Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    ALIX 3D1 with Wireless WAN bridged with Wireless Opt1 AP

    Wireless
    2
    3
    2623
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bonnecomm last edited by

      I'm building a repeater station using an ALIX3D1.
      LAN is the ethernet port.
      WAN is an XR5 wireless card.
      OPT1 is an Engenius Em-9 wireless card.

      Plugged into the LAN, I can surf the internet with no problem although it is slow.
      My computer connects wirelessly to OPT1 and I can log into the ALIX. I can ping the WAN port on the ALIX. But, I cannot surf the internet nor can I ping my default gateway.

      What am I missing?

      My configuration is as follows:

      <pfsense><version>3.0</version>
      <lastchange><theme>pfsense</theme>
      <system><optimization>normal</optimization>
      <schedulertype>priq</schedulertype>
      <hostname>holstnet</hostname>
      <domain>bonnecomm.net</domain>
      <username>admin</username>
      <password></password>
      <timezone>America/Toronto</timezone>
      <time-update-interval><timeservers>time.nrc.ca</timeservers>
      <webgui><protocol>http</protocol></webgui>
      <disablenatreflection>yes</disablenatreflection>
      <dnsserver>192.168.102.1</dnsserver>
      <dnsserver>192.168.100.1</dnsserver>
      <dnsallowoverride></dnsallowoverride></time-update-interval></system>
      <interfaces><lan><if>vr0</if>
      <ipaddr>192.168.2.1</ipaddr>
      <subnet>24</subnet>
      <media><mediaopt><bandwidth>100</bandwidth>
      <bandwidthtype>Mb</bandwidthtype>
      <disableftpproxy></disableftpproxy></mediaopt></media></lan>
      <wan><if>ath1</if>
      <mtu><media><mediaopt><bandwidth>100</bandwidth>
      <bandwidthtype>Mb</bandwidthtype>
      <wireless><standard>11a</standard>
      <mode>bss</mode>
      <protmode>off</protmode>
      <ssid>RoundLink</ssid>
      <channel>0</channel>
      <authmode><txpower>99</txpower>
      <distance>35000</distance>
      <wpa><macaddr_acl><auth_algs>1</auth_algs>
      <wpa_mode>3</wpa_mode>
      <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
      <wpa_pairwise>CCMP TKIP</wpa_pairwise>
      <wpa_group_rekey>60</wpa_group_rekey>
      <wpa_gmk_rekey>3600</wpa_gmk_rekey>
      <passphrase></passphrase>
      <ext_wpa_sw></ext_wpa_sw></macaddr_acl></wpa>
      <wep><key><value></value></key></wep></authmode></wireless>
      <spoofmac><disableftpproxy><ipaddr>192.168.100.210</ipaddr>
      <subnet>22</subnet>
      <gateway>192.168.102.1</gateway></disableftpproxy></spoofmac></mediaopt></media></mtu></wan>
      <opt1><if>ath0</if>
      <wireless><standard>11g</standard>
      <mode>hostap</mode>
      <protmode>off</protmode>
      <ssid>HolstNet.BonneComm.Net</ssid>
      <channel>11</channel>
      <authmode></authmode>
      <txpower>99</txpower>
      <distance>10000</distance>
      <wpa><macaddr_acl></macaddr_acl>
      <auth_algs>1</auth_algs>
      <wpa_mode>3</wpa_mode>
      <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
      <wpa_pairwise>CCMP TKIP</wpa_pairwise>
      <wpa_group_rekey>60</wpa_group_rekey>
      <wpa_gmk_rekey>3600</wpa_gmk_rekey>
      <passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></wpa></wireless>
      <descr>OPT1_AP</descr>
      <bridge>wan</bridge>
      <ipaddr>192.168.100.211</ipaddr>
      <subnet>22</subnet>
      <gateway>192.168.102.1</gateway>
      <spoofmac><mtu><enable><disableftpproxy></disableftpproxy></enable></mtu></spoofmac></opt1></interfaces>
      <staticroutes><pppoe><username><password></password></username></pppoe>
      <pptp><username><password><local></local></password></username></pptp>
      <bigpond><username><password><authserver><authdomain><minheartbeatinterval></minheartbeatinterval></authdomain></authserver></password></username></bigpond>
      <dyndns><type>dyndns</type>
      <username><password></password></username></dyndns>
      <dhcpd><lan><enable><range><from>192.168.2.10</from>
      <to>192.168.2.19</to></range>
      <defaultleasetime><maxleasetime><netmask><failover_peerip><gateway><ddnsdomain><next-server><filename></filename></next-server></ddnsdomain></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></enable></lan></dhcpd>
      <pptpd><mode><redir><localip></localip></redir></mode></pptpd>
      <ovpn><dnsmasq><enable></enable></dnsmasq>
      <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
      <diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
      <bridge><syslog><nat><ipsecpassthru><enable></enable></ipsecpassthru></nat>
      <filter><rule><type>pass</type>
      <interface>opt1</interface>
      <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
      <os><source>
      <any><destination><any></any></destination>
      <descr>Opt1-PassThru</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>
      <rule><type>pass</type>
      <descr>Default LAN -> any</descr>
      <interface>lan</interface>
      <source>
      <network>lan</network>

      <destination><any></any></destination></rule>
      <rule><type>pass</type>
      <interface>wan</interface>
      <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
      <os><source>
      <any><destination><any></any></destination>
      <descr>WAN-PassThru</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter>
      <shaper><ipsec><preferredoldsa></preferredoldsa></ipsec>
      <aliases><proxyarp><wol><cron><minute>0</minute>
      <hour></hour>
      <mday>
      </mday>
      <month></month>
      <wday>
      </wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 newsyslog
      <minute>1,31</minute>
      <hour>0-5</hour>
      <mday></mday>
      <month>
      </month>
      <wday></wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 adjkerntz -a
      <minute>1</minute>
      <hour>3</hour>
      <mday>1</mday>
      <month>
      </month>
      <wday></wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
      <minute>
      /60</minute>
      <hour></hour>
      <mday>
      </mday>
      <month></month>
      <wday>
      </wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
      <minute>1</minute>
      <hour>1</hour>
      <mday></mday>
      <month>
      </month>
      <wday></wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
      <minute>
      /60</minute>
      <hour></hour>
      <mday>
      </mday>
      <month></month>
      <wday>
      </wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
      <minute>/60</minute>
      <hour>
      </hour>
      <mday></mday>
      <month>
      </month>
      <wday></wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
      <minute>
      /5</minute>
      <hour></hour>
      <mday>
      </mday>
      <month></month>
      <wday>
      </wday>
      <who>root</who>
      <command></command>/usr/local/bin/checkreload.sh
      <minute>/5</minute>
      <hour>
      </hour>
      <mday></mday>
      <month>
      </month>
      <wday></wday>
      <who>root</who>
      <command></command>/etc/ping_hosts.sh
      <minute>
      /140</minute>
      <hour></hour>
      <mday>
      </mday>
      <month></month>
      <wday>
      </wday>
      <who>root</who>
      <command></command>/usr/local/sbin/reset_slbd.sh</cron>
      <installedpackages><rrd><enable></enable></rrd>
      <revision><description>/interfaces_opt.php made unknown change</description>
      <time>1245258478</time></revision></installedpackages></wol></proxyarp></aliases></shaper></syslog></bridge></ovpn></staticroutes></lastchange></pfsense>

      Incidentally, I was not able to preview this so forgive if it comes out without the mark-up

      1 Reply Last reply Reply Quote 0
      • C
        clarknova last edited by

        You may want to edit your post and take out your wireless passphrases.

        It appears from your config that you have a firewall rule on OPT allowing anything out, so that's good. Your two wireless NICs are on different channels, so that's good.

        You may want to check your logs and state tables. I'm afraid I can't think of anything else at the moment.

        db

        1 Reply Last reply Reply Quote 0
        • B
          bonnecomm last edited by

          Nope. It's not that.

          I brought everything home, and just took delivery of an ALIX 2D0 (2 ethernet, 2miniPCI).

          vr0 (ethernet0) is always set to LAN.
          If WAN is set to vr1, I can set OPT1 or OPT2 to AP mode, bridge them to the WAN, and it works fine (although very slow, very much slower than m0n0wall).
          If WAN is set to ath0 (wireless0), even though the LAN works fine, and even though I receive no error message about bridging something to a wireless WAN, the bridge essentially does not work. The problem seems to be that you can't bridge anything to a wireless WAN.

          So right now, I have several SBCs with a half dozen radio cards and working repeater stations.

          So, do I try a Linux-based solution instead?

          It's either that or I'm going to need to spend several months fixing m0n0wall to do what I want. I'd likely do it as a branch.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy