WAN <-> LAN + OPT1



  • I have the network (workstations and servers) running through LAN, and I have our "recreational" wireless router plugged into OPT1. Cable modem is plugged into WAN of course.

    How do I make it so that WAN is shared to both LAN and OPT1, but separate from each other?



  • Unless I misunderstood your question, that is the default configuration.



  • Well it isn't working.

    By default, OPT1 is disabled.

    By default, if OPT1 is enabled, Type under General Configuration is set to STATIC, and Bridge with under IP Configuration is set to none. Attempting to save or submit the page like this will trigger a message that states I must fill out the IP Address under IP Configuration.



  • @BlueToast:

    Well it isn't working.

    If you mean you can access the internet from LAN but not from OPT1 then you need to tweak the firewall rules on OPT1 to specify what internet access you want. (Sorry, I should have mentioned this in my previous reply.)

    Otherwise you will need to substantially elaborate on "not working".



  • @wallabybob:

    @BlueToast:

    Well it isn't working.

    If you mean you can access the internet from LAN but not from OPT1 then you need to tweak the firewall rules on OPT1 to specify what internet access you want. (Sorry, I should have mentioned this in my previous reply.)

    Otherwise you will need to substantially elaborate on "not working".

    The wireless router is unable to obtain an IP address. To clarify, the wireless router is connected to the pfSense server from its own WAN port to the pfSense OPT1 port.

    Using Type STATIC under General Configuration, what IP can I give it? The LAN IP of the wireless router is 192.168.0.1 – so would I be able to assign the wireless router a WAN IP of 192.168.0.1 via pfSense on OPT1?

    Using Type DHCP under General Configuration, with the wireless router's WAN set to DHCP, the wireless router is still unable to obtain a WAN IP address.



  • Please read http://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense and ask if you have further questions.

    To answer your specific questions:
    @BlueToast:

    Using Type STATIC under General Configuration, what IP can I give it? The LAN IP of the wireless router is 192.168.0.1 – so would I be able to assign the wireless router a WAN IP of 192.168.0.1 via pfSense on OPT1?

    The IP address of pfSense OPT1 needs to be in a different subnet from LAN. If your LAN is 192.168.0.1/24 then I suggest you use 192.168.x.1/24 (x not equal 1) for OPT1. Your wireless router is likely to be "always on" so you might as well give it a fixed IP address on the 192.168.x.0/24 subnet.

    @BlueToast:

    Using Type DHCP under General Configuration, with the wireless router's WAN set to DHCP, the wireless router is still unable to obtain a WAN IP address.

    Type DHCP on pfSense means the corresponding interface is supposed to get its IP address from a DHCP server. But you haven't mentioned a DHCP server on OPT1. Things won't work if both your wireless router AND pfSense OPT1 are trying to get their IP addresses from a non-existent DHCP server.

    In your case I would suggest static IP addresses for pfSense OPT1 and wireless router LAN with DHCP server enabled on pfSense OPT1 to configure wireless clients.

    If you aren't sure of the details of how IP routing I suggest reading the Wikipedia articles on IP subnets and IP routing.



  • 1. Disconnect the Wireless router
    2. Setup a firewall rule to allow traffic from your OPT1 to your WAN
    3. Assign a subnet to your OPT1 port, e.g. define a static IP in another range than your LAN (like 192.168.55.1/24)
    4. Enable DHCP server on your OPT1 interface to hand out IP addresses to your wireless clients. (Start from, say, 192.168.55.50)
    5. Disable DHCP on your wireless router
    6. Assign the LAN interface of your wireless router a static IP in the same range as your OPT1 PFSense interface (like 192.168.55.2)
    7. Connect the OPT1 interface of your PFSense box to a LAN interface on the wireless router (YES, LEAVE THE WAN PORT ON YOUR WIRELESS ROUTER EMPTY!)
    8. Configure the wireless options like you would normaly

    This bypasses the NAT function of your wireless router and gives you a cheap access point. The wireless clients will now act af if they are directly connected to your PFSense box (with a wireless 'switch' so to say)



  • I think there is some sort of conflict here because about half the time the wireless router gets DHCP assignments not from the pfSense router, but a server from the LAN interface that is also a DHCPd server (which I am working on stopping).

    Also, how do I delete bridge0?
    (EDIT: At one point experimented with setting OPT1 to bridge with LAN, then later set back to none. When I do ifconfig in SSH, it shows…

    bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether 6e:00:ed:3a:84:d8
            id 00:23:5a:19:d0:57 priority 32768 hellotime 2 fwddelay 15
            maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
            root id 00:23:5a:19:d0:57 priority 32768 ifcost 0 port 0
            member: em1 flags=1e7 <learning,discover,stp,edge,autoedge,ptp,autoptp>ifmaxaddr 0 port 2 priority 128 path cost 200000 proto rstp
                    role designated state forwarding
            member: em0 flags=1e7 <learning,discover,stp,edge,autoedge,ptp,autoptp>ifmaxaddr 0 port 1 priority 128 path cost 200000 proto rstp
                    role disabled state discarding</learning,discover,stp,edge,autoedge,ptp,autoptp></learning,discover,stp,edge,autoedge,ptp,autoptp></up,broadcast,running,simplex,multicast>

    …and under Status-->Intefaces there is a line for "Bridge (bridge0)" saying "learning" on both LAN and OPT1.)



  • Reboot or at the console run this command:

    ifconfig bridge0 destroy



  • Thanks! I really appreciate that.

    I will post an update to this thread once I get my other "problem" resolved. ;o



  • Screenshots of router and pfSense webpages at http://www.hlrse.net/Qwerty/pfSense/2010-12-22_1013/

    Am I doing this right? :( What do I need to change in which screenshot?



  • For the d-link, you are double natting, which I dont like as it can and does break things.
    I would recommend disabling the DHCP server on the d-link and plug the pfsense cable that was going into the dlinks wan into its lan, after setting a static LAN IP on the router thats in the same subnet as the interface its plugging into.

    For the rules, I would make the opt rule the same as the LAN rule (if its not working)

    Otherwise it looks fine to me.


Locked