4. Successful bridge, but unable to connect to internet

Successful bridge, but unable to connect to internet

  • C

    I am not using traffic shaping.

    My wireless connection is successfully bridged to my LAN.  I can transfer files across both wired and wireless computers, and both wired and wireless computers can access pfSense's web GUI.  The DHCP server is working and assigning IP addresses to computers on both interfaces.  However, computers connected wirelessly can not connect to the internet! What gives?

    0
  • R

    You have firewall rule to allow the wireless lan packets to any. See the lan interface for the correct rule.

    If so…I could be wrong on this, but I think you need to enable advanced outbound nat and create the entries. In the webgui goto firewall->nat and click the third tab.

    0
  • C

    Thanks, making a rule fixed it!  I ended up not needing to enable advanced outbound nat, too.

    0
  • G

    @cabe:

    Thanks, making a rule fixed it!  I ended up not needing to enable advanced outbound nat, too.

    im enable advenced outbond nat
    the change wan to lan, and opt, and lan and opt
    and never works?

    how must nat outbound look?

    0
  • H

    You don't need advanced outbound NAT. It's only used for some special configurations. For a simple setup don't enable advanced outbound NAT. pfSense will take care of NAT behind the scenes for you and add NAT to all traffic that goes out through an interface that has a gateway set.

    0
  • P

    i've made a rule in the firewall on both the LAN (which the wifi connection is bridged to) and the WAN tabs. They are set to pass anything that comes from any destination. I even tried doing the same rule on the WAN interface as a test. The same result, I can only connect to pfsense and other LAN (ethernet) computers. Pinging google gives a timeout.

    My pfsense is 192.168.0.1, LAN computers are 192.168.0.x
    I am using static IP's on wireless and the client is currently 192.168.0.5
    all subnet masks are 255.255.255.0

    What do I need to change?

    0
  • H

    Try to access the internet from the subnet behind the wireless link and have a look at diagnostics>states. Do the connections get natted?

    0
  • P

    you mean like this ?

    udp 192.168.0.1:53 <- 192.168.0.8:1030 SINGLE:MULTIPLE
    udp 192.168.0.1:53 <- 192.168.0.8:1032 SINGLE:MULTIPLE
    udp 192.168.0.1:53 <- 192.168.0.8:1034 SINGLE:MULTIPLE
    udp 192.168.0.1:53 <- 192.168.0.8:1035 SINGLE:MULTIPLE
    udp 192.168.0.1:53 <- 192.168.0.8:1038 SINGLE:MULTIPLE
    udp 192.168.0.1:53 <- 192.168.0.8:1040 SINGLE:MULTIPLE
    udp 192.168.0.1:53 <- 192.168.0.8:1043 SINGLE:MULTIPLE
    udp 192.168.0.1:53 <- 192.168.0.8:1046 NO_TRAFFIC:SINGLE

    0
  • H

    If there would be NAT involved you would see 3 IP/ports per line. Is that on the real WAN?

    0
  • P

    Do I need to have seperate subnets for the wireless interface and the LAN interface? they are currently both 192.168.0.x

    do I need to change the wireless to 192.168.1.x or something?

    0
  • P

    I figured it out. In the Interfaces/Wifi tab in the Gateway box it says:

    If you have multiple WAN connections, enter the next hop gateway (router) IP address here. Otherwise, leave this option blank.

    I only have one WAN connection, and this was left blank. I had to put in my pfsense gateway to give access to the internet. I'm not sure if anyone else has experienced this but maybe we should put in a request or something to have it fixed?

    0
  • S

    @prophecy:

    I figured it out. In the Interfaces/Wifi tab in the Gateway box it says:

    If you have multiple WAN connections, enter the next hop gateway (router) IP address here. Otherwise, leave this option blank.

    I only have one WAN connection, and this was left blank. I had to put in my pfsense gateway to give access to the internet. I'm not sure if anyone else has experienced this but maybe we should put in a request or something to have it fixed?

    This is not necessary.  I have configuration running where this is not required.

    0
  • P

    After a while I came back to the wireless client and it could no longer connect. I now have to set the LAN interface to bridge with the WiFi interface. This allows connection to the internet for the wireless clients, and when I unbridge it they can no longer connect. I don't understand what is happening here? Is bridging supposed to have anything to do with internet connection ?

    0
  • H

    Maybe something that is affecting your testing: All members of a bridge have to be up (link) for the bridge to pass traffic. So if LAN is down and your wireless nic is bridged to LAN you'll have some issues.

    0
  • S

    Also make sure you are not using the same IP address on multiple interfaces.

    0
  • P

    WAN: DHCP, 72.x ip
    LAN: 192.168.0.1/24
    WiFi: Bridged to LAN (so IP box greys out)
            I have tried unbridging it and setting the IP manually to 192.168.0.2, but that results in wireless clients being unable to ping the pfsense box, 192.168.0.1 or 192.168.0.2. (No route to host). They can make a connection with the AP, they just cannot ping it.

    Also as I said before, the same thing happens if I only have the WiFi interface bridged to the LAN interface. Wireless clients can connect to the AP but cannot ping it. I must have both the WiFi bridged to the LAN and the LAN bridged to the WiFi

    Is this proper to be bridging them both to one another?

    0
  • P

    does anyone have any insight as to why the wireless client will lose access to the internet at a random amount of time?  It can still access the AP and ping the pfsense box, but I have to go to the LAN interface and unbridge it to the WiFi, and then rebridge it, and it can connect to the internet again. Thanks

    0
  • P

    So the client previously in question is a macbook (192.168.0.20). Now when trying to connect a PC wireless client (192.168.0.21), they can connect to the AP, ping the AP (pfsense box, 192.168.0.1), but cannot access the internet. They can ping google, an IP is resolved, but Request timed out. Does anyone have any ideas what is going on here? I'd really appreciate any input. Thanks.

    0
  • H

    I need a macbook donated to be able to reproduce  ;D

    0
  • P

    ahahahhahaa  :D

    yea, i'll get right on that. i'm currently trying to steal the girl's since my only portable computer is a k6 450mhz

    0
  • P

    this is my states while pinging and trying to connect to google.com
    I guess this means it isnt a NAT issue ?

    Proto  Source -> Router -> Destination                                          State   
    icmp 64.233.187.99:58624 <- 192.168.0.20                                         0:0
    icmp 192.168.0.20:58624 -> 72.186.197.246:43117 -> 64.233.187.99       0:0
    tcp 209.85.165.104:80 <- 192.168.0.20:49248                       SYN_SENT:ESTABLISHED
    tcp 192.168.0.20:49248 -> 72.186.197.246:57479 -> 209.85.165.104:80
                                                                                                          ESTABLISHED:SYN_SENT

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy