0 (the default LAN interface on the R7000. Unfortunately, I need the br0 interface to have a VLAN 05 which is in-line with the configuration on my pfSense box.

With the TL-Link WA901ND, since there is only one interface, once I create the 4 SSID's, it comes to my edge switch as a trunk with all of the VLANs that I defined passed to the switch. So where with the R7000, this has been a rocky road! Has anyone successfully change the VLAN ID for the default interface to anything besides VLAN 1?

Any pointers would be greatly appreciated!

Grimson

@kcallis:

Any pointers would be greatly appreciated!

Ask here: http://www.linksysinfo.org/index.php?forums/tomato-firmware.33/ this is not a pfSense problem.