Wifi to Lan Bridge problems
-
Hi all, i have been reading different guides and been in mIRC asking for assistance but keep running into a wall.
I am trying to install a WiFi card into an existing pFsense box which is currently running the following,
Load Balanced
Wan1 (ADSL PPPoE Connection)
Wan2(opt1) (Cable DHCP Connection)Lan (192.168.10.x)
DHCP is being handled by a 2k3 box and i have setup DHCP relay on pFsense to point to the 2k3 box.
I have installed the WiFi card and set it up under the webgui as WLAN1(opt2). I then setup the WiFi as an access point with no security just as a test. I then bridged wlan to lan and also I created rules under
Firewall | Nat Outbound |
WLAN1 192.168.10.0/24 * * * * * YES
Firewall | Rules | Wlan1 |
UDP * 68 255.255.255.255 67 *
UDP * 68 192.168.10.1 67 *- * * * * *
- LAN net * * * *
- WLAN1 net * * * *
This has left me what i thought pretty safe to pass everything the WiFi card gets sent but i was wrong. DHCP doesnt work on the wifi card on the laptop or the iphone and setting it to static only works half the time to reach the internet.
Any advice would be muchly appreciated.
-
There are a number of things that could go wrong here.
Lets start with a couple of possibilities:
Does the DHCP server reliably see the DHCP requests from the wireless LAN?
Does the DHCP server reliably return the correct gateway address?
I presume 192.168.10.1 is the DHCP server.
On pfsense, a shell command like
tcpdump -i <lan-interface-name>udp and host 192.168.10.1
will show all udp traffic on the lan interface to or from 192.168.10.1. Depending on your network you might want to refine the filter in the command line but that would be somewhere to begin your investigation.
Oh, and it could also be helpful to know what WLAN interface you are using and what version of pfSense.</lan-interface-name>
-
I do appologise i did have all that info in notepad and did mean to include it, pFsense version is
Version 1.2.3-RC1
built on Wed Apr 22 15:45:47 EDT 2009
FreeBSD 7.1-RELEASE-p5 i386Linksys Wireless-G PCI adapter WMP54G v 4.1
# tcpdump -i ral0 udp and host 192.168.10.1 tcpdump: WARNING: ral0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ral0, link-type EN10MB (Ethernet), capture size 96 bytes 23:56:31.014919 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:56:41.448983 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:56:56.442742 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:57:39.048282 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:58:11.094631 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:58:22.770061 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 # tcpdump -i rl1 udp and host 192.168.10.1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on rl1, link-type EN10MB (Ethernet), capture size 96 bytes 23:56:31.014559 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300 23:56:31.014779 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:56:31.015036 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300 23:56:41.448746 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300 23:56:41.448909 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:56:41.449076 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300 23:56:52.225585 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 61 23:56:52.605929 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 109 23:56:56.442527 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300 23:56:56.442675 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:56:56.442841 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300 23:57:33.346429 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 61 23:57:33.720987 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 109 23:57:37.716999 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 52 23:57:38.218903 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 52 23:57:38.219249 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 52 23:57:38.315670 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 48 23:57:38.315857 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 40 23:57:38.530824 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 52 23:57:38.531199 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 90 23:57:38.666294 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 52 23:57:38.666582 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 108 23:57:38.749128 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 165 23:57:38.750119 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 84 23:57:38.883610 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 183 23:57:38.970828 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 159 23:57:39.048030 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:57:39.048631 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:1f:d0:8a:b3:0d (oui Unknown), length 300 23:57:39.048962 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300 23:57:39.051159 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 88 23:57:39.276599 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 163 23:58:11.094560 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:58:11.094891 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300 23:58:11.095216 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300 23:58:15.143315 IP 192.168.10.1.53025 > tserv3.fmt2.ipv6.he.net.3545: UDP, length 89 23:58:15.361334 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 164 23:58:20.192217 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 52 23:58:20.635392 IP tserv3.fmt2.ipv6.he.net.3545 > 192.168.10.1.53025: UDP, length 52 23:58:22.769789 IP professorfrink.springfield.bootps > 192.168.10.1.bootps: BOOTP/DHCP, Request from 00:0c:f1:06:22:c9 (oui Unknown), length 300 23:58:22.769985 IP 192.168.10.1.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300 23:58:22.770152 IP 192.168.10.1.bootps > professorfrink.springfield.bootps: BOOTP/DHCP, Reply, length 300 23:58:53.326088 IP 192.168.10.1.53025 > 207.46.48.150.3544: UDP, length 61 23:58:53.702375 IP 207.46.48.150.3544 > 192.168.10.1.53025: UDP, length 109I ran the tcp dump command on both the wireless(ral0) and the lan(rl1) and that was the output of the DHCP request the laptop just ends up timing out.
-
Is 192.168.10.1 your DHCP server. If not, what is it?
What OS is running on your wireless laptop client?
What is the signal strength show on the wireless client?
-
192.168.10.1 is the 2k3 dhcp server, laptop is running vista with a intel card and the iphone is is doing the same symptoms. Signal strength is full bars.
-
It would appear from the tcpdumps you have posted that pfSense is sending DHCP replies to the laptop.
Do you have some means of doing a similar trace on the laptop? (The tcpdump on pfSense displays the frames BEFORE they are given to the device driver. Its possible the driver is discarding them and not transmitting them. Its possible the frames are being sent but the laptop discards them because they are damaged.)
Is there some sort of log on the laptop in which you can look for reports on DHCP? (Perhaps the laptop doesn't like the format of the DHCP reply and is not acting on it.)
Have you tried using pfSense as the DHCP server for the wireless clients? It might not be where you want to go long term, but it could give some information relevant to to this problem.
-
Have you tried using pfSense as the DHCP server for the wireless clients? It might not be where you want to go long term, but it could give some information relevant to to this problem.
In actual fact I have spent the last week and a half on this bloody thing. I also decided Windows has DHCP and DNS provided me with no added benifit really and dumped them both and installed DHCP and DNS onto my pFsense box.
After little configuration I managed to get all laptop clients accepting there IP address and what not.
How ever I have still hit one wall. The Apple iPhone is not allowing me to browse the internet from wireless. I have setup rules to pass all traffic from the IP address and it doesnt matter if its static or DHCP it refuses to go out.
The iPhone is showing up in the logs blocking
Sep 14 17:07:48 WAN 192.168.10.253 224.0.0.252 IGMP
Sep 14 17:24:15 WAN 192.168.10.1 224.0.0.252 IGMP
Sep 14 17:24:33 WAN 192.168.10.1:138 192.168.10.255:138 UDPFor the life of me I don't know where to add acceptable rules to allow this traffic and it seems to be ignore a permit all traffic under rules.
-
Is your wireless interface on pfSense? did you bridge it?
If not did you remeber to add a NAT rule so that the traffic from wireless actually get's natted? -
Sorry for my late reply. Been to frustrated to continue playing with the configs.
I have Manual Outbound NAT rule generation enabled with
WAN 192.168.10.0/24 * * * * * YES Auto created rule for LAN WAN1 192.168.10.0/24 * * * * * YES Auto created rule for LAN WLAN1 192.168.10.0/24 * * * * * YES Auto created rule for LANI also enabled bridge to LAN from the WLAN interface. So far i have been able to get windows laptops all talking and Nokia E series phones talking but the iPhone still refuses to talk properly.