• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Wireless on same subnet while using a non-PfSense DHCP Server

Scheduled Pinned Locked Moved Wireless
18 Posts 4 Posters 10.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    weediez
    last edited by Feb 25, 2009, 8:43 PM

    Can you give me a example or give me the information that I would need to set that sort of rule up?

    1 Reply Last reply Reply Quote 0
    • K
      ktims
      last edited by Feb 25, 2009, 9:19 PM

      Here's what I have set up at one install. It uses a DHCP server running on the pfSense box, but since DHCP is broadcast traffic it should work with an external DHCP server as well (obviously it must be on the LAN segment). The DHCP rule is a bit less granular than it could be, and obviously the allow all rule is less than optimal, but this config should work. As mentioned, you'll need to bridge the interfaces as well.

      rules.png
      rules.png_thumb

      1 Reply Last reply Reply Quote 0
      • W
        weediez
        last edited by Feb 25, 2009, 9:36 PM

        ok ya we tried bridging it as well at one point but we didnt create any rules.  thanks alot I'll give your suggestion a try and let you know how it goes.

        1 Reply Last reply Reply Quote 0
        • W
          weediez
          last edited by Feb 26, 2009, 5:18 PM Feb 26, 2009, 5:17 PM

          I posed screenshots of my Rules for my LAN device and my Opt1 (Wireless AP).  OPT1 is bridged with LAN.

          I havent put the box live again since yesterday, just wanted insight on these rules before I do go live with it.

          ![OPT1 rules.JPG_thumb](/public/imported_attachments/1/OPT1 rules.JPG_thumb)
          ![OPT1 rules.JPG](/public/imported_attachments/1/OPT1 rules.JPG)
          ![LAN Firewall Rules.JPG_thumb](/public/imported_attachments/1/LAN Firewall Rules.JPG_thumb)
          ![LAN Firewall Rules.JPG](/public/imported_attachments/1/LAN Firewall Rules.JPG)

          1 Reply Last reply Reply Quote 0
          • K
            ktims
            last edited by Feb 26, 2009, 6:05 PM

            If you don't want traffic to be able to pass from the wireless LAN to the wired LAN, I would prefer to explicitly create a block or reject rule. The effect is the same, but it's more 'self documenting' than letting that traffic default out. Put all your reject rules first, then you can get rid of the 'not LAN subnet' destination specification.

            This is more personal preference than anything (I don't like using NOTs in my firewall rules, or letting traffic intentionally hit the policy rules) as your ruleset should work as you expect.

            1 Reply Last reply Reply Quote 0
            • W
              weediez
              last edited by Feb 26, 2009, 6:24 PM

              Well I can get DHCP to give me Ip's when I conenct devices to my AP, which is OPT1.  But I cant access network shares or the Internet.  So thats why I'm just asking what rule I need to put in place to be able to access the web and get network access.  I also need to know where I add the rules.  Thanks.

              1 Reply Last reply Reply Quote 0
              • K
                ktims
                last edited by Feb 26, 2009, 6:35 PM

                It may be the NOT LAN Net rule that's causing the problem, it's probably blocking traffic to the default gateway (on the LAN net), and what you're seeing makes sense. Keep things simple when testing, and just add an allow all rule and see if that works before you try anything else.

                Though really, if you want the WLAN and LAN segregated, it makes a lot more sense to just have a separate subnet. If the machines on the segment can't talk to each other, why do they need to use the same DHCP, seems a bit of a strange requirement.

                1 Reply Last reply Reply Quote 0
                • O
                  OMEN
                  last edited by Feb 26, 2009, 6:37 PM

                  Forgive me for this but a quick google:

                  http://geekswithblogs.net/TSCustomiser/archive/2007/05/09/112357.aspx
                  you need certain port forwarded to get funtionality,

                  netbios 137 and 138 and 139
                  smb (shares) 445
                  dns 53

                  1 Reply Last reply Reply Quote 0
                  • W
                    weediez
                    last edited by Feb 26, 2009, 7:14 PM

                    Yea, I'm not too sure to be honest.  It's what my boss wants done.  I will try removing that rule and see if that helps at all.  Thanks guys.

                    1 Reply Last reply Reply Quote 0
                    • W
                      weediez
                      last edited by Feb 26, 2009, 7:26 PM

                      Thanks Omen, appreciate that man.

                      1 Reply Last reply Reply Quote 0
                      18 out of 18
                      • First post
                        18/18
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received