Pfsense + dd-wrt as bridge in stead of router
-
Oh in that case you need vlans on pfSense and on the dd-wrt as well on the port linking to the pfSense.
Than a bridge on dd-wrt or pure routing.
Do not forget dhcp server config on pfSense for each vlan. -
@ermal:
Oh in that case you need vlans on pfSense and on the dd-wrt as well on the port linking to the pfSense.
Than a bridge on dd-wrt or pure routing.
Do not forget dhcp server config on pfSense for each vlan.Ermal,
First of all : thanks again for all your answers and your time! As i've mentioned i tought i had to use vlans. Little problem : i've never work with that before and i don't know exactly how to fix it at all… Could you please help me to set up the 2 vlans (1 public, 1 private) and how to set the right dhcp server config for each vlan?I've posted my current config in case you want to know more about my pfsense setup.. (http://krisken.dommel.be/pfsense/config.xml)
Thanks again
Kris -
Or if someone elke can help me with this issue?
-
I can't help you with the dd-wrt configuration except to support Ermal's suggestions.
I think you will have to configure the dd-wrt to use VLANs on one of its ports (the "WAN" port?, in which case to avoid double NAT you will probably have to bridge the dd-wrt WAN port to the wireless LANs).
On the pfSense side, you could use another NIC (VLAN capable) to connect to the dd-wrt (a straight through cable will probably work but you might need a cross over cable) and configure VLANs on that interface to correspond to the dd-wrt VLANs.
To learn more about VLANs you could read the Wikipedia article on VLAN and some of the linked pages (especially VLAN FAQs and QpenWRT guide to VLANs), look for VLANs in the pfSense documentation collection (follow the documentation link from the home page) and search the pfSense forums (for example, an article on configuring VLANs in a netgear switch was recently posted).
If you are still looking for help on pfSense you will probably need to ask much more specific questions.
-
New to pfSense 2.0 the ath and ral drivers support some form of multiple stations. I have no experience with this and so can't comment on whether this would be suitable for your requirements. There is a little more information on the FreeBSD 8.1 man pages for ral and ath. (FreeBSD man pages are accessible from http://www.freebsd.org/cgi/man.cgi). Where I live PCI cards known to these drivers can be purchased for less than the local equivalent of US$20. (In the case of the ath driver, I don't know that the card I'm thinking of has the necessary capability for supporting multiple SSIDs. The man pages suggests the capability is chipset specific.)
If dd-wrt can be configured as ermal suggested you would probably get a function setup that route than you would if you attempted to use the above described wireless capabilities of pfSense.
-
In the case of the ath driver, I don't know that the card I'm thinking of has the necessary capability for supporting multiple SSIDs. The man pages suggests the capability is chipset specific.
I haven't heard of it being chipset-specific so far; it has worked with all cards using ath that I've heard of anyone trying it on. There may be at least some kind of minimum requirement, though, like AR5212 or higher (which probably covers almost everything Atheros that anyone is selling, of those supported by ath).
-
Which router do you have running DD-WRT? Not all routers that run DD-WRT have internal LAN switches that are VLAN capable. Each router will have a different means of assigning the switchports for VLANs due to differing port and interface names.
-
@Efonne:
In the case of the ath driver, I don't know that the card I'm thinking of has the necessary capability for supporting multiple SSIDs. The man pages suggests the capability is chipset specific.
I haven't heard of it being chipset-specific so far; it has worked with all cards using ath that I've heard of anyone trying it on. There may be at least some kind of minimum requirement, though, like AR5212 or higher (which probably covers almost everything Atheros that anyone is selling, of those supported by ath).
The section of the man page I was referring to says: Multiple hostap virtual interfaces may be configured for simultaneous use on cards that use a 5212 part. Since other chipsets are mentioned in the man page it seems like this particular capability might be specific (or believed to be specific) to the 5212.
-
So far I have at least not heard of any 5212 or above chipset that does not support that feature (it has worked on all that I've heard it has been tried on), but I have not heard of anyone trying it on anything below that either.
-
Which router do you have running DD-WRT? Not all routers that run DD-WRT have internal LAN switches that are VLAN capable. Each router will have a different means of assigning the switchports for VLANs due to differing port and interface names.
WRT54GL (linksys)
-
Which router do you have running DD-WRT? Not all routers that run DD-WRT have internal LAN switches that are VLAN capable. Each router will have a different means of assigning the switchports for VLANs due to differing port and interface names.
WRT54GL (linksys)
That should work fine. Just google for: DD-WRT VLANs
One of the first few hits has a guide on setting up the switch port for VLANs on the WRT54 series.
Here: http://www.geek-pages.com/articles-for-geeks-mainmenu-2/1-latest/26-8021q-trunking-on-the-linksys-wrt54gsl-with-dd-wrtThen hobcobble the guide in your post to use the bridges to bridge each virtual BSSID to a VLAN instead.
i.e. Say you have VLAN 10 & 20 for private and public respectively then
br0 members: VLAN 10 and et0
br1 members: VLAN 20 and et0.1 (virtual BSSID for public)Then select a port for the trunking and add VLAN10 and 20 to it. You will also want to remove the lines related to DHCP since you want pfSense to handle that.
