Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wifi to Lan Bridge problems

    Scheduled Pinned Locked Moved Wireless
    9 Posts 3 Posters 5.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      morph0
      last edited by

      Hi all, i have been reading different guides and been in mIRC asking for assistance but keep running into a wall.

      I am trying to install a WiFi card into an existing pFsense box which is currently running the following,

      Load Balanced
      Wan1 (ADSL PPPoE Connection)
      Wan2(opt1) (Cable DHCP Connection)

      Lan (192.168.10.x)

      DHCP is being handled by a 2k3 box and i have setup DHCP relay on pFsense to point to the 2k3 box.

      I have installed the WiFi card and set it up under the webgui as WLAN1(opt2). I then setup the WiFi as an access point with no security just as a test. I then bridged wlan to lan and also I created rules under

      Firewall | Nat Outbound |

      WLAN1    192.168.10.0/24  *  *  *  *  *  YES

      Firewall | Rules | Wlan1 |

      UDP  *  68  255.255.255.255  67  *
      UDP  *  68  192.168.10.1  67  *

      • *  *  *  *  *
      • LAN net  *  *  *  *
      • WLAN1 net  *  *  *  *

      This has left me what i thought pretty safe to pass everything the WiFi card gets sent but i was wrong. DHCP doesnt work on the wifi card on the laptop or the iphone and setting it to static only works half the time to reach the internet.

      Any advice would be muchly appreciated.

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        There are a number of things that could go wrong here.

        Lets start with a couple of possibilities:

        Does the DHCP server reliably see the DHCP requests from the wireless LAN?

        Does the DHCP server reliably return the correct gateway address?

        I presume 192.168.10.1 is the DHCP server.

        On pfsense, a shell command like

        tcpdump -i <lan-interface-name>udp and host 192.168.10.1

        will show all udp traffic on the lan interface to or from 192.168.10.1. Depending on your network you might want to refine the filter in the command line but that would be somewhere to begin your investigation.

        Oh, and it could also be helpful to know what WLAN interface you are using and what version of pfSense.</lan-interface-name>

        1 Reply Last reply Reply Quote 0
        • M
          morph0
          last edited by

          I do appologise i did have all that info in notepad and did mean to include it, pFsense version is

          Version 1.2.3-RC1
          built on Wed Apr 22 15:45:47 EDT 2009
          FreeBSD 7.1-RELEASE-p5 i386

          Linksys Wireless-G PCI adapter WMP54G v 4.1

          # tcpdump -i ral0 udp and host 192.168.10.1
          tcpdump: WARNING: ral0: no IPv4 address assigned
          tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
          listening on ral0, link-type EN10MB (Ethernet), capture size 96 bytes
          23:56:31.014919 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:56:41.448983 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:56:56.442742 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:57:39.048282 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:58:11.094631 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:58:22.770061 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          
          # tcpdump -i rl1 udp and host 192.168.10.1
          tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
          listening on rl1, link-type EN10MB (Ethernet), capture size 96 bytes
          23:56:31.014559 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300
          23:56:31.014779 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:56:31.015036 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
          23:56:41.448746 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300
          23:56:41.448909 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:56:41.449076 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
          23:56:52.225585 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 61
          23:56:52.605929 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 109
          23:56:56.442527 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300
          23:56:56.442675 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:56:56.442841 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
          23:57:33.346429 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 61
          23:57:33.720987 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 109
          23:57:37.716999 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 52
          23:57:38.218903 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 52
          23:57:38.219249 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 52
          23:57:38.315670 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 48
          23:57:38.315857 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 40
          23:57:38.530824 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 52
          23:57:38.531199 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 90
          23:57:38.666294 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 52
          23:57:38.666582 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 108
          23:57:38.749128 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 165
          23:57:38.750119 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 84
          23:57:38.883610 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 183
          23:57:38.970828 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 159
          23:57:39.048030 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:57:39.048631 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:1f:d0:8a:b3:0d (oui Unknown), length 300
          23:57:39.048962 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
          23:57:39.051159 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 88
          23:57:39.276599 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 163
          23:58:11.094560 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:58:11.094891 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300
          23:58:11.095216 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
          23:58:15.143315 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 89
          23:58:15.361334 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 164
          23:58:20.192217 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 52
          23:58:20.635392 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 52
          23:58:22.769789 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300
          23:58:22.769985 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
          23:58:22.770152 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300
          23:58:53.326088 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 61
          23:58:53.702375 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 109
          
          

          I ran the tcp dump command on both the wireless(ral0) and the lan(rl1) and that was the output of the DHCP request the laptop just ends up timing out.

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by

            Is 192.168.10.1 your DHCP server. If not, what is it?

            What OS is running on your wireless laptop client?

            What is the signal strength show on the wireless client?

            1 Reply Last reply Reply Quote 0
            • M
              morph0
              last edited by

              192.168.10.1 is the 2k3 dhcp server, laptop is running vista with a intel card and the iphone is is doing the same symptoms. Signal strength is full bars.

              1 Reply Last reply Reply Quote 0
              • W
                wallabybob
                last edited by

                It would appear from the tcpdumps you have posted that pfSense is sending DHCP replies to the laptop.

                Do you have some means of doing a similar trace on the laptop? (The tcpdump on pfSense displays the frames BEFORE they are given to the device driver. Its possible the driver is discarding them and not transmitting them. Its possible the frames are being sent but the laptop discards them because they are damaged.)

                Is there some sort of log on the laptop in which you can look for reports on DHCP? (Perhaps the laptop doesn't like the format of the DHCP reply and is not acting on it.)

                Have you tried using pfSense as the DHCP server for the wireless clients? It might not be where you want to go long term, but it could give some information relevant to to this problem.

                1 Reply Last reply Reply Quote 0
                • M
                  morph0
                  last edited by

                  @wallabybob:

                  Have you tried using pfSense as the DHCP server for the wireless clients? It might not be where you want to go long term, but it could give some information relevant to to this problem.

                  In actual fact I have spent the last week and a half on this bloody thing. I also decided Windows has DHCP and DNS provided me with no added benifit really and dumped them both and installed DHCP and DNS onto my pFsense box.

                  After little configuration I managed to get all laptop clients accepting there IP address and what not.

                  How ever I have still hit one wall. The Apple iPhone is not allowing me to browse the internet from wireless. I have setup rules to pass all traffic from the IP address and it doesnt matter if its static or DHCP it refuses to go out.

                  The iPhone is showing up in the logs blocking

                  Sep 14 17:07:48 WAN  192.168.10.253    224.0.0.252  IGMP
                  Sep 14 17:24:15 WAN  192.168.10.1    224.0.0.252  IGMP
                  Sep 14 17:24:33 WAN  192.168.10.1:138    192.168.10.255:138  UDP

                  For the life of me I don't know where to add acceptable rules to allow this traffic and it seems to be ignore a permit all traffic under rules.

                  1 Reply Last reply Reply Quote 0
                  • L
                    lsf
                    last edited by

                    Is your wireless interface on pfSense? did you bridge it?
                    If not did you remeber to add a NAT rule so that the traffic from wireless actually get's natted?

                    -lsf

                    1 Reply Last reply Reply Quote 0
                    • M
                      morph0
                      last edited by

                      Sorry for my late reply. Been to frustrated to continue playing with the configs.

                      I have Manual Outbound NAT rule generation enabled with

                        WAN    192.168.10.0/24  *  *  *  *  *  YES Auto created rule for LAN    
                      
                        WAN1    192.168.10.0/24  *  *  *  *  *  YES Auto created rule for LAN    
                      
                        WLAN1    192.168.10.0/24  *  *  *  *  *  YES Auto created rule for LAN   
                      

                      I also enabled bridge to LAN from the WLAN interface. So far i have been able to get windows laptops all talking and Nokia E series phones talking but the iPhone still refuses to talk properly.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.