How to setup an Access Point (AP) in PfSense?

nimrod · Jul 19, 2023, 9:24 AM

Post a screenshot of your NAT rules. They are located in Firewall / NAT / Outbound

JKnott · Jul 19, 2023, 12:42 PM

Is that on the same interface as your main LAN? If not, you'll have to provide a route to the Internet.

Also, I have one of those APs and stopped using it because it doesn't handle VLANs & 2nd SSID properly. It allowed leaking of multicasts from the main LAN to the VLAN.

r0utevv3 · Jul 19, 2023, 2:14 PM

@nimrod
NAT Rules:

@JKnott
I have two interfaces, LAN and OPT1, how do I provide a route for the Internet?

JKnott · Jul 19, 2023, 2:37 PM

@r0utevv3 said in How to setup an Access Point (AP) in PfSense?:

@nimrod
NAT Rules:

@JKnott
I have two interfaces, LAN and OPT1, how do I provide a route for the Internet?

Here are the rules for my guest WiFi. The last one is the one you're interested in. I guess I should have used a different word, as these are firewall rules, not specific IP routes.

These rules only allow access to the Internet and pinging the interface.

JonathanLee · Jul 19, 2023, 2:37 PM

Did you bridge the LAN and OPT interfaces?

r0utevv3 · Jul 19, 2023, 2:55 PM

@JonathanLee I didn't bridge it, why do I have to bridge them and how can I do it? I thought LAN and OPT1 were independent since they're connected in different physical ports

JonathanLee · Jul 19, 2023, 3:24 PM

@r0utevv3

I have not attempted a bridge inside PfSense software just yet, I set up my wifi by just changing my LAN interface to use the wireless mini pcie adapter.

Here is something interesting as I am still researching the internal bridges currently:

https://www.servethehome.com/how-to-setup-wi-fi-with-pfsense/

Theory is that if you bridge LAN and wireless adapters it will work with the current ruleset in LAN. It would act as an extension of LAN interface.

r0utevv3 · Jul 20, 2023, 4:02 AM

@JKnott so, why do I need a VLAN? What's a VLAN? I'm using a protectli vault with 4 ports, the first port is connected to WAN and thus to my modem, the second one to LAN and thus to a desktop computer, and the third is connected to OPT and thus to my Access Point, I'm not using the fourth one, why do I have to create something virtual when I have physical ports?

the other · Jul 20, 2023, 5:57 AM

Hey,
Might be wrong, but...
In your rules Screenshot (first posting) you have that rule for Interface opt1 but source LAN...why?

JKnott · Jul 20, 2023, 12:15 PM

@r0utevv3

A VLAN is a means of separating logical networks over a physical network. As I mentioned, I have a guest WiFi, which is allowed to only access the Internet. The way I did this was to configure a 2nd SSID on my access point, which connects to the VLAN. My main SSID connects to the native LAN. This means both the main and guest WiFi travel over the same cable, but are logically separate. I do not separate my main WiFi from my main LAN. Both wired and wireless devices are on the same subnet.