Wireless bridging not working as expected, plus a WOL issue.
-
I've got an ALIX 2C3 with an Atheros AR5212 wifi mini-pci card in it that has been running various versions of 2.X nanobsd , including last nights most recent snapshot in an attempt to try and get wake on lan (WOL) to work when the LAN and WLAN interface are being bridged. Currently, my system is setup like so:
LAN –> vr0 --> 192.168.1.1/24
WAN --> vr1 --> DHCP
DMZ --> vr2 --> 172.16.0.1/24
WLAN --> ath0 --> None
OPT3 --> bridge0 --> NoneClients on my LAN side can not see clients on the WLAN side. The pfsense can ping both LAN and WLAN clients. This seems to be a recent change to the bridging code within the last week or so (I was previously on a Mar 4 image).
The reason I have my bridge setup like above is because anytime I have tried to use the HOW-TO that is stickied it results in no one on LAN or WLAN being able to talk to the pfSense router at all. (This is why I have a separate network setup on
The other issue I have run across in my situation is that the Wake on LAN capability doesnt work properly when bridging is being done the way I have it. I can send WOL packets to LAN-side devices fine, but if I try to send a WOL packet via the WLAN interface I see the following error:
php: /services_wol.php: The command '/usr/local/bin/wol -i 00:24:23:09:0d:79' returned exit code '1', the output was '/usr/local/bin/wol: You must specify at least one MAC-ADDRESS. Try `/usr/local/bin/wol --help' for more information.'
Don't know about you, but it looks like a MAC address was specified to me.
So can someone tell me how wireless bridging SHOULD be setup? And verified as working? Because the stickied howto doesnt work for me at all. Also, if someone can shed light on my Wake on LAN problems that would be super awesome. Thanks!
-
My working wireless LAN bridged with a wired interface:
LAN is bridge0. bridge0 has members vr0 and ath0.
bridge0 has static IP address, vr0 and ath0 don't have an IP address.
vr0 and ath0 both have firewall rules allowing anything from LAN net and UDP from 0.0.0.0 port 69 to 255.255.255.255/31 port 67 (to allow DHCP).
The wol command needs either the "-i" omitted OR an interface name (such as vr0) following the "-i".
Perhaps you need to check what you have set in the web GUI or there is a bug in the GUI, not correctly translating to the shell command.# /usr/local/bin/wol -i 00:24:23:09:0d:79 /usr/local/bin/wol: You must specify at least one MAC-ADDRESS. Try `/usr/local/bin/wol --help' for more information. # /usr/local/bin/wol -i vr0 00:24:23:09:0d:79 Waking up 00:24:23:09:0d:79... # /usr/local/bin/wol 00:24:23:09:0d:79 Waking up 00:24:23:09:0d:79...
-
The WOL error I posted is what shows up in the system log after I click on the MAC address of the target I want to wake up. Under my current situation, LAN targets work fine but WLAN targets cause this error to happen so I guess that means there is a bug in the translation from the webGUI to the shell command.
I will try to do the bridging like you suggest and see if there are positive changes.
My working wireless LAN bridged with a wired interface:
LAN is bridge0. bridge0 has members vr0 and ath0.
bridge0 has static IP address, vr0 and ath0 don't have an IP address.
vr0 and ath0 both have firewall rules allowing anything from LAN net and UDP from 0.0.0.0 port 69 to 255.255.255.255/31 port 67 (to allow DHCP).
The wol command needs either the "-i" omitted OR an interface name (such as vr0) following the "-i".
Perhaps you need to check what you have set in the web GUI or there is a bug in the GUI, not correctly translating to the shell command.# /usr/local/bin/wol -i 00:24:23:09:0d:79 /usr/local/bin/wol: You must specify at least one MAC-ADDRESS. Try `/usr/local/bin/wol --help' for more information. # /usr/local/bin/wol -i vr0 00:24:23:09:0d:79 Waking up 00:24:23:09:0d:79... # /usr/local/bin/wol 00:24:23:09:0d:79 Waking up 00:24:23:09:0d:79...
-
Sorry, just noticed a typo:
. . . from LAN net and UDP from 0.0.0.0 port 69 to 255.255.255.255/31 port 67 (to allow DHCP).
should have been
. . . from LAN net and UDP from 0.0.0.0 port 68 to 255.255.255.255/31 port 67 (to allow DHCP).
(port 68, not port 69)
-
Hate to say it, but your method does not work for me. When I have my ALIX setup the way you describe I now have wifi clients able to ping and browse the network, but my LAN side wired clients now cannot ping or talk to the Internet. So I repeat, how exactly does one get bridging setup between WLAN and LAN and have it working? The HOWTO does not work, period. I am attaching my firewall rules and tuneables in case there is something there that is causing this behavior.
My working wireless LAN bridged with a wired interface:
LAN is bridge0. bridge0 has members vr0 and ath0.
bridge0 has static IP address, vr0 and ath0 don't have an IP address.
vr0 and ath0 both have firewall rules allowing anything from LAN net and UDP from 0.0.0.0 port 69 to 255.255.255.255/31 port 67 (to allow DHCP).
The wol command needs either the "-i" omitted OR an interface name (such as vr0) following the "-i".
Perhaps you need to check what you have set in the web GUI or there is a bug in the GUI, not correctly translating to the shell command.# /usr/local/bin/wol -i 00:24:23:09:0d:79 /usr/local/bin/wol: You must specify at least one MAC-ADDRESS. Try `/usr/local/bin/wol --help' for more information. # /usr/local/bin/wol -i vr0 00:24:23:09:0d:79 Waking up 00:24:23:09:0d:79... # /usr/local/bin/wol 00:24:23:09:0d:79 Waking up 00:24:23:09:0d:79...
-
Hate to say it, but your method does not work for me. When I have my ALIX setup the way you describe I now have wifi clients able to ping and browse the network, but my LAN side wired clients now cannot ping or talk to the Internet.
My method does work for me so I suspect there is something different about your system. Perhaps my description left out a step. Perhaps you didn't do all that I suggested.
On my system: net.link.bridge.pfil_member is 1 and net.link.bridge.pfil_bridge is 0, opposite to your values
(I don't recall changing these so I would guess they are defaults.) I guess they are what they are for a reason. I don't know if these variables are read only at boot time or interface creation time so if you decide to change them it would probably be best to reboot to make sure the change(s) take effect.Did you reset firewall states? (Diagnostics -> States, click on the Reset States tab suggests this is sometimes necessary when tweaking the firewall rules.)
If you didn't reboot after all changes I suggest you do so and test again. If you still have problems then take a look at the firewall log to see if it gives you any clues to why your LAN clients can't access the Internet.
-
As it turns out, resetting both of the bridge tuneables to "default" caused my problem to go away. I currently have my bridging setup similar to as in my original post and even the WOL problem seems to have cleared up as well.
I think the lesson here is that system tuneables can have great effect on how things in pfSense can or can not work. Perhaps when adding a bridge to a new system the php code should check the value of these two bridging tuneables and give at least a warning to the users about how bridging is affected by them?