Wireless bridge with LAN ok, but it can't connect to Internet



  • I have a map of LAN:

    Internet - Pfsense –---> LAN (192.168.2.x)
                                      ----> WLAN (bridged with LAN)

    WLAN is AP mode
    Firewall rules, wilress: any to any

    Wireless PC connect with PC on my LAN are okie, but they cannot connect to Internet.
    Please help me!



  • hmm sounds ok, but does it look like this.




  • What IP do your clients use as gateway and DNS?



  • My IP of client is 192.168.2.96
    Gateway: 192.168.2.1
    DNS: 192.168.2.1
    I don't know why?



  • that's how it should be

    So is it a default install with no other rules?

    what does your system logs tell you.  anything getting block



  • this problem happens with me to or I get what happens in my other thread
    http://forum.pfsense.org/index.php?topic=4121.0



  • The only way I can connect to the internet is to go throught squid proxy.  I have manage to solve the problem with the wireless not working full stop. I suppos there is something wrong with the routing. I can't get through to the IPSEC tunnels either when on wireless.  Is there anyway I can fix this.

    Interfaces
    ral0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>mtu 1500
    inet6 fe80::20f:eaff:fe84:d8dd%ral0 prefixlen 64 scopeid 0x1
    ether 00:0f:ea:84:d8:dd
    media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: associated
    ssid Main22 channel 6 bssid 00:0f:ea:84:d8:dd
    authmode WPA2/802.11i privacy MIXED deftxkey 3 AES-CCM 2:128-bit
    AES-CCM 3:128-bit txpowmax 100 bmiss 7 protmode OFF -apbridge
    dtimperiod 1 bintval 100
    rl0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>mtu 1500
    options=8 <vlan_mtu>inet 10.255.0.200 netmask 0xffffff00 broadcast 10.255.0.255
    inet6 fe80::210:a7ff:fe22:f64%rl0 prefixlen 64 scopeid 0x2
    ether 00:10:a7:22:0f:64
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    xl0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
    options=9 <rxcsum,vlan_mtu>inet6 fe80::206:5bff:fec3:4f4%xl0 prefixlen 64 scopeid 0x3
    ether 00:06:5b:c3:04:f4
    media: Ethernet autoselect (10baseT/UTP)
    status: active
    lo0: flags=8049 <up,loopback,running,multicast>mtu 16384
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
    pflog0: flags=100 <promisc>mtu 33208
    pfsync0: flags=41 <up,running>mtu 2020
    pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
    enc0: flags=41 <up,running>mtu 1536
    ng0: flags=89d1 <up,pointopoint,running,noarp,promisc,simplex,multicast>mtu 1492
    inet6 fe80::20f:eaff:fe84:d8dd%ng0 prefixlen 64 scopeid 0x8
    inet 194.106.44.200 –> 194.106.38.251 netmask 0xffffffff
    bridge0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
    ether c6:78:b8:6c:31:21
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
    root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0
    member: rl0 flags=143 <learning,discover,autoedge,autoptp>member: ral0 flags=143 <learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></up,pointopoint,running,noarp,promisc,simplex,multicast></up,running></up,running></promisc></up,loopback,running,multicast></rxcsum,vlan_mtu></up,broadcast,running,simplex,multicast></full-duplex></vlan_mtu></up,broadcast,running,promisc,simplex,multicast></hostap></up,broadcast,running,promisc,simplex,multicast>

    Routing tables

    Internet:
    Destination        Gateway            Flags    Refs      Use  Netif Expire
    default            194.106.38.251    UGS        0    17194    ng0
    10.255/24          link#2            UC          0        0    rl0
    10.255.0.2        link#2            UHLW        1        7    rl0
    10.255.0.7        00:19:d2:4e:9a:5c  UHLW        1    4322    rl0  1144
    10.255.0.200      00:10:a7:22:0f:64  UHLW        1    5482    lo0
    127.0.0.1          127.0.0.1          UH          0        0    lo0
    194.106..    194.106..    UH          1    1785    ng0
    194.106..    lo0                UHS        0        0    lo0

    pfctl -sn
    nat-anchor "pftpx/" all
    nat-anchor "natearly/
    " all
    nat-anchor "natrules/" all
    nat on xl0 inet from 10.255.0.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
    nat on ng0 inet from 10.255.0.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
    nat on xl0 inet from 10.255.0.0/24 to any -> (ng0) round-robin
    nat on ng0 inet from 10.255.0.0/24 to any -> (ng0) round-robin
    rdr-anchor "pftpx/
    " all
    rdr-anchor "slb" all
    no rdr on rl0 proto tcp from any to <vpns>port = ftp
    rdr on rl0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021
    rdr on ral0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8022
    rdr on ng0 inet proto tcp from any to 194.106.. port = ftp -> 10.255.0.2
    rdr on ng0 inet proto tcp from any to 194.106.. port = http -> 10.255.0.2
    rdr on ng0 inet proto tcp from any to 194.106.. port = 2750 -> 10.255.0.2
    rdr on ng0 inet proto udp from any to 194.106.. port = 2750 -> 10.255.0.2
    rdr on ng0 inet proto tcp from any to 194.106.. port = 5900 -> 10.255.0.2
    rdr on ng0 inet proto udp from any to 194.106.. port = 5900 -> 10.255.0.2
    rdr on ng0 inet proto tcp from any to 194.106.. port = 2568 -> 10.255.0.3
    rdr on ng0 inet proto udp from any to 194.106.. port = 2568 -> 10.255.0.3
    rdr-anchor "imspector" all
    rdr-anchor "miniupnpd" all</vpns>

    pfctl -si
    Status: Enabled for 0 days 06:04:37          Debug: Urgent

    Hostid: 0x897d55c1

    Interface Stats for ral0              IPv4            IPv6
      Bytes In                        1489790            20690
      Bytes Out                        212780              288
      Packets In
        Passed                            9693                0
        Blocked                            521              218
      Packets Out
        Passed                            3747                4
        Blocked                              0                0

    State Table                          Total            Rate
      current entries                      67
      searches                          91495            4.2/s
      inserts                            9795            0.4/s
      removals                            9728            0.4/s
    Counters
      match                              22138            1.0/s
      bad-offset                            0            0.0/s
      fragment                              0            0.0/s
      short                                  0            0.0/s
      normalize                              0            0.0/s
      memory                                0            0.0/s
      bad-timestamp                          0            0.0/s
      congestion                            0            0.0/s
      ip-option                            23            0.0/s
      proto-cksum                            0            0.0/s
      state-mismatch                      512            0.0/s
      state-insert                          0            0.0/s
      state-limit                            0            0.0/s
      src-limit                              0            0.0/s
      synproxy                              0            0.0/s

    pfctl -sa
    TRANSLATION RULES:
    nat-anchor "pftpx/" all
    nat-anchor "natearly/
    " all
    nat-anchor "natrules/" all
    nat on xl0 inet from 10.255.0.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
    nat on ng0 inet from 10.255.0.0/24 port = isakmp to any port = isakmp -> (ng0) port 500 round-robin
    nat on xl0 inet from 10.255.0.0/24 to any -> (ng0) round-robin
    nat on ng0 inet from 10.255.0.0/24 to any -> (ng0) round-robin
    rdr-anchor "pftpx/
    " all
    rdr-anchor "slb" all
    no rdr on rl0 proto tcp from any to <vpns>port = ftp
    rdr on rl0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8021
    rdr on ral0 inet proto tcp from any to any port = ftp -> 127.0.0.1 port 8022</vpns>

    LABEL COUNTERS:
    SHAPER: first match rule 11446 0 0
    Block snort2c hosts 11446 0 0
    Block snort2c hosts 11446 0 0
    pass loopback 11446 3002 526809
    pass loopback 3002 3002 526809
    allow access to DHCP server on LAN 5234 0 0
    allow access to DHCP server on LAN 4355 12 3969
    allow access to DHCP server on LAN 3989 0 0
    allow access to DHCP server on LAN 3989 0 0
    allow access to DHCP server on LAN 5030 10 3280
    allow access to DHCP server on LAN 4151 0 0
    block dhcp client out wan 4151 0 0
    block dhcp client out wan 4151 0 0
    allow dhcp client out wan 2397 0 0
    allow dhcp client out wan 2397 0 0
    block private networks from wan block 10/8 5212 0 0
    block private networks from wan block 10/8 5212 0 0
    block private networks from wan block 127/8 4288 0 0
    block private networks from wan block 127/8 4288 0 0
    block private networks from wan block 172.16/12 4288 0 0
    block private networks from wan block 172.16/12 4288 0 0
    block private networks from wan block 192.168/16 4288 0 0
    block private networks from wan block 192.168/16 4288 0 0
    virusprot overload table 5212 0 0
    block bogon networks from wan 5212 0 0
    block bogon networks from wan 5212 0 0
    let out anything from firewall host itself 5212 0 0
    let out anything from firewall host itself 5212 0 0
    let out anything from firewall host itself 4192 0 0
    let out anything from firewall host itself 4192 0 0
    let out anything from firewall host itself 4192 0 0
    let out anything from firewall host itself 4192 0 0
    let out anything from firewall host itself 4192 0 0
    let out anything from firewall host itself 4192 0 0
    let out anything from firewall host itself 4192 0 0
    let out anything from firewall host itself 4192 0 0
    let out anything from firewall host itself 4192 0 0
    let out anything from firewall host itself 4192 13317 4665665
    let out anything from firewall host itself 3268 1010 59064
    let out anything from firewall host itself 196 0 0
    let out anything from firewall host itself 196 0 0
    let out anything from firewall host itself 196 0 0
    let out anything from firewall host itself 196 1508 520240
    let out anything from firewall host itself 2399 0 0
    let out anything from firewall host itself 1059 0 0
    IPSEC internal host to host 705 2978 183720
    let out anything from firewall host itself 0 0 0
    let out anything from firewall host itself 0 0 0
    let out anything from firewall host itself 0 0 0
    anti-lockout web rule 2884 10977 5645701
    sshlockout 2444 0 0
    USER_RULE: NAT  1765 0 0
    USER_RULE: NAT  1765 0 0
    USER_RULE: NAT  1418 0 0
    USER_RULE: NAT  1418 0 0
    USER_RULE: Azureus 1613 0 0
    USER_RULE: Azureus 152 0 0
    USER_RULE: Azureus 1765 0 0
    USER_RULE: Azureus 152 0 0
    USER_RULE 1765 0 0
    USER_RULE 1765 0 0
    USER_RULE: NAT ultravnc 1613 0 0
    USER_RULE: NAT ultravnc 152 0 0
    USER_RULE: NAT ultravnc 1765 0 0
    USER_RULE: NAT ultravnc 152 0 0
    USER_RULE 1765 7933 446362
    USER_RULE 865 1660 130278
    USER_RULE 517 0 0
    USER_RULE 517 0 0
    USER_RULE: Default LAN -> any 517 0 0
    USER_RULE: Default LAN -> any 517 0 0
    USER_RULE: Default LAN -> any 517 0 0
    USER_RULE: Default LAN -> any 517 0 0
    USER_RULE: Permit IPSEC traffic. 899 575 54450
    IPSEC: Work - outbound isakmp 729 0 0
    IPSEC: Work - outbound isakmp 729 0 0
    IPSEC: Work - inbound isakmp 729 0 0
    IPSEC: Work - inbound isakmp 729 0 0
    IPSEC: Work - outbound esp proto 729 0 0
    IPSEC: Work - outbound esp proto 729 0 0
    IPSEC: Work - inbound esp proto 729 0 0
    IPSEC: Work - inbound esp proto 729 0 0
    IPSEC: Work - outbound isakmp 729 0 0
    IPSEC: Work - outbound isakmp 729 0 0
    IPSEC: Work - inbound isakmp 729 0 0
    IPSEC: Work - inbound isakmp 729 0 0
    IPSEC: Work - outbound esp proto 729 0 0
    IPSEC: Work - outbound esp proto 729 0 0
    IPSEC: Work - inbound esp proto 729 0 0
    IPSEC: Work - inbound esp proto 729 0 0
    IPSEC: Work - outbound isakmp 729 0 0
    IPSEC: Work - outbound isakmp 729 0 0
    IPSEC: Work - inbound isakmp 729 0 0
    IPSEC: Work - inbound isakmp 729 0 0
    IPSEC: Work - outbound esp proto 729 0 0
    IPSEC: Work - outbound esp proto 729 0 0
    IPSEC: Work - inbound esp proto 729 0 0
    IPSEC: Work - inbound esp proto 729 0 0
    IPSEC: Mobile - inbound isakmp 729 0 0
    IPSEC: Mobile - inbound isakmp 729 0 0
    IPSEC: Mobile - inbound esp proto 729 0 0
    IPSEC: Mobile - inbound esp proto 729 574 85128
    IPSEC: Mobile - inbound ah proto 638 0 0
    IPSEC: Mobile - inbound ah proto 638 0 0
    IPSEC: Mobile - inbound isakmp 638 0 0
    IPSEC: Mobile - inbound isakmp 446 0 0
    IPSEC: Mobile - inbound esp proto 638 0 0
    IPSEC: Mobile - inbound esp proto 446 0 0
    IPSEC: Mobile - inbound ah proto 638 0 0
    IPSEC: Mobile - inbound ah proto 446 0 0
    FTP PROXY: Allow traffic to localhost 638 0 0
    FTP PROXY: Allow traffic to localhost 0 0 0
    FTP PROXY: PASV mode data connection 638 0 0
    FTP PROXY: Allow traffic to localhost 577 0 0
    FTP PROXY: Allow traffic to localhost 0 0 0
    Default block all just to be sure. 638 638 77846
    Default block all just to be sure. 0 0 0

    TIMEOUTS:
    tcp.first                  120s
    tcp.opening                  30s
    tcp.established          86400s
    tcp.closing                900s
    tcp.finwait                  45s
    tcp.closed                  90s
    tcp.tsdiff                  30s
    udp.first                    60s
    udp.single                  30s
    udp.multiple                60s
    icmp.first                  20s
    icmp.error                  10s
    other.first                  60s
    other.single                30s
    other.multiple              60s
    frag                        30s
    interval                    10s
    adaptive.start                0 states
    adaptive.end                  0 states
    src.track                    0s

    LIMITS:
    states    hard limit  10000
    src-nodes  hard limit  10000
    frags      hard limit  5000

    TABLES:
    bogons
    snort2c
    sshlockout
    virusprot
    vpns

    OS FINGERPRINTS:
    296 fingerprints loaded

    638              Block    In        ral0                      0        0        0      drop inet6 from fe80::20f:eaff:fe84:d8dd/128 to any

    block bogon networks

    http://www.cymru.com/Documents/bogon-bn-nonagg.txt

    anchor "wanbogons"
    table <bogons>persist file "/etc/bogons"
    block in log quick on $wan from <bogons>to any label "block bogon networks from wan"

    pass traffic from firewall -> out

    anchor "firewallout"
    pass out quick on  { xl0 ng0 }  all keep state tagged qwandef queue (qwandef, qwanacks) label "let out anything from firewall host itself"
    pass out quick on  { xl0 ng0 }  all keep state tagged qP2PUp queue (qP2PUp, qwanacks) label "let out anything from firewall host itself"
    pass out quick on  { xl0 ng0 }  all keep state tagged qGamesUp queue (qGamesUp, qwanacks) label "let out anything from firewall host itself"
    pass out quick on  { xl0 ng0 }  all keep state tagged qOthersUpH queue (qOthersUpH, qwanacks) label "let out anything from firewall host itself"
    pass out quick on  { xl0 ng0 }  all keep state tagged qOthersDownH queue (qOthersDownH, qwanacks) label "let out anything from firewall host itself"
    pass out quick on  { xl0 ng0 }  all keep state queue (qwandef, qwanacks) label "let out anything from firewall host itself"
    pass out quick on rl0 all keep state tagged qlandef queue (qlandef, qlanacks) label "let out anything from firewall host itself"
    pass out quick on rl0 all keep state tagged qP2PDown queue (qP2PDown, qlanacks) label "let out anything from firewall host itself"
    pass out quick on rl0 all keep state tagged qGamesDown queue (qGamesDown, qlanacks) label "let out anything from firewall host itself"
    pass out quick on rl0 all keep state tagged qOthersDownH queue (qOthersDownH, qlanacks) label "let out anything from firewall host itself"
    pass out quick on rl0 all keep state queue (qlandef, qlanacks) label "let out anything from firewall host itself"
    pass out quick on ral0 all keep state  label "let out anything from firewall host itself"
    pass out quick on bridge0 all keep state label "let out anything from firewall host itself"
    pass out quick on $enc0 keep state label "IPSEC internal host to host"

    let out anything from the firewall host itself and decrypted IPsec traffic

    pass out quick on ral0 proto icmp keep state label "let out anything from firewall host itself"
    pass out quick on ral0 all keep state label "let out anything from firewall host itself"

    permit wan interface to ping out (ping_hosts.sh)

    pass out quick on ng0 proto icmp keep state label "let out anything from firewall host itself"

    make sure the user cannot lock himself out of the webGUI or SSH

    anchor "anti-lockout"
    pass in quick from 10.255.0.0/24 to 10.255.0.200 keep state label "anti-lockout web rule"</bogons></bogons>

    DMESG
    Copyright © 1992-2007 The FreeBSD Project.
    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    The Regents of the University of California. All rights reserved.
    FreeBSD is a registered trademark of The FreeBSD Foundation.
    FreeBSD 6.2-RELEASE-p3 #0: Mon Mar 19 09:05:52 EDT 2007
        sullrich@builder6.pfsense.com:/usr/obj.pfSense/usr/src/sys/pfSense.6
    Timecounter "i8254" frequency 1193182 Hz quality 0
    CPU: Intel(R) Pentium(R) 4 CPU 1.70GHz (1695.00-MHz 686-class CPU)
      Origin = "GenuineIntel"  Id = 0xf12  Stepping = 2
      Features=0x3febfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm>real memory  = 267874304 (255 MB)
    avail memory = 252387328 (240 MB)
    ACPI APIC Table: <dell  gx240 ="">ioapic0: Changing APIC ID to 1
    ioapic0 <version 2.0="">irqs 0-23 on motherboard
    wlan: mac acl policy registered
    kbd1 at kbdmux0
    ath_hal: 0.9.17.2 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
    acpi0: <dell gx240 ="">on motherboard
    acpi0: Power Button (fixed)
    Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
    acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
    cpu0: <acpi cpu="">on acpi0
    acpi_button0: <power button="">on acpi0
    pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
    pci0: <acpi pci="" bus="">on pcib0
    agp0: <intel 82845="" host="" to="" agp="" bridge="">mem 0xf0000000-0xf7ffffff at device 0.0 on pci0
    pcib1: <pci-pci bridge="">at device 1.0 on pci0
    pci1: <pci bus="">on pcib1
    pci1: <display, vga="">at device 0.0 (no driver attached)
    pcib2: <acpi pci-pci="" bridge="">at device 30.0 on pci0
    pci2: <acpi pci="" bus="">on pcib2
    ral0: <ralink technology="" rt2500="">mem 0xff6fe000-0xff6fffff irq 17 at device 8.0 on pci2
    ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525
    ral0: Ethernet address: 00:0f:ea:84:d8:dd
    rl0: <realtek 10="" 8139="" 100basetx="">port 0xdc00-0xdcff mem 0xff6fdc00-0xff6fdcff irq 19 at device 10.0 on pci2
    miibus0: <mii bus="">on rl0
    rlphy0: <realtek internal="" media="" interface="">on miibus0
    rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    rl0: Ethernet address: 00:10:a7:22:0f:64
    xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xd880-0xd8ff mem 0xff6fd800-0xff6fd87f irq 18 at device 12.0 on pci2
    miibus1: <mii bus="">on xl0
    ukphy0: <generic ieee="" 802.3u="" media="" interface="">on miibus1
    ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    xl0: Ethernet address: 00:06:5b:c3:04:f4
    isab0: <pci-isa bridge="">at device 31.0 on pci0
    isa0: <isa bus="">on isab0
    atapci0: <intel ich2="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0
    ata0: <ata 0="" channel="">on atapci0
    ata1: <ata 1="" channel="">on atapci0
    pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
    speaker0: <pc speaker="">port 0x61 on acpi0
    fdc0: <floppy drive="" controller="">port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
    fdc0: [FAST]
    pmtimer0 on isa0
    orm0: <isa option="" rom="">at iomem 0xc0000-0xc7fff on isa0
    atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 on isa0
    atkbd0: <at keyboard="">irq 1 on atkbdc0
    kbd0 at atkbd0
    atkbd0: [GIANT-LOCKED]
    ppc0: parallel port not found.
    sc0: <system console="">at flags 0x100 on isa0
    sc0: VGA <16 virtual consoles, flags=0x300>
    sio0: configured irq 4 not in bitmap of probed irqs 0
    sio0: port may not be enabled
    sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
    sio0: type 8250 or not responding
    sio1: configured irq 3 not in bitmap of probed irqs 0
    sio1: port may not be enabled
    vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    Timecounter "TSC" frequency 1695004244 Hz quality 800
    Timecounters tick every 1.000 msec
    Fast IPsec: Initialized Security Association Processing.
    ad0: 19073MB <maxtor 2b020h1="" wah21pb0="">at ata0-master UDMA100
    Trying to mount root from ufs:/dev/ad0s1a

    ___
    ___/ f \
    / p \___/ Sense
    \___/  \
        \___/

    Welcome to pfSense 1.0.1-SNAPSHOT-03-27-2007 on the 'pfSense' platform…

    Mounting filesystems...
    done.
    Creating symlinks...
    .
    .
    .
    done.
    Launching PHP init system...
    done.
    Initializing...
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    done.
    Starting device manager (devd)...
    done.
    Loading configuration...
    .
    .
    .
    done.
    Updating configuration...
    done.
    Cleaning backup cache...
    done.
    Setting up extended sysctls...
    done.
    Syncing user passwords...
    done.
    Starting Secure Shell Services...
    done.
    Setting timezone...
    done.
    Starting syslog...
    done.
    Configuring LAN interface...
    rl0: link state changed to UP
    xl0: link state changed to UP
    rl0: link state changed to DOWN
    done.
    Configuring WAN interface...
    rl0: link state changed to UP
    done.
    Configuring OPT interfaces...
    done.
    Configuring CARP interfaces...
    done.
    Syncing system time before startup...
    done.
    pflog0: promiscuous mode enabled
    Configuring firewall...
    .
    .
    .
    .
    .
    .
    snort_dynamic_ip_reload.php...
    No matching processes were found
    ng0: promiscuous mode enabled
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled
    No matching processes were found
    snort_xmlrpc_sync.php...
    done.
    Starting webConfigurator...
    done.
    Starting DNS forwarder...
    done.
    Starting DHCP service...
    done.
    Setting up microcode and tx/rx offloading...
    done.
    Configuring IPsec VPN...
    done
    Starting FTP helpers...
    done.
    Generating RRD graphs...
    done.
    Starting DHCP service...
    done.
    Starting OpenNTP time client...
    ntpd: unknown user _ntp
    done.
    Starting CRON...
    done.
    Syncing packages:
    sshterm
    bandwidthd
    rl0: promiscuous mode enabled

    XML error: not well-formed (invalid token) at line 1
    Executing rc.d items...
    Starting /usr/local/etc/rc.d/bandwidthd.sh...
    done.
    Starting /usr/local/etc/rc.d/miniupnpd.sh...
    done.
    Starting /usr/local/etc/rc.d/proxy_monitor.sh...
    done.
    Starting /usr/local/etc/rc.d/snort.sh...
    done.
    Starting /usr/local/etc/rc.d/squid.sh...
    done.
    Starting /usr/local/etc/rc.d/svscan.sh...
    done.
    Bootup complete
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled
    bridge0: Ethernet address: c6:78:b8:6c:31:21
    ral0: promiscuous mode enabled
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled
    WARNING: pseudo-random number generator used for IPsec processing
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled
    ng0: promiscuous mode disabled
    ng0: promiscuous mode enabled</maxtor></generic></system></at></keyboard></isa></floppy></pc></serial></ata></ata></intel></isa></pci-isa></generic></mii></realtek></mii></realtek></ralink></acpi></acpi></display,></pci></pci-pci></intel></acpi></acpi></power></acpi></dell></version></dell ></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm>



  • After meny tries of trying to fix this I have tried this once so far and it has seem to of fixed the problem for now.

    What I did was removed the the wireless interface saved that off then reassied the wireless nic and reconfigured the card.  I did do a reboot but this seem to fix the routing problem that I had.  All I can think is that the routing at some point seems to go west and you can only access the local network.

    Can one of the dev coment on if they have seen any signs of this or if it just a small few isolated problems.

    Thanks



  • Sorry for hitchhiking this thread, but reading this I wonder what is the point of bridging WLAN with LAN if the firewall rules do not merged?
    Regards



  • I am having a similar problem with my setup.

    I have set up a system using the latist build of pfsense-1.2-RC2-Live (downloaded on 9-19-07). Installed my Network cards and started the system.

    Nic #1 LAN
    Nic #2 WAN
    Nic #3 WAN 2
    Nic #4 Wireless Card.

    Used the setup described in MultiWanVersion1.2 setup.
    Set up the Wireless card as a AP and bridged it to the LAN

    All computers on the LAN can connect to the internet.

    Now if I connect a computer wirelessly to the system. It connects and gets all the DHCP info.

    IP address: 192.168.1.198
    Subnet mask: 255.255.255.0
    Default Gateway             192.168.1.1  (pfSense address)
    DNS Server 192.168.1.1
    DHCP Server 192.168.1.1

    Now here is where I start running into problems.

    I can ping any computer located on the LAN, except the pfsense computer, from the wireless computer. When I try to ping the gateway (pfsense computer), I receive no responses. Now this is troubling because it had to see the pfsense computer to receive the DHCP info, as well as go through it to ping the LAN computers.

    Now since I am a newbie to pfsense and routing, I hope this question is not dumb. I read the above information and did not understand what Jonb did to fix the problem.

    Any help is appreciated; I hope to fix this problem before all my hair is gone. I don’t have all that much left. :)

    The Doc.



  • Fixed my probelm, Turned out to be a firewall rule issue.

    Now I have a great setup. Love PfSense.

    The Doc.



  • Glad I came across this thread before I posted my problem!!  ;)

    I was having similar problems like "namviet": On my laptop (WinXP) I was able to surf using LAN, but no luck using WLAN!!  >:(  In addition, through WLAN I was not able to ping my gateway (192.168.1.1)  and yet I was able to access the web interface and make any changes that I needed to make without any problems.  ???  I even had my NIC "disabled" when I'd have the wireless NIC "enabled", and vice-versa (to avoid any possible conflict).

    I know it's weird and doesn't make sense.  And yes, I did have the firewall rule setup for the WLAN.

    Thanks to "Perry" and the pic he included, I realized where my mistake was…..in the firewall rule for WLAN I had the source as "LAN Subnet" (fyi, I had also tried "any", which obviously didn't work) and not "WLAN Subnet".  This was the difference maker for me.  Such a mistake had me going in circles.

    Thanks again and hope this helps whoever is running into the same problem.


Log in to reply