Wireless bridge with LAN ok, but it can't connect to Internet

namviet

I have a map of LAN:

Internet - Pfsense –---> LAN (192.168.2.x)
                                  ----> WLAN (bridged with LAN)

WLAN is AP mode
Firewall rules, wilress: any to any

Wireless PC connect with PC on my LAN are okie, but they cannot connect to Internet.
Please help me!

Perry

hmm sounds ok, but does it look like this.

hoba

What IP do your clients use as gateway and DNS?

namviet

My IP of client is 192.168.2.96
Gateway: 192.168.2.1
DNS: 192.168.2.1
I don't know why?

Perry

that's how it should be

So is it a default install with no other rules?

what does your system logs tell you.  anything getting block

Jonb

this problem happens with me to or I get what happens in my other thread
http://forum.pfsense.org/index.php?topic=4121.0

Jonb

The only way I can connect to the internet is to go throught squid proxy.  I have manage to solve the problem with the wireless not working full stop. I suppos there is something wrong with the routing. I can't get through to the IPSEC tunnels either when on wireless.  Is there anyway I can fix this.

Interfaces
ral0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>mtu 1500
inet6 fe80::20f:eaff:fe84:d8dd%ral0 prefixlen 64 scopeid 0x1
ether 00:0f:ea:84:d8:dd
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: associated
ssid Main22 channel 6 bssid 00:0f:ea:84:d8:dd
authmode WPA2/802.11i privacy MIXED deftxkey 3 AES-CCM 2:128-bit
AES-CCM 3:128-bit txpowmax 100 bmiss 7 protmode OFF -apbridge
dtimperiod 1 bintval 100
rl0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>mtu 1500
options=8 <vlan_mtu>inet 10.255.0.200 netmask 0xffffff00 broadcast 10.255.0.255
inet6 fe80::210:a7ff:fe22:f64%rl0 prefixlen 64 scopeid 0x2
ether 00:10:a7:22:0f:64
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
options=9 <rxcsum,vlan_mtu>inet6 fe80::206:5bff:fec3:4f4%xl0 prefixlen 64 scopeid 0x3
ether 00:06:5b:c3:04:f4
media: Ethernet autoselect (10baseT/UTP)
status: active
lo0: flags=8049 <up,loopback,running,multicast>mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
pflog0: flags=100 <promisc>mtu 33208
pfsync0: flags=41 <up,running>mtu 2020
pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
enc0: flags=41 <up,running>mtu 1536
ng0: flags=89d1 <up,pointopoint,running,noarp,promisc,simplex,multicast>mtu 1492
inet6 fe80::20f:eaff:fe84:d8dd%ng0 prefixlen 64 scopeid 0x8
inet 194.106.44.200 –> 194.106.38.251 netmask 0xffffffff
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
ether c6:78:b8:6c:31:21
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0
member: rl0 flags=143 <learning,discover,autoedge,autoptp>member: ral0 flags=143 <learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></up,pointopoint,running,noarp,promisc,simplex,multicast></up,running></up,running></promisc></up,loopback,running,multicast></rxcsum,vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,promisc,simplex,multicast></hostap></up,broadcast,running,promisc,simplex,multicast>

Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            194.106.38.251    UGS        0    17194    ng0
10.255/24          link#2            UC          0        0    rl0
10.255.0.2        link#2            UHLW        1        7    rl0
10.255.0.7        00:19:d2:4e:9a:5c  UHLW        1    4322    rl0  1144
10.255.0.200      00:10:a7:22:0f:64  UHLW        1    5482    lo0
127.0.0.1          127.0.0.1          UH          0        0    lo0
194.106..    194.106..    UH          1    1785    ng0
194.106..    lo0                UHS        0        0    lo0

pfctl -sn
nat-anchor "pftpx/" all
nat-anchor "natearly/" all
nat-anchor "natrules/" all
nat on xl0 inet from 10.255.0.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
nat on ng0 inet from 10.255.0.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
nat on xl0 inet from 10.255.0.0/24 to any -> (ng0) round-robin
nat on ng0 inet from 10.255.0.0/24 to any -> (ng0) round-robin
rdr-anchor "pftpx/" all
rdr-anchor "slb" all
no rdr on rl0 proto tcp from any to <vpns>port = ftp
rdr on rl0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021
rdr on ral0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8022
rdr on ng0 inet proto tcp from any to 194.106.. port = ftp -> 10.255.0.2
rdr on ng0 inet proto tcp from any to 194.106.. port = http -> 10.255.0.2
rdr on ng0 inet proto tcp from any to 194.106.. port = 2750 -> 10.255.0.2
rdr on ng0 inet proto udp from any to 194.106.. port = 2750 -> 10.255.0.2
rdr on ng0 inet proto tcp from any to 194.106.. port = 5900 -> 10.255.0.2
rdr on ng0 inet proto udp from any to 194.106.. port = 5900 -> 10.255.0.2
rdr on ng0 inet proto tcp from any to 194.106.. port = 2568 -> 10.255.0.3
rdr on ng0 inet proto udp from any to 194.106.. port = 2568 -> 10.255.0.3
rdr-anchor "imspector" all
rdr-anchor "miniupnpd" all</vpns>

pfctl -si
Status: Enabled for 0 days 06:04:37          Debug: Urgent

Hostid: 0x897d55c1

Interface Stats for ral0              IPv4            IPv6
  Bytes In                        1489790            20690
  Bytes Out                        212780              288
  Packets In
    Passed                            9693                0
    Blocked                            521              218
  Packets Out
    Passed                            3747                4
    Blocked                              0                0

State Table                          Total            Rate
  current entries                      67
  searches                          91495            4.2/s
  inserts                            9795            0.4/s
  removals                            9728            0.4/s
Counters
  match                              22138            1.0/s
  bad-offset                            0            0.0/s
  fragment                              0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                            0            0.0/s
  ip-option                            23            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                      512            0.0/s
  state-insert                          0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                              0            0.0/s

pfctl -sa
TRANSLATION RULES:
nat-anchor "pftpx/" all
nat-anchor "natearly/" all
nat-anchor "natrules/" all
nat on xl0 inet from 10.255.0.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
nat on ng0 inet from 10.255.0.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
nat on xl0 inet from 10.255.0.0/24 to any -> (ng0) round-robin
nat on ng0 inet from 10.255.0.0/24 to any -> (ng0) round-robin
rdr-anchor "pftpx/" all
rdr-anchor "slb" all
no rdr on rl0 proto tcp from any to <vpns>port = ftp
rdr on rl0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021
rdr on ral0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8022</vpns>

LABEL COUNTERS:
SHAPER: first match rule 11446 0 0
Block snort2c hosts 11446 0 0
Block snort2c hosts 11446 0 0
pass loopback 11446 3002 526809
pass loopback 3002 3002 526809
allow access to DHCP server on LAN 5234 0 0
allow access to DHCP server on LAN 4355 12 3969
allow access to DHCP server on LAN 3989 0 0
allow access to DHCP server on LAN 3989 0 0
allow access to DHCP server on LAN 5030 10 3280
allow access to DHCP server on LAN 4151 0 0
block dhcp client out wan 4151 0 0
block dhcp client out wan 4151 0 0
allow dhcp client out wan 2397 0 0
allow dhcp client out wan 2397 0 0
block private networks from wan block 10/8 5212 0 0
block private networks from wan block 10/8 5212 0 0
block private networks from wan block 127/8 4288 0 0
block private networks from wan block 127/8 4288 0 0
block private networks from wan block 172.16/12 4288 0 0
block private networks from wan block 172.16/12 4288 0 0
block private networks from wan block 192.168/16 4288 0 0
block private networks from wan block 192.168/16 4288 0 0
virusprot overload table 5212 0 0
block bogon networks from wan 5212 0 0
block bogon networks from wan 5212 0 0
let out anything from firewall host itself 5212 0 0
let out anything from firewall host itself 5212 0 0
let out anything from firewall host itself 4192 0 0
let out anything from firewall host itself 4192 0 0
let out anything from firewall host itself 4192 0 0
let out anything from firewall host itself 4192 0 0
let out anything from firewall host itself 4192 0 0
let out anything from firewall host itself 4192 0 0
let out anything from firewall host itself 4192 0 0
let out anything from firewall host itself 4192 0 0
let out anything from firewall host itself 4192 0 0
let out anything from firewall host itself 4192 13317 4665665
let out anything from firewall host itself 3268 1010 59064
let out anything from firewall host itself 196 0 0
let out anything from firewall host itself 196 0 0
let out anything from firewall host itself 196 0 0
let out anything from firewall host itself 196 1508 520240
let out anything from firewall host itself 2399 0 0
let out anything from firewall host itself 1059 0 0
IPSEC internal host to host 705 2978 183720
let out anything from firewall host itself 0 0 0
let out anything from firewall host itself 0 0 0
let out anything from firewall host itself 0 0 0
anti-lockout web rule 2884 10977 5645701
sshlockout 2444 0 0
USER_RULE: NAT  1765 0 0
USER_RULE: NAT  1765 0 0
USER_RULE: NAT  1418 0 0
USER_RULE: NAT  1418 0 0
USER_RULE: Azureus 1613 0 0
USER_RULE: Azureus 152 0 0
USER_RULE: Azureus 1765 0 0
USER_RULE: Azureus 152 0 0
USER_RULE 1765 0 0
USER_RULE 1765 0 0
USER_RULE: NAT ultravnc 1613 0 0
USER_RULE: NAT ultravnc 152 0 0
USER_RULE: NAT ultravnc 1765 0 0
USER_RULE: NAT ultravnc 152 0 0
USER_RULE 1765 7933 446362
USER_RULE 865 1660 130278
USER_RULE 517 0 0
USER_RULE 517 0 0
USER_RULE: Default LAN -> any 517 0 0
USER_RULE: Default LAN -> any 517 0 0
USER_RULE: Default LAN -> any 517 0 0
USER_RULE: Default LAN -> any 517 0 0
USER_RULE: Permit IPSEC traffic. 899 575 54450
IPSEC: Work - outbound isakmp 729 0 0
IPSEC: Work - outbound isakmp 729 0 0
IPSEC: Work - inbound isakmp 729 0 0
IPSEC: Work - inbound isakmp 729 0 0
IPSEC: Work - outbound esp proto 729 0 0
IPSEC: Work - outbound esp proto 729 0 0
IPSEC: Work - inbound esp proto 729 0 0
IPSEC: Work - inbound esp proto 729 0 0
IPSEC: Work - outbound isakmp 729 0 0
IPSEC: Work - outbound isakmp 729 0 0
IPSEC: Work - inbound isakmp 729 0 0
IPSEC: Work - inbound isakmp 729 0 0
IPSEC: Work - outbound esp proto 729 0 0
IPSEC: Work - outbound esp proto 729 0 0
IPSEC: Work - inbound esp proto 729 0 0
IPSEC: Work - inbound esp proto 729 0 0
IPSEC: Work - outbound isakmp 729 0 0
IPSEC: Work - outbound isakmp 729 0 0
IPSEC: Work - inbound isakmp 729 0 0
IPSEC: Work - inbound isakmp 729 0 0
IPSEC: Work - outbound esp proto 729 0 0
IPSEC: Work - outbound esp proto 729 0 0
IPSEC: Work - inbound esp proto 729 0 0
IPSEC: Work - inbound esp proto 729 0 0
IPSEC: Mobile - inbound isakmp 729 0 0
IPSEC: Mobile - inbound isakmp 729 0 0
IPSEC: Mobile - inbound esp proto 729 0 0
IPSEC: Mobile - inbound esp proto 729 574 85128
IPSEC: Mobile - inbound ah proto 638 0 0
IPSEC: Mobile - inbound ah proto 638 0 0
IPSEC: Mobile - inbound isakmp 638 0 0
IPSEC: Mobile - inbound isakmp 446 0 0
IPSEC: Mobile - inbound esp proto 638 0 0
IPSEC: Mobile - inbound esp proto 446 0 0
IPSEC: Mobile - inbound ah proto 638 0 0
IPSEC: Mobile - inbound ah proto 446 0 0
FTP PROXY: Allow traffic to localhost 638 0 0
FTP PROXY: Allow traffic to localhost 0 0 0
FTP PROXY: PASV mode data connection 638 0 0
FTP PROXY: Allow traffic to localhost 577 0 0
FTP PROXY: Allow traffic to localhost 0 0 0
Default block all just to be sure. 638 638 77846
Default block all just to be sure. 0 0 0

TIMEOUTS:
tcp.first                  120s
tcp.opening                  30s
tcp.established          86400s
tcp.closing                900s
tcp.finwait                  45s
tcp.closed                  90s
tcp.tsdiff                  30s
udp.first                    60s
udp.single                  30s
udp.multiple                60s
icmp.first                  20s
icmp.error                  10s
other.first                  60s
other.single                30s
other.multiple              60s
frag                        30s
interval                    10s
adaptive.start                0 states
adaptive.end                  0 states
src.track                    0s

LIMITS:
states    hard limit  10000
src-nodes  hard limit  10000
frags      hard limit  5000

TABLES:
bogons
snort2c
sshlockout
virusprot
vpns

OS FINGERPRINTS:
296 fingerprints loaded

638              Block    In        ral0                      0        0        0      drop inet6 from fe80::20f:eaff:fe84:d8dd/128 to any

block bogon networks

http://www.cymru.com/Documents/bogon-bn-nonagg.txt

anchor "wanbogons"
table <bogons>persist file "/etc/bogons"
block in log quick on $wan from <bogons>to any label "block bogon networks from wan"

pass traffic from firewall -> out

anchor "firewallout"
pass out quick on  { xl0 ng0 }  all keep state tagged qwandef queue (qwandef, qwanacks) label "let out anything from firewall host itself"
pass out quick on  { xl0 ng0 }  all keep state tagged qP2PUp queue (qP2PUp, qwanacks) label "let out anything from firewall host itself"
pass out quick on  { xl0 ng0 }  all keep state tagged qGamesUp queue (qGamesUp, qwanacks) label "let out anything from firewall host itself"
pass out quick on  { xl0 ng0 }  all keep state tagged qOthersUpH queue (qOthersUpH, qwanacks) label "let out anything from firewall host itself"
pass out quick on  { xl0 ng0 }  all keep state tagged qOthersDownH queue (qOthersDownH, qwanacks) label "let out anything from firewall host itself"
pass out quick on  { xl0 ng0 }  all keep state queue (qwandef, qwanacks) label "let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qlandef queue (qlandef, qlanacks) label "let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qP2PDown queue (qP2PDown, qlanacks) label "let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qGamesDown queue (qGamesDown, qlanacks) label "let out anything from firewall host itself"
pass out quick on rl0 all keep state tagged qOthersDownH queue (qOthersDownH, qlanacks) label "let out anything from firewall host itself"
pass out quick on rl0 all keep state queue (qlandef, qlanacks) label "let out anything from firewall host itself"
pass out quick on ral0 all keep state  label "let out anything from firewall host itself"
pass out quick on bridge0 all keep state label "let out anything from firewall host itself"
pass out quick on $enc0 keep state label "IPSEC internal host to host"

let out anything from the firewall host itself and decrypted IPsec traffic

pass out quick on ral0 proto icmp keep state label "let out anything from firewall host itself"
pass out quick on ral0 all keep state label "let out anything from firewall host itself"

permit wan interface to ping out (ping_hosts.sh)

pass out quick on ng0 proto icmp keep state label "let out anything from firewall host itself"

make sure the user cannot lock himself out of the webGUI or SSH

anchor "anti-lockout"
pass in quick from 10.255.0.0/24 to 10.255.0.200 keep state label "anti-lockout web rule"</bogons></bogons>

DMESG
Copyright 1992-2007 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 6.2-RELEASE-p3 #0: Mon Mar 19 09:05:52 EDT 2007
    sullrich@builder6.pfsense.com:/usr/obj.pfSense/usr/src/sys/pfSense.6
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) 4 CPU 1.70GHz (1695.00-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf12  Stepping = 2
  Features=0x3febfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm>real memory  = 267874304 (255 MB)
avail memory = 252387328 (240 MB)
ACPI APIC Table: <dell  gx240 ="">ioapic0: Changing APIC ID to 1
ioapic0 <version 2.0="">irqs 0-23 on motherboard
wlan: mac acl policy registered
kbd1 at kbdmux0
ath_hal: 0.9.17.2 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
acpi0: <dell gx240 ="">on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
cpu0: <acpi cpu="">on acpi0
acpi_button0: <power button="">on acpi0
pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
pci0: <acpi pci="" bus="">on pcib0
agp0: <intel 82845="" host="" to="" agp="" bridge="">mem 0xf0000000-0xf7ffffff at device 0.0 on pci0
pcib1: <pci-pci bridge="">at device 1.0 on pci0
pci1: <pci bus="">on pcib1
pci1: <display, vga="">at device 0.0 (no driver attached)
pcib2: <acpi pci-pci="" bridge="">at device 30.0 on pci0
pci2: <acpi pci="" bus="">on pcib2
ral0: <ralink technology="" rt2500="">mem 0xff6fe000-0xff6fffff irq 17 at device 8.0 on pci2
ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525
ral0: Ethernet address: 00:0f:ea:84:d8:dd
rl0: <realtek 10="" 8139="" 100basetx="">port 0xdc00-0xdcff mem 0xff6fdc00-0xff6fdcff irq 19 at device 10.0 on pci2
miibus0: <mii bus="">on rl0
rlphy0: <realtek internal="" media="" interface="">on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:10:a7:22:0f:64
xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xd880-0xd8ff mem 0xff6fd800-0xff6fd87f irq 18 at device 12.0 on pci2
miibus1: <mii bus="">on xl0
ukphy0: <generic ieee="" 802.3u="" media="" interface="">on miibus1
ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
xl0: Ethernet address: 00:06:5b:c3:04:f4
isab0: <pci-isa bridge="">at device 31.0 on pci0
isa0: <isa bus="">on isab0
atapci0: <intel ich2="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0
ata0: <ata 0="" channel="">on atapci0
ata1: <ata 1="" channel="">on atapci0
pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
speaker0: <pc speaker="">port 0x61 on acpi0
fdc0: <floppy drive="" controller="">port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: [FAST]
pmtimer0 on isa0
orm0: <isa option="" rom="">at iomem 0xc0000-0xc7fff on isa0
atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 on isa0
atkbd0: <at keyboard="">irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
ppc0: parallel port not found.
sc0: <system console="">at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0: configured irq 4 not in bitmap of probed irqs 0
sio0: port may not be enabled
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 8250 or not responding
sio1: configured irq 3 not in bitmap of probed irqs 0
sio1: port may not be enabled
vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1695004244 Hz quality 800
Timecounters tick every 1.000 msec
Fast IPsec: Initialized Security Association Processing.
ad0: 19073MB <maxtor 2b020h1="" wah21pb0="">at ata0-master UDMA100
Trying to mount root from ufs:/dev/ad0s1a

___
/ f \
/ p \/ Sense
\/  \
    \/

Welcome to pfSense 1.0.1-SNAPSHOT-03-27-2007 on the 'pfSense' platform…

Mounting filesystems...
done.
Creating symlinks...
.
.
.
done.
Launching PHP init system...
done.
Initializing...
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
done.
Starting device manager (devd)...
done.
Loading configuration...
.
.
.
done.
Updating configuration...
done.
Cleaning backup cache...
done.
Setting up extended sysctls...
done.
Syncing user passwords...
done.
Starting Secure Shell Services...
done.
Setting timezone...
done.
Starting syslog...
done.
Configuring LAN interface...
rl0: link state changed to UP
xl0: link state changed to UP
rl0: link state changed to DOWN
done.
Configuring WAN interface...
rl0: link state changed to UP
done.
Configuring OPT interfaces...
done.
Configuring CARP interfaces...
done.
Syncing system time before startup...
done.
pflog0: promiscuous mode enabled
Configuring firewall...
.
.
.
.
.
.
snort_dynamic_ip_reload.php...
No matching processes were found
ng0: promiscuous mode enabled
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled
No matching processes were found
snort_xmlrpc_sync.php...
done.
Starting webConfigurator...
done.
Starting DNS forwarder...
done.
Starting DHCP service...
done.
Setting up microcode and tx/rx offloading...
done.
Configuring IPsec VPN...
done
Starting FTP helpers...
done.
Generating RRD graphs...
done.
Starting DHCP service...
done.
Starting OpenNTP time client...
ntpd: unknown user _ntp
done.
Starting CRON...
done.
Syncing packages:
sshterm
bandwidthd
rl0: promiscuous mode enabled

XML error: not well-formed (invalid token) at line 1
Executing rc.d items...
Starting /usr/local/etc/rc.d/bandwidthd.sh...
done.
Starting /usr/local/etc/rc.d/miniupnpd.sh...
done.
Starting /usr/local/etc/rc.d/proxy_monitor.sh...
done.
Starting /usr/local/etc/rc.d/snort.sh...
done.
Starting /usr/local/etc/rc.d/squid.sh...
done.
Starting /usr/local/etc/rc.d/svscan.sh...
done.
Bootup complete
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled
bridge0: Ethernet address: c6:78:b8:6c:31:21
ral0: promiscuous mode enabled
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled
WARNING: pseudo-random number generator used for IPsec processing
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled
ng0: promiscuous mode disabled
ng0: promiscuous mode enabled</maxtor></generic></system></at></keyboard></isa></floppy></pc></serial></ata></ata></intel></isa></pci-isa></generic></mii></realtek></mii></realtek></ralink></acpi></acpi></display,></pci></pci-pci></intel></acpi></acpi></power></acpi></dell></version></dell ></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm>

Jonb

After meny tries of trying to fix this I have tried this once so far and it has seem to of fixed the problem for now.

What I did was removed the the wireless interface saved that off then reassied the wireless nic and reconfigured the card.  I did do a reboot but this seem to fix the routing problem that I had.  All I can think is that the routing at some point seems to go west and you can only access the local network.

Can one of the dev coment on if they have seen any signs of this or if it just a small few isolated problems.

Thanks

guillotine

Sorry for hitchhiking this thread, but reading this I wonder what is the point of bridging WLAN with LAN if the firewall rules do not merged?
Regards

DocLove

I am having a similar problem with my setup.

I have set up a system using the latist build of pfsense-1.2-RC2-Live (downloaded on 9-19-07). Installed my Network cards and started the system.

Nic #1 LAN
Nic #2 WAN
Nic #3 WAN 2
Nic #4 Wireless Card.

Used the setup described in MultiWanVersion1.2 setup.
Set up the Wireless card as a AP and bridged it to the LAN

All computers on the LAN can connect to the internet.

Now if I connect a computer wirelessly to the system. It connects and gets all the DHCP info.

IP address: 192.168.1.198
Subnet mask: 255.255.255.0
Default Gateway             192.168.1.1  (pfSense address)
DNS Server 192.168.1.1
DHCP Server 192.168.1.1

Now here is where I start running into problems.

I can ping any computer located on the LAN, except the pfsense computer, from the wireless computer. When I try to ping the gateway (pfsense computer), I receive no responses. Now this is troubling because it had to see the pfsense computer to receive the DHCP info, as well as go through it to ping the LAN computers.

Now since I am a newbie to pfsense and routing, I hope this question is not dumb. I read the above information and did not understand what Jonb did to fix the problem.

Any help is appreciated; I hope to fix this problem before all my hair is gone. I don’t have all that much left. :)

The Doc.

DocLove

Fixed my probelm, Turned out to be a firewall rule issue.

Now I have a great setup. Love PfSense.

The Doc.

artbybart

Glad I came across this thread before I posted my problem!!  ;)

I was having similar problems like "namviet": On my laptop (WinXP) I was able to surf using LAN, but no luck using WLAN!!  >:(  In addition, through WLAN I was not able to ping my gateway (192.168.1.1)  and yet I was able to access the web interface and make any changes that I needed to make without any problems.  ???  I even had my NIC "disabled" when I'd have the wireless NIC "enabled", and vice-versa (to avoid any possible conflict).

I know it's weird and doesn't make sense.  And yes, I did have the firewall rule setup for the WLAN.

Thanks to "Perry" and the pic he included, I realized where my mistake was…..in the firewall rule for WLAN I had the source as "LAN Subnet" (fyi, I had also tried "any", which obviously didn't work) and not "WLAN Subnet".  This was the difference maker for me.  Such a mistake had me going in circles.

Thanks again and hope this helps whoever is running into the same problem.