No internet access for wireless clients on External WAP
Hello Netgate Community.
I'm a little rusty at this configuration and could use some extra eyes on what I'm missing. Thanks in advance.
I'm trying to segment my wireless AP from the LAN. The interfaces are setup as follows.
LAN = 192.168.1.0/28 - set to port 2
OPT = 192.168.10.0/28 - set to port 1
Firewall rules are as follows
The router/AP is a Linksys EA7500 set to bridged mode specifying a specific IP with the following settings.
internet address = 192.168.10.2
subnetmask = 255.255.255.240
Gateway = 192.168.10.1
DNS = 192.168.10.1
DHCP is enabled for both interfaces (LAN & OPTWIRELESS) for the following ranges respectively.
subnet 192.168.1.0 & 192.168.10.0
subnetmask 255.255.255.240 (same for both)
range 192.168.1.3-14 & 192.168.10.3-14
Using manual outbound NAT so I duplicated the Outbound Nat rules for LAN subnet and changed them to match the OPTWIRELESS interface
From this point I can ping from pfsense GUI to 126.96.36.199 from OPTWIRELESS and I can reach the internet from a laptop connected to the AP switch ports.
Wireless clients are only getting the APIPA address and cannot access internet.
Any assistance or advice is greatly welcome. Thank you!
JKnott last edited by
Well, as always, try to isolate the problem. What happens if you connect the AP to the main LAN? Do you get a connection then? You could also use Packet Capture to see what's happening with DHCP.
@Andytech010 Are you sure you want such a small subnet mask on those 2 networks - a /28? That's only 16 possible addresses and 14 host machines.
Normally subnets have a /24 size, unless some other size (up or down) is specifically needed.
If you can pull an IP on a client connected to the AP switch ports but not connected to it wirelessly then you have an issue with the AP config. It's not correctly in 'bridge mode' acting purely as an access point.
Should I be using "Bridge Mode" or "Wireless Bridge"
Here's what the settings currently are.
@Andytech010 Isn't there an AP-Mode? And why manual outbound NAT? Don't use that.
I'll check on that, I believe I saw a "Wireless Bridge" option.
I'm using outbound NAT per the instructions to setup pfsense with my current vpn provider. Could you elaborate on why I shouldn't be using it?
Thanks for your response.
@Andytech010 Ok, if you have a reason for that. I use Hybrid Outbound NAT for my VPN.
Can't you just connect pfSense to a lan port on the Linksys EA7500, no need to worry about NAT?
TBH I'd sell it on eBay and buy a Ubiquity AP that supports VLANs and multiple SSIDs.
Yeah, 'bridge mode' there looks like a WAN setting. 'wireless bridge' is probably wifi as WAN in that context.
You may just need to do it manually. Disable DHCP on the device and connect pfSense to one of it's LAN ports. It should already have LAN and wifi bridged at layer 2 internally.