No routing between LAN and WIFI interfases
-
Hi, I am using a home pfsense router (2.3.3-RELEASE (i386) nanobsd (2g)) with six interfaces.
WAN, WAN2, WIFI in the MultiWan group.
LAN, LAN2, WIFI_AP for three separate subnets.
Everything works fine with one exception. No routing between LAN (LAN2) and WIFI_AP.Routing rules are
LAN
Protocol Source Port Destination Port Gateway Queue Schedule Description
Pass * * * LAN Address 80
22 * * Anti-Lockout Rule
Pass IPv4 * LAN net * WIFI_AP net * * none
Pass IPv4 * LAN net * LAN2 net * * none
Pass IPv4 * LAN net * * * MultiWan none Default allow LAN to any ruleLAN2
Protocol Source Port Destination Port Gateway Queue Schedule Description
Pass IPv4 * LAN2 net * WIFI_AP net * * none
Pass IPv4 * LAN2 net * LAN net * * none
Pass IPv4 * LAN2 net * * * MultiWan none Default allow LAN2 to any ruleWIFI_AP
Protocol Source Port Destination Port Gateway Queue Schedule Description
Pass IPv4 * WIFI_AP net * LAN net * * none
Pass IPv4 * WIFI_AP net * LAN2 net * * none
Pass IPv4 * WIFI_AP net * * * MultiWan none Default allow WIFI_AP to any ruleInternet is accessible on all interfaces.
Packets between LAN and LAN2 clients are. Between LAN clients (or LAN2) and WIFI_AP not. Why?I noticed this oddity on the Status / DHCP Leases page
Leases
IP addres MAC adress Hostname Online Lease Type
172.16.10.100 00:04:79:66:50:dc m1 online active
172.16.20.100 00:80:c7:a4:dd:8d xxx online active
172.16.30.100 18:d6:c7:07:60:6a m33 online activeLeases in Use
Interface Pool Start Pool End # of leases in use
LAN1 172.16.10.100 172.16.20.127 1
LAN2 172.16.20.100 172.16.20.127 1
WAN2 172.16.30.100 172.16.30.127 1Address 172.16.30.100 refers actually to WIFI_AP interface. Nevertheless it WIFI_AP clients get dhcp leses correctly.
Thanks
-
WAN interface should have no leases at all?
I don't see any error in the config you posted.
You should check the subnet masks on your clients, they should be set to 255.255.255.0. Also, you should check your WiFi router, since this is the only interface that causes issues, perhaps it is that piece of hardware that has its own configuration wrong.
Probably you can read some more from the firewall logs, they also tell you what traffic is blocked.
If you just want LAN, LAN2 and WIFI_AP to be one large net, you could also just bridge them. (I think then you have to adjust the subnet mask again to include all nets.)
-
WAN interface should have no leases at all?
I don't see any error in the config you posted.
You should check the subnet masks on your clients, they should be set to 255.255.255.0. Also, you should check your WiFi router, since this is the only interface that causes issues, perhaps it is that piece of hardware that has its own configuration wrong.
Probably you can read some more from the firewall logs, they also tell you what traffic is blocked.
If you just want LAN, LAN2 and WIFI_AP to be one large net, you could also just bridge them. (I think then you have to adjust the subnet mask again to include all nets.)
I apologize for not enough a clear description of the problem.
WAN, WAN2, WIFI interfaces receive leases from the ISP and operating normally. WIFI interface is Atheros AR2417 adapter.
Subnet masks really 255.255.255.0. No additional WIFI router is not used, the access point is implemented by means of pfsense WIFI adapter Ralink RT2561S, if it is important.
The firewall logs nothing about blocking packets from the LAN to WIFI_AP, which is strange.
The experimental purposes, I tried to combine all three interfaces in a bridge, in this case, the problem disappears, but I need independent subnet.
As I see it (maybe I'm wrong) the problem is in routing with WIFI_AP NIC.
Thanks