How to comunicate 3 NICS with PfSense

macaruchi

Hi!
I am newbie using pfSense so far so good but now I have a situation can not solve.
I have 3 NICS and I cant set the rules to comunicate one net to another in different NIC

NIC1 = WAN
NIC2 = LAN
NIC3 = WIFI (ROUTER)

I can comunicate LAN-WAN and everything works fine my problem is with #3 I have a DHCP NIC3 ,a router to wifi comunications but I cant navigate from WIFI /to internet
I put a rule Wifi NIC
R1 == [Pass Source - WIFI net : Destination LAN]
R2 == [Pass Source - Wifi Net: Destination Any - GW: LOAD_BALANCE]
with 2 rules I suppose SHOULD be comunication but doesnt

If I ping from LAN to WIFI i get asnwers but if I ping from WIFI to LAN or internet I am not.

The idea is has 2 Vlans in WIFI net one vlans can connect to LAN and internet and other just internet

Any cluees or any help so aprreciate

TIA

viragomann

@macaruchi said in How to comunicate 3 NICS with PfSense:

NIC3 = WIFI (ROUTER)

Is this a wifi router or an access point?

R1 == [Pass Source - WIFI net : Destination LAN]
R2 == [Pass Source - Wifi Net: Destination Any - GW: LOAD_BALANCE]
with 2 rules I suppose SHOULD be comunication but doesnt

If you use a local DNS like the resolver on pfSense, consider to all access to it. The policy route doesn't.
Are there special reason to direct the traffic to the gateway group with a policy route? If you want to use it generally you can state it as default gateway in System > Routing.

If I ping from LAN to WIFI i get asnwers but if I ping from WIFI to LAN or internet I am not.

Not even if you ping 8.8.8.8?

macaruchi

@viragomann said in How to comunicate 3 NICS with PfSense:

@macaruchi said in How to comunicate 3 NICS with PfSense:

NIC3 = WIFI (ROUTER)

Is this a wifi router or an access point?

is a router but I am using it like access point just to use wifi conection

R1 == [Pass Source - WIFI net : Destination LAN]
R2 == [Pass Source - Wifi Net: Destination Any - GW: LOAD_BALANCE]
with 2 rules I suppose SHOULD be comunication but doesnt

If you use a local DNS like the resolver on pfSense, consider to all access to it. The policy route doesn't.

I am using a Resolver from pfSense so if the policy doesnt, what does mean ?

Are there special reason to direct the traffic to the gateway group with a policy route? If you want to use it generally you can state it as default gateway in System > Routing.

I put it in the rules just for being sure, I did like you say System-> Roting -> Default

If I ping from LAN to WIFI i get asnwers but if I ping from WIFI to LAN or internet I am not.

Not even if you ping 8.8.8.8?
No, from WIFI net i cant ping any place

TIA

viragomann

@macaruchi said in How to comunicate 3 NICS with PfSense:

is a router but I am using it like access point just to use wifi conection

So the wifi is on the same layer 2 network as the pfSense NIC3?
And the access point passes through the two VLAN tags and the wifi devices pulls their IPs from the pfSense DHCP?

If you use a local DNS like the resolver on pfSense, consider to all access to it. The policy route doesn't.

I am using a Resolver from pfSense so if the policy doesnt, what does mean ?

Your first rule on the wifi interface allows access to LAN subnet only. And the second directs any traffic to the upstream gateway.
So DNS could work, but only if the client use the LAN address as DNS server.

I put it in the rules just for being sure, I did like you say System-> Roting -> Default

If you state the gateway group as default gateway, you could change the gateway setting in the second rule to any. So access to the interface address would work. But maybe you want to restrict the access to DNS or a few certain ports with an additional rule.

macaruchi

@viragomann said in How to comunicate 3 NICS with PfSense:

@macaruchi said in How to comunicate 3 NICS with PfSense:

is a router but I am using it like access point just to use wifi conection

So the wifi is on the same layer 2 network as the pfSense NIC3?
And the access point passes through the two VLAN tags and the wifi devices pulls their IPs from the pfSense DHCP?

Yes.
Yes

If you use a local DNS like the resolver on pfSense, consider to all access to it. The policy route doesn't.

I am using a Resolver from pfSense so if the policy doesnt, what does mean ?

Your first rule on the wifi interface allows access to LAN subnet only. And the second directs any traffic to the upstream gateway.
So DNS could work, but only if the client use the LAN address as DNS server.

I put it in the rules just for being sure, I did like you say System-> Roting -> Default

If you state the gateway group as default gateway, you could change the gateway setting in the second rule to any. So access to the interface address would work. But maybe you want to restrict the access to DNS or a few certain ports with an additional rule.

i put it explicit to be sure that would be the GW, I think it doesnt matter ?
From WIFI I didnt ping to internet uisng just IP but if I use DNS with DHCP, Google DNS, I think it doesnt matter

viragomann

So you should have defined VLANs on pfSense as well with interfaces and IPs in each of the wifi subnets.
Check if there is an outbound NAT rule in place for each wifi subnet.

@macaruchi said in How to comunicate 3 NICS with PfSense:

i put it explicit to be sure that would be the GW, I think it doesnt matter ?

I explained above, how this rule set works.

macaruchi

@viragomann said in How to comunicate 3 NICS with PfSense:

So you should have defined VLANs on pfSense as well with interfaces and IPs in each of the wifi subnets.
Check if there is an outbound NAT rule in place for each wifi subnet.

For each vlan I need to create a NAT rule ?

@macaruchi said in How to comunicate 3 NICS with PfSense:

i put it explicit to be sure that would be the GW, I think it doesnt matter ?

I explained above, how this rule set works.

viragomann

@macaruchi said in How to comunicate 3 NICS with PfSense:

So you should have defined VLANs on pfSense as well with interfaces and IPs in each of the wifi subnets.
Check if there is an outbound NAT rule in place for each wifi subnet.

For each vlan I need to create a NAT rule ?

Normally pfSense creates outbound NAT rules automatically for all interface subnets. So check if there are rules in place already.
If not, I'd suspect, that pfSense doesn't know this subnets.

If your outbound NAT is in manual mode for whatever reason, you have to create the rule manually.

johnpoz

@macaruchi said in How to comunicate 3 NICS with PfSense:

I have a DHCP NIC3

Huh? If your going to connect a wifi "router" to some interface in pfsense.. pfsense interface would be dhcp.. And to be honest your wifi router should be used as just an AP..

You would put an IP on 3rd nic that does not conflict with wan or lan networks that you want to use for your wireless network.. Now you would connect your wifi router as just an AP.. either it supports that mode, or just turn off its dhcp server, set its "lan" interface to an IP in the network you setup on your 3rd nic. And then connect it to the 3rd nic with one of its "lan" ports.. There you go Access Point.

Clients that connect to this wifi you setup via the "wifi router" would get an IP from pfsense, use pfsense as its gateway.. Any network directly connected would auto get added to your outbound nat..

the idea is has 2 Vlans in WIFI

Does this "wifi" router support vlans? Is it running 3rd party software on it, openwrt, dd-wrt, tomato, etc. ?