Problem configuring AP with atheros card
-
Hi everyone. I have an Alix board with pfsense functioning well but when I trie to configure a wireless AP with an Atheros mini PCI card I can't obtain an ip address with any laptop.
I bridged my LAN interface with the Wireless one but I still not obtain any address. The DHCP server is activated and works well on LAN.
If I trie to put manually an address on the client laptop the connexion still not work with the gateway or external website.
I tried many possibility but I found nothing on the net about this kind of problem. It seems to be simple for everyone except me.
A friend have exactly the same problem with the same conf.
Can anyone help me?
-
The most common error in setting up that scenario is not having proper firewall rules on the wireless interface.
-
Ok thanks, I tried many solution including creating rules but some people say that when we bridge the WAN and the WIFI interface we don't need to create any rule, others say we need it.
What's the good answer?
-
If an interface is bridged with LAN and it is desired to serve DHCP on that interface, then firewall rules to allow DHCP on that interface are required. This is true in pfSense 1.2.3. If I recall correctly, the firewall rules were not required in pfSense 1.2.2.
-
Ok thanks, I tried many solution including creating rules but some people say that when we bridge the WAN and the WIFI interface we don't need to create any rule, others say we need it.
What's the good answer?
Unless you disable pf completely, you always need firewall rules, even on a bridged interface. Rules have been required on bridges by default since pfSense 1.2.1 at least.
-
Ok I understand but I tried many rule and nothing work.
Logs look like this :
block Jan 24 17:20:33 WIFI 169.254.211.104 224.0.0.251 IGMP block Jan 24 17:20:33 BRIDGE0 169.254.211.104 224.0.0.251 IGMP block Jan 24 17:20:33 WIFI 169.254.211.104 224.0.0.251 IGMP block Jan 24 17:20:33 WIFI 169.254.211.104 224.0.0.251 IGMP block Jan 24 17:20:33 BRIDGE0 169.254.211.104 224.0.0.251 IGMP block Jan 24 17:20:33 WIFI 169.254.211.104 224.0.0.251 IGMP block Jan 24 17:20:33 WIFI 169.254.211.104 224.0.0.2 IGMP block Jan 24 17:20:33 BRIDGE0 169.254.211.104 224.0.0.2 IGMP block Jan 24 17:20:33 WIFI 169.254.211.104 224.0.0.2 IGMP block Jan 24 17:20:28 WIFI 0.0.0.0:68 255.255.255.255:67 UDP block Jan 24 17:20:28 BRIDGE0 0.0.0.0:68 255.255.255.255:67 UDP block Jan 24 17:20:28 WIFI 0.0.0.0:68 255.255.255.255:67 UDPWhat kind of rule do i need?
Is it necessary to create a NAT rule too?
-
those are not necessarily bad. we can't really help unless you post the actual rules you have. on the WLAN you could just create an any => any rule and that should work. there are posts about this, where some prefer a LAN => any rule and a specific rule to allow dhcp request.
-
I tried an any -> any rule and I get an IP from my DHCP server! ;D
But when I tried to go on the internet it don't work. Noting blocked in firewall log.
My rules look like that :
On LAN :
Proto Source Port Destination Port Gateway Schedule Description * LAN net * * * * Default LAN -> anyOn WLAN
Proto Source Port Destination Port Gateway Schedule Description TCP/UDP * * * * * ``` The internet acces works well on LAN but nothing on WLAN in spite of my rule allowing all traffic from this interface. I am just a step from the solution, does anyone have an idea? -
Can you show interfaces? e.g.' ifconfig -a'?
-
# ifconfig -a vr0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 150 0 options=2808 <vlan_mtu,wol_ucast,wol_magic>ether 00:0d:b9:14:1d:50 inet 192.168.100.254 netmask 0xffffff00 broadcast 192.168.100.255 inet6 fe80::20d:b9ff:fe14:1d50%vr0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (100baseTX <full-duplex>) status: active vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic>ether 00:0d:b9:14:1d:51 inet6 fe80::20d:b9ff:fe14:1d51%vr1 prefixlen 64 scopeid 0x2 inet 192.168.200.254 netmask 0xffffff00 broadcast 192.168.200.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active vr2: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic>ether 00:0d:b9:14:1d:52 media: Ethernet autoselect (none) status: no carrier ath0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 15 00 ether 00:11:f5:88:18:28 inet6 fe80::211:f5ff:fe88:1828%ath0 prefixlen 64 scopeid 0x4 media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> status: associated ssid CheckPoint channel 2 (2417 Mhz 11g) bssid 00:11:f5:88:18:28 authmode WPA privacy MIXED deftxkey 2 AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 31.5 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250 roam:rssi11g 7 roam:rate11g 5 protmode OFF burst -apbridge dtimperiod 1 enc0: flags=0<> metric 0 mtu 1536 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 pfsync0: flags=41 <up,running>metric 0 mtu 1460 pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128 pflog0: flags=100 <promisc>metric 0 mtu 33204 tun0: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500 inet6 fe80::20d:b9ff:fe14:1d50%tun0 prefixlen 64 scopeid 0x9 inet 192.168.69.1 --> 192.168.69.2 netmask 0xffffffff Opened by PID 426 bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether 12:23:d3:86:f1:2b id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: vr0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 1 priority 128 path cost 200000 member: ath0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 4 priority 128 path cost 370370 #</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></up,pointopoint,running,multicast></promisc></up,running></up,loopback,running,multicast></hostap></up,broadcast,running,promisc,simplex,multicast></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic></broadcast,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu,wol_ucast,wol_magic></up,broadcast,running,promisc,simplex,multicast> -
The internet acces works well on LAN but nothing on WLAN in spite of my rule allowing all traffic from this interface.
At the risk of being pedantic, the rule you displayed doesn't allow all traffic from the WLAN interface, only TCP and UDP. But I don't think thats your problem.
Your log shows traffic from 169.254.211.104 which is one of a range of addresses for systems that need to dynamically assign themselves an address. Its not an address in the vr0/ath0 subnet. There isn't enough information to say the system that can't access the internet over WLAN is using that address so you should check its address. Is it supposed to be assigned an address by DHCP? If so, perhaps that isn't happening and thats the start of your problem.
-
Yeah, I've been misled by that tcp/udp before. I think you're right, the autoconfigure IPs are suspicious.
-
I tried a rule allowing all traffic (not only TCP/UDP) and nothing more. I can acces the LAN but no internet.
My log is from when I didn't get an IP adress by DHCP. Now I can get a valid address (from 192.168.100.0/24) and I don't have blocked traffic from 169.254.211.104 anymore.
-
please try doing a packet capture on the WLAN when you try to go to the internet with a good IP.
-
I really want to do it but I can't because it seems it's not possible to do it on WLAN Interface. The 2 possible choices are WAN or LAN.
-
you can do it from the CLI. like 'tcpdump -i ath0'
-
Ok, that is what I get :
# tcpdump -i ath0 tcpdump: WARNING: ath0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes 22:13:03.966422 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41) 22:13:04.456128 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49) 22:13:04.492732 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31) 22:13:04.965649 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41) 22:13:05.458960 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49) 22:13:05.497076 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31) 22:13:07.977642 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41) 22:13:08.468652 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49) 22:13:08.502863 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31) 22:13:16.998226 IP 192.168.8.36.57844 > pfsense.local.domain: 39691+ A? configuration.apple.com. (41) 22:13:17.486522 IP 192.168.8.36.54334 > pfsense.local.domain: 41057+ A? safebrowsing.clients.google.com. (49) 22:13:17.523476 IP 192.168.8.36.50277 > pfsense.local.domain: 44508+ A? www.google.fr. (31) ^C 12 packets captured 12 packets received by filter 0 packets dropped by kernel -
Looks like pfSense is expected to be the name server but its not responding. Do you have DNS forwarder enabled?
Do you get a response to ping by IP address?
-
I try just now after a reboot and it work well!! ??? I don't understand everything but after all it work.
Thanks everyone for your help. ;D
