No internet on OPT1, but DHCP is providing correct IPs for client.



  • I have a single wireless AP connected to OPT1 (GWN in my setup).

    I created the GWN interface with a statci IPv4 of 192.168.2.1

    I enabled DHCP for GWN with a range of 192.169.2.3-192.168.2.254

    I can connect to the AP and get an ip address assigned and see it reported under Status->DHCP leases

    I didn't touch the Outboung firewall NAT rules, and only see ones there for my LAN interface, nothing for GWN.

    I have no firewall rules defined for GWN either.  I'm assuming that I need firewall rules but really don't know what to do.  I see that my LAN default rules are there assigned to WAN_DHCP.

    Any pointers to how I complete this setup?

    thanks
    david



  • You will need both, a firewall rule on GWN and an outbound NAT rule for the GWN subnet on WAN interface.

    The outbound NAT rule should be generated automatically if your outbound NAT is in automatic or hybrid mode. If it wasn't try hit the save button at the right of the modes. Maybe this generates the rule, otherwise you have to set it to hybrid and add the rule manually.



  • I added the outbound NAT rules, just duplicating the LAN ones and changing the interface to GWN.  I snipped a picture of them.

    For the firewall wall rules, I just want to make sure that GWN can get to the internet, but cannot get to the LAN.  It is a wireless guest network.  I tried adding the one shown in the attachment, but I still cannot get internet.  I think I need a rule that allows GWN access to the WAN?

    thanks,
    david





  • LAYER 8 Global Moderator

    That firewall rule is not even enabled - its greyed out.. And it would only allow access to lan net..  That is not a ! lan net rule..

    Why do you not just have your outbound nat in automatic?

    Also what version of pfsense you running - looks old..



  • The firewall rule is a block rule. Turn it into a pass rule and check "invert" at destination. So it will allow any other destinations, but not LAN net.



  • Thanks, that fixed it.

    david


Log in to reply