WI-Fi extender without internet
-
Do you have "Block private networks and loopback addresses" ticked if you do untick it.
Yes, are ticked
-
And what about the LAN firewall rules ?
Consider also packet capturing on pfSense on the LAN.
Disconnect / remove all device except one on the extender.
Activate the capturing, see what comes in, and gets out.
UDP port 68 works, as DHCP works.
Do you see the ICMP arrive ?
Other (TCP) ?Thanks!
I have set "DHCP Static Mappings" for few devices. I changed, IP for my phone, on pfSense, from192.x.x.102 to 192.x.x.111, and after connected my phone, to the wirelsess router I received 192.x.x.111 IP and the same IP when I connected my phone to WI-FI Extender.
I captured traffic for my phone and I have, where 192.168.10.1 is my pfSense:
For wireless router:
192.168.10.1.53:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
192.168.10.1.53:
169.60.79.74.5222:
185.60.218.170.443:
185.60.218.170.443:
185.60.218.170.443:
185.60.218.170.443:For Extender:
192.168.10.1.53:
192.168.10.1.53:
157.240.9.170.443:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
157.240.9.170.443:
157.240.9.170.443:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
157.240.9.170.443:In my Wi-FI extender you can see only 53 and 443 ports :(
-
Do you have "Block private networks and loopback addresses" ticked if you do untick it.
Yes, are ticked
If Block private networks and loopback addresses is ticked and your other device is using rfc1918 address space pfSense will block it.
Untick it, rfc1918 address space is :-
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix) -
Do you have "Block private networks and loopback addresses" ticked if you do untick it.
Yes, are ticked
If Block private networks and loopback addresses is ticked and your other device is using rfc1918 address space pfSense will block it.
Untick it, rfc1918 address space is :-
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)I Untick it, but the problems persist. The extender shoult copy the router settings
-
I'm out of other ideas. :(
-
Problem solved!
:D
I reinstalled the pfSense an I reconfigurated step by step. The problem was with "Create an ARP Table Static Entry for this MAC & IP Address pair." because I configurated static mapping for few devices. When I have checked on "Create an ARP Table Static Entry for this MAC & IP Address pair." the connexion with WIFI extender not working. Without this check, all is fine.
-
@xplozia That absolutely fixed the exact same problem I was having. Not sure why setting static ARP entries for static DHCP clients would cause the issue, but once I removed that setting from each static DHCP assignment, my repeater is working perfectly again. Nice work!
-
It's because using a wifi repeater the local access point only sees the MAC address of the repeater and not clients. Thus when you have static ARP set replies never reach the clients.
Wireless repeaters suck for a number of reasons including that.
https://en.wikipedia.org/wiki/Wireless_repeater#DrawbacksSteve
-
@stephenw10 said in WI-Fi extender without internet:
It's because using a wifi repeater the local access point only sees the MAC address of the repeater and not clients.
You may wish to take a look at a WiFi frame. You'll see the end point MACs are completely separate from the WiFi addresses. There is even a 4th address field for bridges (repeaters). Also, I don't think WiFi repeaters would sell very well, if static ARP was required to make them work. It seems to me the problem may be elsewhere.
BTW, these O'Reilly books from Matthew Gast are excellent references. He's an engineer on the IEEE 802.11 committee.
-
Mmm, I thought that. Seems like it should still be one layer 2...
But I'm seeing multiple references showing the opposite. As I'm reading it's setting static ARP that prevents them working correctly, hence mostly they just work.
I guess more research needed...Steve