2 weeks still nothing.
-
@steveits yep, precisely what I’m trying to do. Currently cannot access gui of pfsense from my lan but can access through wireless devices. Pfsense cannot see internet at all unless dhcp is used and dns-resolver appears to not be working (or I did something wrong). I know I’m nearly there as wireless clients can get on the net, meaning bridge is working and firewall is forwarding it’s just the small parts that are causing issues mainly not having the gui from lan devices and pfsense not doing Nat for whatever reason.
-
@pfsensenewbie1 No you wouldn't be able to access pfsense gui on its "wan" address because out of the box nothing is allowed, and there is also the default block rfc1918 (source) into pfsense even if you create a rule to allow access on pfsense "wan"
If you point your wireless clients to your dns server - lets call it 192.168.10.100 - out of the box they would be able to talk to that server. So unless you did or are doing some of the things I mentioned before - your wireless client should have no issues talking to the IP address of your dns server. Now maybe your dns servers firewall is blocking? Seems unlikely because out of the box clients would be coming from the pfsense "wan" IP because of the automatic nat.
-
@johnpoz not sure tbh that’s a lot to check and think about but honestly I have been banging my head on a wall for too long. Anyway the pfsense cannot ping anything on internet but can all devices on lan wired or wireless. If I enable dhcp this part changes but still the Nat doesn’t seem to be going to my server.
-
@pfsensenewbie1 pfsense "wan" that is plugged into your gateway should be set to dhcp - it would get an IP address from your gateway just like any other device on that network.
You just need to make sure the "lan" network does not overlap that. If your isp devices network is 192.168.1/24, then use 192.168.2/24 for devices on your pfsense "lan"
This works out of the box there is nothing for you to do for this to work.. Turn on pfsense, and this would work - as long as pfsense is actually getting an IP on your gateways network. And the pfsense lan network doesn't overlap that network.
-
@johnpoz hmmm so to get gui access I either have to find a way to allow lan clients to access it or just use wireless. What about the dhcp issue any ideas on that? I would prefer the iPhone to not change hence I prefer static but if pfsense can’t see the internet can I be sure the Nat is forwarding to my dns?
-
@pfsensenewbie1 what are you using for wireless behind pfsense - if your trying to use the wireless of your "gateway" device - that no there is not going to work and is a complete mess.
-
@pfsensenewbie1 said in 2 weeks still nothing.:
can I be sure the Nat is forwarding to my dns?
You can for setup pfsense to forward to yoru dns server, and clients behind it points to pfsense lan IP for dns.. If that is what you want.
But you seem to be confused on what - what network is your gateway handing out, what network are you using? 192.168.0, .1. what?
What network is pfsense lan network? What is providing the wireless for devices behind pfsense?
-
@johnpoz yes I had issues with dhcp not getting an ip but seems randomly to not work. Today I checked and dhcp had no ip on wan so went to static - but perhaps this doesn’t matter as clients cannot get to the gui from lan anyway as was mentioned. Hmmm. Ok I’ll enable dhcp on wan and see if I can get access restored but surely static should work also?
-
@pfsensenewbie1 said in 2 weeks still nothing.:
but perhaps this doesn’t matter
Not getting a dhcp - the solution is not to go to static. Because if dhcp isnt working points to connectivity issue, so static never going to work either. I would of looked to why pfsense wan doesn't its dhcp address from your gateway.
And I have a funny feeling your trying to leverage wifi off your gateway as pfsense lan.. Or you have overlapping IP ranges.
But your setup as drawn is clicky clickly workie workie with really nothing to do.. Other than making sure your pfsense wan and lan network do not overlap.. And your not trying to leverage your gateway wifi as pfsense lan network.
-
@johnpoz ok - so lan interface on pfsense must be on a different subnet? That’s one thing I didn’t do. Can wan interface be on same subnet as modem/router? My entire network is currently using 192.168.1.x.
-
@johnpoz no I’m aware clients connected to the gateway (modem/router) cannot use pfsense - I did originally want all clients to use it but just not possible as it is. I know my diag is crap just to illustrate. Modem/router 192.168.1.1 dns server 1.2 pfsense wan interface 1.4 and tried setting pfsense lan to 1.3 - with gateway dishing out dhcp to everything. Will try different subnet for lan interface and test but getting late so willl update tomorrow. Thanks all for help.
-
@pfsensenewbie1 said in 2 weeks still nothing.:
so lan interface on pfsense must be on a different subnet?
yeah - how do you think it routes if both its interfaces are in the same network? It wouldn't even let you create a static on pfsense wan that overlapped with your lan network.
If your using 192.168.1/24 on pfsense "wan", ie your gateway lan - what is pfsense "lan" this should be something different say 192.168.2/24
What is providing wifi behind pfsense? You have AP, your trying to use some other wifi router as just an AP?
If your gateway is 192.168.1 network - then set pfsense lan to say 192.168.2.1/24 address. Plug its wan into your gateway network as dhcp and shazam all workie... Now if you want clients behind pfsense to use your dns server, then either point them directly to that, or have pfsense forward to it, and have your clients use pfsense 192.168.2.1 address as their dns - this would what would be default handed to dhcp clients behind pfsense.
If you then want clients on your pfsense wan to be able to hit the pfsense gui, then turn off the block rfc1918 rule on your wan, and create a wan firewall rule to allow access to your gui port on the wan address.
-
@johnpoz well.... this is interesting. I took the advice and changed pfsense lan(wireless) to 2.1 and got immediate full crash and restart. Next time I tried it I now have access to the gui from my own lan but not from wireless however pfsense still cannot update or cannot fetch update info. It can ping pfsense.org and tracert confirms dns is not being redirected but is getting out of the network. But...wireless clients now have no internet at all. I enabled dhcp on wireless interface and got access to internet on devices as the dhcp is giving ip on my own lan ip range. I think I must change subnet mask on my modem/router to allow the 2.1 network to access lan devices. Man this is getting deep now. Am I correct in all subnet masks must be the same? Or only the pfsense lan part?
-
@pfsensenewbie1 said in 2 weeks still nothing.:
I think I must change subnet mask on my modem/router to allow the 2.1 network to access lan devices
Your gateway has ZERO to do with devices behind pfsense access devices on pfsense wan..
Again what are you using for wireless behind pfsense?
Man this is getting deep now.
Its not - this is plug it in and it works.. I have no idea what your doing but this works out of the box plug it in.. There is ZERO to do on your gateway... The only thing you have to make sure is pfsense lan network is not the same as its wan network, ie they do not overlap..
There is nothing special to do.. Pfsense becomes a client on your gateway network just like your PC.. To your gateway its just another device on its network.
What are your wireless clients using for wifi - if your trying to leverage your wifi off your gateway that is not going to work for also trying to be behind pfsense.
edit: this is a typical double nat setup that 1,000 if not 10 or 100's of thousands of setups use.. Any time the idiot guy at the store tells them they need another router to get more ports or extend their wifi - they are in a double nat.
Anyone that is using pfsense that is using a gateway they can not put into bridge mode is doing this - its a simple double nat, and works out of the box.. As long as your not using the same network on pfsense wan and its lan..
-
@johnpoz ok firstly I sense the frustration you have towards me, how can I overcome this? I am just after some help.
Also I’m not understanding your question about what’s providing wireless behind the pfsense as The pfsense is itself providing wireless to wireless clients as per my diagram. The wireless of my pfsense box is in access point mode.
My issue here is that on a default setup, with wireless on lan interface setup as access point, now on a separate subnet - wireless clients are getting a dhcp ip from my modem/router (I.e. 192.168.1.81) I have enabled a single Nat rule to forward from wan interface to my dns server. I have unchecked block networks on the wan interface to allow me access to the gui from my lan which is more convenient and is temporary. I have also setup a bridge between pfsense lan and wan.
I cannot explain to you how much this didn’t work out of the box - don’t misunderstand, I got farther using this software than the competition. However As I mentioned the setup insisted on 2 active interfaces and as the box only had 2 I had to trick it to work. Apart from this when I did get it running I just couldn’t get both the gui and the wireless clients to access internet at the same time. I had already tried all dhcp from the outset and apart from the obvious changing ip situation I just couldn’t get it working correctly. Either the gui could ping and access the internet, but no clients could, or clients could access internet but gui couldn’t, and various combinations herein.
I’m not trying to put this great free software down as it is amazing - just very hard to get it to do what I want which was simply direct wireless clients connected directly to the pfsense box to my dns and allow access to the internet thereafter, with access to the gui from inside the lan, but I’m still not there yet I’m afraid.
Anyway this will be my last tonight I have work and I’m sure everyone else does so fresh eyes tomorrow after work I’ll update if anything is different. I may even be tempted to record a video of oob from the beginning. Hoping I don’t need to as I’m quite close I feel.
-
@pfsensenewbie1 Think about what you're saying.
Wireless clients BEHIND pfSense receive an IP from your gateway. Impossible.
They are clearly not behind the pfSense and are connected to the gateway.
It really is plug it in and it works.
So whatever you had to "trick" it into doing, stop doing that!Best bet at this point, reset pfSense to default, change the LAN subnet, and connect things properly.
It'll work. -
@pfsensenewbie1 The network architecture you are using is making the work involved in setting it up hard.
It would be much easier to administer if you used one not multiple routers.
-
Can you connect the wired clients to your pfsense router?
-
Connect the DNS to the pfsense router. Or better yet for initial setup, just use the DNS built into pfsense
-
Removed the router currently directly connected to the internet or at least put it in bridge mode so it is only used as a modem
-
FreeBSD 12.3 (which pfsense 2.6 is based on) apparently has relatively poor wifi support. Using dedicated access points for wifi is likely to provide better wifi functionality.
-
-
@pfsensenewbie1 I think the terminology may be confusing us. Typically in this setup the pfSense WAN is towards your wired network i.e. towards the Internet. pfSense LAN is your wireless.
If that was the setup then I’d expect pfSense to by default connect out to the Internet fine and provide NAT for the wireless devices.
It sounds like you’ve set up an Internal/External bridge which is more advanced, and bypasses the normal routing pfSense is designed to do. I’d read through all the docs on bridging if you go that route. I have never had to use a bridge.
If you were to remove the bridge, set pfSense LAN as a different subnet, I’d expect everything would get to the internet, though the wireless devices would be on their own network. As noted above they still could connect to the DNS server in the pfSense WAN however, because to them, that’s essentially the same as using Google DNS.
Generally posts found here will say wireless driver support in FreeBSD is not great, and suggest an external AP. A typical use would be to use an AP in place of your pfSense, and not use routing or bridging.
-
@steveits said in 2 weeks still nothing.:
you’ve set up an Internal/External bridge
That might be a possibility - has made zero mention of doing that.. What would be the point even? That sort of setup makes no sense in what he has drawn up, other then complexity..
@pfsensenewbie1 if your trying to actually leverage some wifi card in pfsense - that is also a pretty pointless endeavor and will only cause frustration.. Freebsd has never been the os for choice for wireless.. Best you could hope for is N.. This isn't 2010..
If that is what your trying to do - get yourself some wifi router for like $20 and use it as just an AP.. Any wifi router - ANY can be used as just an accesspoint with just turning off its own dhcp server and plugging it into your network with one of its "lan" ports.
This really is plug it in and work.. There is nothing to do special, there is nothing to extra config - this would work out of the box as long as the network on pfsense "wan" is different than the network on its "lan"
So clearly there is something missing in what your doing that you have not expressed.. Have you tried to setup some bridge in pfsense? Bridge setups and pfsense as wifi AP are not very common setups - and should really be avoided unless there is no other possible choice.. And with the caveat that you actually understand how to set them up.. Like this connectivity has to work now - and this is the only thing I have to work with. And the actual hardware to do it correctly can not be delivered til monday sort of thing.
-
@johnpoz “I have also setup a bridge between pfsense lan and wan.”
:)
I assume the goal is one flat network but an AP would be way easier.
