Access WAN over wireless



  • Hello Gentlefolks.

    I connect to a wireless router (wan) and share the internet connection it offers in my home (lan).
    There are other clients connected to that router (not just my pfsense box).

    I would like to connect to those clients, to share files, ect, what settings would I have to change in my router to allow this? I cannot seem to connect to them, what am I missing?



  • @Grim0x:

    I cannot seem to connect to them, what am I missing?

    It would help to have more information. How are you attempting to access those clients and what is reported when you attempt such an access?

    It would probably be a little easier to manage a configuration in which the wireless router was on the LAN side of pfSense.



  • Well For staters, I cannot even ping the clients of that wifi router (I can ping the router itself).
    What is reported is "Client timed out" ; D

    hmmm - pinging one client did yeild the response "expired in transit".
    I have full access to the wifi router.
    Yes indeed, it WOULD be, but unfortunately, this is my current means of internet access..

    (a wifi router that shares internet, which my pfsense box picks up, and shares over lan).
    I gather that pfsense, by default, would be blocking such traffic from the WAN side (file sharing ect), what I'm wondering, is how do I circumvent this…

    @wallabybob:

    @Grim0x:

    I cannot seem to connect to them, what am I missing?

    It would help to have more information. How are you attempting to access those clients and what is reported when you attempt such an access?

    It would probably be a little easier to manage a configuration in which the wireless router was on the LAN side of pfSense.



  • @Grim0x:

    I gather that pfsense, by default, would be blocking such traffic from the WAN side (file sharing ect), what I'm wondering, is how do I circumvent this…

    Normally there is no need to circumvent this because an outgoing connection from the LAN side of pfSense creates a temporary hole in the firewall allowing "back traffic" from that particular WAN system to the LAN system that initiated the connection attempt.

    @Grim0x:

    Well For staters, I cannot even ping the clients of that wifi router (I can ping the router itself).
    What is reported is "Client timed out" ; D

    hmmm - pinging one client did yeild the response "expired in transit".

    Is the router configured to allow communication between the clients?

    Did your pings specify clients by IP address or hostname?
    If by IP address, does the client have a fixed IP address or dynamic IP address? Did the address change during your access attempt?
    If by hostname, which system is doing the hostname to IP address translation? Does pfSense use that system for its name service?



  • @Grim0x:

    Hello Gentlefolks.

    I connect to a wireless router (wan) and share the internet connection it offers in my home (lan).
    There are other clients connected to that router (not just my pfsense box).

    I would like to connect to those clients, to share files, ect, what settings would I have to change in my router to allow this? I cannot seem to connect to them, what am I missing?

    You'll need to set up pfsense in 'bridge mode' so it passes all traffic back and forth including the dhcp addresses from the front-line router.  Doing so turns the pfsense router into a common switch though.  You could play with the subnetting to open up the top level router and pfsense to give addresses within the same 'mask', but this takes some technique and time.  Or force all the traffic behind the pfsense system.

    My system is behind my ISP's modem (that has ethernet plus wireless that I turn off).  I connect the pfSense via ethernet to the modem to ensure maximum throughput.  Then I hang any ethernet switches or use wifi cards off the pfsense box. The reason I do this is the superior flexibility and granular control on pfsense vs the standard issue ISP modem.

    (If you're swapping data back and forth from various pc's on the LAN … take a look at FreeNAS as a data storage mechanism)



  • Thank you gentlemen Both for the responses.

    @JVIN:

    ou'll need to set up pfsense in 'bridge mode' so it passes all traffic back and forth including the dhcp addresses from the front-line router.  Doing so turns the pfsense router into a common switch though.

    I'll read up more on configuring 'bridge mode', I would like to try the subnetting route eventually though, for the purposes of security. Thanks Jvin.

    @wallabybob:

    Normally there is no need to circumvent this because an outgoing connection from the LAN side of pfSense creates a temporary hole in the firewall allowing "back traffic" from that particular WAN system to the LAN system that initiated the connection attempt.

    Oh I see…
    Thank you much for that bit of knowledge.

    @wallabybob:

    Did your pings specify clients by IP address or hostname?
    If by IP address, does the client have a fixed IP address or dynamic IP address? Did the address change during your access attempt?

    In each case, it was by IP. The client's IP did not change during this time, because I can confirm each client's IP Via the router's GUI, also the particular client I'd like to share with has an ip reserved. (ie mac bounded to IP)…

    At this point, I'm going to attempt bridging, but I DO want PF sense to act as a firewall, so if you have some more thoughts, I'd be very grateful to hear them.



  • Uncheck the box to block private networks under the wan interface. There is a good chance pfsense would be dropping traffic on the wan interface if it's behind another router. That said anything behind the firewall wouldn't be seen by wireless clients unless you do port forwarding.

    You want bridge mode though so it acts as a transparent firewall. No need for the box to do NAT if it's already behind another router. If you look through the firewalling section on the forums there should be several threads about how to setup a transparent firewall.


Locked