SOLVED: External wifi router and pfsense settings

nicolaj · Jun 1, 2017, 2:32 PM

I've got wan and two lan. em1 is wired to pc and everything works. em0 or is wired to external wifi router lan port. IP on em0 is 192.168.2.1, wifi router lan is set to 192.168.2.2. Firewall, NAT, DHCP is off. Wireless client receives ip from pfsense IE. 192.168.2.100. Client reports gateway, DNS and DHCP is 192.168.2.1. Created firewall rule to allow lan to any for em0 interface. But client has no internet. And i don't know why or how to figure out why.
Suggestions ?

Gertjan · Jun 1, 2017, 12:38 PM

@nicolaj:

…. em0 or is wired to external wifi router lan port. IP on em0 is 192.168.2.1, wifi router lan is set to 192.168.2.2. Firewall, NAT, DHCP is off. Wireless client receives ip from pfsense IE. 192.168.2.100. Client reports gateway, DNS and DHCP is 192.168.2.1. ....

I have exactly the same setup : an OPT1 (second LAN) interface with 192.1682.1 and some AP's (192.168.2.2, 192.168.2.3, etc etc).
You'll be needing at least one pass rule on the OPT1 (your "em0" interface) interface to let traffic go through.

Can you show your rule(s) on that OPT1/em0 interface ?

nicolaj · Jun 1, 2017, 12:42 PM

@Gertjan:

Can you show your rule(s) on that OPT1/em0 interface ?

Just copied the rule from em1 lan

Presbuteros · Jun 1, 2017, 1:53 PM

Additionally, ensure that your AP address of 192.168.2.2 is outside of the DHCP Server Range.

Look under Services>DHCP Server>your.interface

nicolaj · Jun 1, 2017, 2:11 PM

wifi is static at 192.168.2.2, should be fine.
However, i just found out i can't ping 192.168.2.1 aka pfsense from wifi connected device, i do not know why that is besides "don't respond to ping" but i can't find an option like that.

Gertjan · Jun 1, 2017, 2:14 PM

@nicolaj:

@Gertjan:

Can you show your rule(s) on that OPT1/em0 interface ?

Just copied the rule from em1 lan

Wrong !!

"LAN Net" is ….. LAN net. And NOT "OPT1 net", or whatever you called it.
So, change this and you'll be good.

Think about it : do IP's that are present on your LAN (em1 - probably 192.168.1.x - delivered by the server DHCP on the LAN segment) even exist on your em0 (OPT1) : No, of course not.
More clear : 192.168.1.0/24 IS NOT 192.168.2.0/24 - or, "LAN Net" is not "OPT net", or : your pass rule will blocks everything .... ;)

Btw : your "OPT net" is called "WIFI net", like mine.

nicolaj · Jun 1, 2017, 2:30 PM

Wait a sec.
Yeah of course, i just copied the rule and totally forgot that "wifi net" was on the list. DO'H.
It works now.
Thanks for the help.

And speed is good too.

Gertjan · Jun 2, 2017, 12:42 PM

@nicolaj:

…..
And speed is good too.

That's not pfSense - says a little bit about the hardware - and much more about your ISP ;)
Glad all is well now.

nicolaj · Jun 3, 2017, 12:49 PM

The point was just that the speed between wan, pfsense, ap and wireless client was good.