ALIX 3D1 with Wireless WAN bridged with Wireless Opt1 AP

bonnecomm

I'm building a repeater station using an ALIX3D1.
LAN is the ethernet port.
WAN is an XR5 wireless card.
OPT1 is an Engenius Em-9 wireless card.

Plugged into the LAN, I can surf the internet with no problem although it is slow.
My computer connects wirelessly to OPT1 and I can log into the ALIX. I can ping the WAN port on the ALIX. But, I cannot surf the internet nor can I ping my default gateway.

What am I missing?

My configuration is as follows:

<pfsense><version>3.0</version>
<lastchange><theme>pfsense</theme>
<system><optimization>normal</optimization>
<schedulertype>priq</schedulertype>
<hostname>holstnet</hostname>
<domain>bonnecomm.net</domain>
<username>admin</username>
<password></password>
<timezone>America/Toronto</timezone>
<time-update-interval><timeservers>time.nrc.ca</timeservers>
<webgui><protocol>http</protocol></webgui>
<disablenatreflection>yes</disablenatreflection>
<dnsserver>192.168.102.1</dnsserver>
<dnsserver>192.168.100.1</dnsserver>
<dnsallowoverride></dnsallowoverride></time-update-interval></system>
<interfaces><lan><if>vr0</if>
<ipaddr>192.168.2.1</ipaddr>
<subnet>24</subnet>
<media><mediaopt><bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<disableftpproxy></disableftpproxy></mediaopt></media></lan>
<wan><if>ath1</if>
<mtu><media><mediaopt><bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<wireless><standard>11a</standard>
<mode>bss</mode>
<protmode>off</protmode>
<ssid>RoundLink</ssid>
<channel>0</channel>
<authmode><txpower>99</txpower>
<distance>35000</distance>
<wpa><macaddr_acl><auth_algs>1</auth_algs>
<wpa_mode>3</wpa_mode>
<wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
<wpa_pairwise>CCMP TKIP</wpa_pairwise>
<wpa_group_rekey>60</wpa_group_rekey>
<wpa_gmk_rekey>3600</wpa_gmk_rekey>
<passphrase></passphrase>
<ext_wpa_sw></ext_wpa_sw></macaddr_acl></wpa>
<wep><key><value></value></key></wep></authmode></wireless>
<spoofmac><disableftpproxy><ipaddr>192.168.100.210</ipaddr>
<subnet>22</subnet>
<gateway>192.168.102.1</gateway></disableftpproxy></spoofmac></mediaopt></media></mtu></wan>
<opt1><if>ath0</if>
<wireless><standard>11g</standard>
<mode>hostap</mode>
<protmode>off</protmode>
<ssid>HolstNet.BonneComm.Net</ssid>
<channel>11</channel>
<authmode></authmode>
<txpower>99</txpower>
<distance>10000</distance>
<wpa><macaddr_acl></macaddr_acl>
<auth_algs>1</auth_algs>
<wpa_mode>3</wpa_mode>
<wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
<wpa_pairwise>CCMP TKIP</wpa_pairwise>
<wpa_group_rekey>60</wpa_group_rekey>
<wpa_gmk_rekey>3600</wpa_gmk_rekey>
<passphrase><ext_wpa_sw></ext_wpa_sw></passphrase></wpa></wireless>
<descr>OPT1_AP</descr>
<bridge>wan</bridge>
<ipaddr>192.168.100.211</ipaddr>
<subnet>22</subnet>
<gateway>192.168.102.1</gateway>
<spoofmac><mtu><enable><disableftpproxy></disableftpproxy></enable></mtu></spoofmac></opt1></interfaces>
<staticroutes><pppoe><username><password></password></username></pppoe>
<pptp><username><password><local></local></password></username></pptp>
<bigpond><username><password><authserver><authdomain><minheartbeatinterval></minheartbeatinterval></authdomain></authserver></password></username></bigpond>
<dyndns><type>dyndns</type>
<username><password></password></username></dyndns>
<dhcpd><lan><enable><range><from>192.168.2.10</from>
<to>192.168.2.19</to></range>
<defaultleasetime><maxleasetime><netmask><failover_peerip><gateway><ddnsdomain><next-server><filename></filename></next-server></ddnsdomain></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></enable></lan></dhcpd>
<pptpd><mode><redir><localip></localip></redir></mode></pptpd>
<ovpn><dnsmasq><enable></enable></dnsmasq>
<snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
<diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
<bridge><syslog><nat><ipsecpassthru><enable></enable></ipsecpassthru></nat>
<filter><rule><type>pass</type>
<interface>opt1</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><any></any></destination>
<descr>Opt1-PassThru</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>
<rule><type>pass</type>
<descr>Default LAN -> any</descr>
<interface>lan</interface>
<source>
<network>lan</network>

<destination><any></any></destination></rule>
<rule><type>pass</type>
<interface>wan</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os><source>
<any><destination><any></any></destination>
<descr>WAN-PassThru</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter>
<shaper><ipsec><preferredoldsa></preferredoldsa></ipsec>
<aliases><proxyarp><wol><cron><minute>0</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 newsyslog
<minute>1,31</minute>
<hour>0-5</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 adjkerntz -a
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
<minute>1</minute>
<hour>1</hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
<minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
<minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/local/bin/checkreload.sh
<minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/etc/ping_hosts.sh
<minute>/140</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/local/sbin/reset_slbd.sh</cron>
<installedpackages><rrd><enable></enable></rrd>
<revision><description>/interfaces_opt.php made unknown change</description>
<time>1245258478</time></revision></installedpackages></wol></proxyarp></aliases></shaper></syslog></bridge></ovpn></staticroutes></lastchange></pfsense>

Incidentally, I was not able to preview this so forgive if it comes out without the mark-up

clarknova

You may want to edit your post and take out your wireless passphrases.

It appears from your config that you have a firewall rule on OPT allowing anything out, so that's good. Your two wireless NICs are on different channels, so that's good.

You may want to check your logs and state tables. I'm afraid I can't think of anything else at the moment.

db

bonnecomm

Nope. It's not that.

I brought everything home, and just took delivery of an ALIX 2D0 (2 ethernet, 2miniPCI).

vr0 (ethernet0) is always set to LAN.
If WAN is set to vr1, I can set OPT1 or OPT2 to AP mode, bridge them to the WAN, and it works fine (although very slow, very much slower than m0n0wall).
If WAN is set to ath0 (wireless0), even though the LAN works fine, and even though I receive no error message about bridging something to a wireless WAN, the bridge essentially does not work. The problem seems to be that you can't bridge anything to a wireless WAN.

So right now, I have several SBCs with a half dozen radio cards and working repeater stations.

So, do I try a Linux-based solution instead?

It's either that or I'm going to need to spend several months fixing m0n0wall to do what I want. I'd likely do it as a branch.