Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wireless on same subnet while using a non-PfSense DHCP Server

    Scheduled Pinned Locked Moved Wireless
    18 Posts 4 Posters 10.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      weediez
      last edited by

      Can you give me a example or give me the information that I would need to set that sort of rule up?

      1 Reply Last reply Reply Quote 0
      • K
        ktims
        last edited by

        Here's what I have set up at one install. It uses a DHCP server running on the pfSense box, but since DHCP is broadcast traffic it should work with an external DHCP server as well (obviously it must be on the LAN segment). The DHCP rule is a bit less granular than it could be, and obviously the allow all rule is less than optimal, but this config should work. As mentioned, you'll need to bridge the interfaces as well.

        rules.png
        rules.png_thumb

        1 Reply Last reply Reply Quote 0
        • W
          weediez
          last edited by

          ok ya we tried bridging it as well at one point but we didnt create any rules.  thanks alot I'll give your suggestion a try and let you know how it goes.

          1 Reply Last reply Reply Quote 0
          • W
            weediez
            last edited by

            I posed screenshots of my Rules for my LAN device and my Opt1 (Wireless AP).  OPT1 is bridged with LAN.

            I havent put the box live again since yesterday, just wanted insight on these rules before I do go live with it.

            ![OPT1 rules.JPG_thumb](/public/imported_attachments/1/OPT1 rules.JPG_thumb)
            ![OPT1 rules.JPG](/public/imported_attachments/1/OPT1 rules.JPG)
            ![LAN Firewall Rules.JPG_thumb](/public/imported_attachments/1/LAN Firewall Rules.JPG_thumb)
            ![LAN Firewall Rules.JPG](/public/imported_attachments/1/LAN Firewall Rules.JPG)

            1 Reply Last reply Reply Quote 0
            • K
              ktims
              last edited by

              If you don't want traffic to be able to pass from the wireless LAN to the wired LAN, I would prefer to explicitly create a block or reject rule. The effect is the same, but it's more 'self documenting' than letting that traffic default out. Put all your reject rules first, then you can get rid of the 'not LAN subnet' destination specification.

              This is more personal preference than anything (I don't like using NOTs in my firewall rules, or letting traffic intentionally hit the policy rules) as your ruleset should work as you expect.

              1 Reply Last reply Reply Quote 0
              • W
                weediez
                last edited by

                Well I can get DHCP to give me Ip's when I conenct devices to my AP, which is OPT1.  But I cant access network shares or the Internet.  So thats why I'm just asking what rule I need to put in place to be able to access the web and get network access.  I also need to know where I add the rules.  Thanks.

                1 Reply Last reply Reply Quote 0
                • K
                  ktims
                  last edited by

                  It may be the NOT LAN Net rule that's causing the problem, it's probably blocking traffic to the default gateway (on the LAN net), and what you're seeing makes sense. Keep things simple when testing, and just add an allow all rule and see if that works before you try anything else.

                  Though really, if you want the WLAN and LAN segregated, it makes a lot more sense to just have a separate subnet. If the machines on the segment can't talk to each other, why do they need to use the same DHCP, seems a bit of a strange requirement.

                  1 Reply Last reply Reply Quote 0
                  • O
                    OMEN
                    last edited by

                    Forgive me for this but a quick google:

                    http://geekswithblogs.net/TSCustomiser/archive/2007/05/09/112357.aspx
                    you need certain port forwarded to get funtionality,

                    netbios 137 and 138 and 139
                    smb (shares) 445
                    dns 53

                    1 Reply Last reply Reply Quote 0
                    • W
                      weediez
                      last edited by

                      Yea, I'm not too sure to be honest.  It's what my boss wants done.  I will try removing that rule and see if that helps at all.  Thanks guys.

                      1 Reply Last reply Reply Quote 0
                      • W
                        weediez
                        last edited by

                        Thanks Omen, appreciate that man.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.