No internet access for wireless clients on External WAP


  • Hello Netgate Community.

    I'm a little rusty at this configuration and could use some extra eyes on what I'm missing. Thanks in advance.

    I'm trying to segment my wireless AP from the LAN. The interfaces are setup as follows.
    LAN = 192.168.1.0/28 - set to port 2
    OPT = 192.168.10.0/28 - set to port 1

    Firewall rules are as follows
    firewall rules lan.png
    firewall rules optwireless.png
    Aliases are
    aliases.png

    The router/AP is a Linksys EA7500 set to bridged mode specifying a specific IP with the following settings.
    internet address = 192.168.10.2
    subnetmask = 255.255.255.240
    Gateway = 192.168.10.1
    DNS = 192.168.10.1

    DHCP is enabled for both interfaces (LAN & OPTWIRELESS) for the following ranges respectively.
    subnet 192.168.1.0 & 192.168.10.0
    subnetmask 255.255.255.240 (same for both)
    range 192.168.1.3-14 & 192.168.10.3-14

    Using manual outbound NAT so I duplicated the Outbound Nat rules for LAN subnet and changed them to match the OPTWIRELESS interface

    From this point I can ping from pfsense GUI to 8.8.8.8 from OPTWIRELESS and I can reach the internet from a laptop connected to the AP switch ports.

    Wireless clients are only getting the APIPA address and cannot access internet.

    Any assistance or advice is greatly welcome. Thank you!


  • @Andytech010

    Well, as always, try to isolate the problem. What happens if you connect the AP to the main LAN? Do you get a connection then? You could also use Packet Capture to see what's happening with DHCP.


  • @Andytech010 Are you sure you want such a small subnet mask on those 2 networks - a /28? That's only 16 possible addresses and 14 host machines.

    Normally subnets have a /24 size, unless some other size (up or down) is specifically needed.

    Jeff

  • Netgate Administrator

    If you can pull an IP on a client connected to the AP switch ports but not connected to it wirelessly then you have an issue with the AP config. It's not correctly in 'bridge mode' acting purely as an access point.

    Steve


  • @stephenw10

    Should I be using "Bridge Mode" or "Wireless Bridge"

    Here's what the settings currently are.
    bridgeSettings.jpg

    Thank you.


  • @Andytech010 Isn't there an AP-Mode? And why manual outbound NAT? Don't use that.


  • @Bob-Dig

    I'll check on that, I believe I saw a "Wireless Bridge" option.

    I'm using outbound NAT per the instructions to setup pfsense with my current vpn provider. Could you elaborate on why I shouldn't be using it?

    Thanks for your response.


  • @Andytech010 Ok, if you have a reason for that. I use Hybrid Outbound NAT for my VPN.

  • Galactic Empire

    Can't you just connect pfSense to a lan port on the Linksys EA7500, no need to worry about NAT?

    TBH I'd sell it on eBay and buy a Ubiquity AP that supports VLANs and multiple SSIDs.

  • Netgate Administrator

    Yeah, 'bridge mode' there looks like a WAN setting. 'wireless bridge' is probably wifi as WAN in that context.

    You may just need to do it manually. Disable DHCP on the device and connect pfSense to one of it's LAN ports. It should already have LAN and wifi bridged at layer 2 internally.

    Steve