Guest Wi-Fi using on-board adapter
-
Have you tried replacing WLAN address with WLAN net for your firewall rules?
-
Beat me to it :)
-
@biggsy
haha Sorry. Did not mean to steal your thunder. -
For anyone that runs into this problem in the future, I found the issue. I needed to setup my Outbound NAT. Once I did that and added a firewall rule to block traffic to "LAN net" I had what I wanted. Connections to the WLAN can access the internet (the Outbound NAT fixed this) and could not access my local network (firewall rule to block "LAN net" fixed this).
This was not a hardware problem, and really wasn't a Wireless issue. I was able to find the troubleshooting guide below once I viewed my WLAN as LAN since it is just another interface/NIC on my pfSense device.
This guide was extremely helpful: https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
-
"I needed to setup my Outbound NAT."
You would only have to do that if you had changed the outbound nat from automatic. Any time you give pfsense an address on an interface, be it a physical interface (wired or wireless) or a vlan.. It would auto create the outbound nat rule for you.
-
"I needed to setup my Outbound NAT."
You would only have to do that if you had changed the outbound nat from automatic. Any time you give pfsense an address on an interface, be it a physical interface (wired or wireless) or a vlan.. It would auto create the outbound nat rule for you.
I think I had done that as part of setting up OpenVPN. I don't recall if it was for configuring my client or server instance of OpenVPN. I don't know if this is/was required, but it was in the guide I found and followed.
-
I'm just wondering why you give them money then post here looking for free support.
You will find that I am fairly opposed to trying to use the wifi stack in FreeBSD/pfSense and that you should just use an external access point like everyone else.
If you want to use an internal wifi adapter, ask Protectli for assistance.
With all due respect, I think that reply is beneath you.
You could have not replied, or stuck with the fact that an external AP is best practice. If someone has an APU, do they need to contact PC Engines? Are they also not welcome to get support from fellow users on a public forum? This is an open forum and users should be allowed to ask questions of the community whether they loaded pfSense on an ADI, an APU, and old Dell server, an HP thin client, or a Chinese mini pc.
You are a mod and one of the most respected and helpful members of this forum. Maybe I'm reading it wrong, but you sounded like you didn't want to help the user just because you disapproved of his hardware choice. -
Yeah. You're probably right.
-
No he is not right..
Derelict you are the most honest and upfront mod here…
If anything you were more than extra polite... Yes community support is free, which means you might not always be doing flips over what you get ;)
dotdash seems to be confusing that Derelict gets some bucks from pfsense/netgate for being here, and that he is also part of this community. So has as much right to his opinion as anyone else.. If he doesn't suggest/support wifi on pfsense, that is his opinion - if he suggest you call the company you bought your hardware from for support vs ask on a public that is his right as a human being..
Be it by the community or the staff... Its been a known fact since pfsense came out - been here since the start myself that wifi on it sucked... Its not pfsense fault.. Freebsd wifi support has always been crap... Pfsense did the best they could to support it in their product..
You can tell from the store where you can buy pfsense/netgate hardware that they recommend you handle your wifi outside of pfsense.. I personally think ever even suggesting to even attempt to run wifi out of the pfsense box as AP was a mistake.. And ever even offering the option to buy wifi cards to put in the box was just promoting the mistake.. They should of discouraged use of wifi cards in pfsense as AP from day 1.. With bold blinking RED/Gold letters ;) It as a wan connection would be different - bu that is a whole different ball game and use case.
Sorry dotdash.. But to be honest you just suggested the OP contact the maker here
https://forum.pfsense.org/index.php?topic=140147.0With what the OP posted you have ZERO info to go off of.. Doesn't point to hardware, doesn't point to software.. Your guess to what the problem is "brick" - But you call out a guess and tell him to call the hardware maker.. Why should derelict not get same freedom?
I think your other post was pretty rude to be honest and very offended that you suggest the poster on a free community forum should have to call the maker of said hardware for help vs dropping to a knee to help him.. I mean really...
How is that any different than what Derlict did??
-
This is getting a bit overblown. Especially as, while we don't always agree 100%, I think you (johnpoz), and Derelict are two of the most helpful people on the board. Yes, I suggested a user contact the reseller- for a hardware issue.
The point I was trying to make, is that a wireless board exists, where people can presumably ask questions about using wireless cards in the actual firewall. Telling them it is not best practice is fine. What I thought was out of line was (and perhaps I was reading too much into it) that a new user was being told that he was not deserving of help because he bought some hardware that a mod did not approve of. I have lots of 'official' hardware, and have in the past told people that they should get some decent hardware (like an adi) when they were running on flaky garbage. The OP had a configuration question. I don't like the implication that if you don't have approved hardware, you are not welcome to ask questions. I don't think Derelict meant that, but his response was not in his usual character. How about I buy the fist round of Old Man Grumpy Ale http://www.gooseisland.com/our-beers/old-man-grumpy and we can all get back to normally scheduled programming?
