PfSense 2.0 - Bridged Wireless
-
I've read (along with MANY others) the following:
http://eric-poon.blogspot.com/2011/05/pfsense-20-rc2-how-to-bridge-wireless.html
http://forum.pfsense.org/index.php?topic=20917.0
However, after much trial and error I still can't seem to get wireless with lan bridging working. I have a perfectly setup system with wan/lan/dhcp all operating properly. All I need to do is add the wireless interface (internal atheros card) and then bridge that bad boy to the LAN so that wireless clients are operating on the same network.
It sure seems like it shouldn't be that hard but it's kicking my butt! I'd be more than happy to do a blog post of my final setup with a step-by-step how-to to contribute back to others who may want to do this, but I need to get it working first! Here are my interfaces.. let's assume that we're starting from scratch, what do we do next?
WAN :: vr1
LAN :: vr0
OPT1 :: vr2
WLAN :: ath0 -
However, after much trial and error I still can't seem to get wireless with lan bridging working. I have a perfectly setup system with wan/lan/dhcp all operating properly.
It can be a bit tricky to get wireless setup because there are more factors involved than in typical wired networks.
The linked pages seem to have the general principles correct. I would start though with configuring the wireless link "stand alone" first to get it operational in the way you ultimately want it to work then bridge it. This can help simplify the trouble shooting by reducing the number of factors involved in "doesn't work".
It would also help if you could be more specific in your problem reporting: can't seem to get wireless with lan bridging working can have many causes. A report of the form "I did … and I expected to see ... but I saw ..." can help significantly reduce the number of factors to be considered by the readers. At present we have no clues if its is a wireless signal quality issue, a wireless parameter issue, a pfsense bridge configuration issue, a DHCP issue, a DNS issue, ....
-
So here is an update to the situation…
I ensured the wireless was working properly by setting up a DHCP subnet (172.16.0.1) and configuring it. It worked fine. I also ensured that the LAN DHCP (192.168.4.1) worked fine. It does. I then disabled the DHCP Server for the WLAN interface. I then added a rule (for now) in the firewall so that any to any of any was wide open on the lan interface to make sure nothing was blocked (again temporary).
So, I changed the WLAN interface to a type of NONE. I then enabled the two settings for bridging as described in the aforementioned posts. I then went to INTERFACES -> ASSIGN -> BRIDGE tab. There I created a bridge between my OPT1 (extra Ethernet port on my router) and the WLAN interface which made a BRIDGE0.
I then went and changed LAN (vr0) to be assigned to BRIDGE0 and applied my changes. I lost all connection to web interface (waited 5 minutes just to be sure). So I reset the router and was able to connect on both the OPT1 & WLAN interfaces and pulled a 192.168.4.x IP address on both.
So, as we can see right now, the bridge seems to be working great. HOWEVER, I can no longer pull an IP address from the actual LAN port but the other two work fine. I'm at a loss as to why the LAN port itself is no longer giving DHCP addresses out. I'm not sure that adding the LAN to the bridge would help and only make things worse? Any suggestions on how I can get LAN to hand out IP's as well?
-
I have great news. No, EXCELLENT news! I've got it all working now. It was a user interface nightmare, but its working. pfSense is known to be a rock solid platform, not a user friendly one, LOL.
I will be doing a blog post later that is far more detailed and accurate (for v2.0.1) to describe how I did this so others may benefit. I will post the link here on the forum.
-
UPDATE: I've completed my exhaustive blog post on bridging pfSense wireless & optional connections. If anyone is interested they can take a look here: http://blog.qcsitter.com/BSDay/index.php?/archives/2-Bridging-the-pfSense-2.x-wireless-divide.html
Thanks again to everyone!
-
UPDATE: I've completed my exhaustive blog post on bridging pfSense wireless & optional connections. If anyone is interested they can take a look here: http://blog.qcsitter.com/BSDay/index.php?/archives/2-Bridging-the-pfSense-2.x-wireless-divide.html
Thanks again to everyone!
Thanks a lot for the good explanation in your blog.
I just have some questions/remarks
-
you check the option "Bogon networks". As all networks are assigned by now, I would say this option is unnessesary nowadays (http://en.wikipedia.org/wiki/Bogon_filtering)
-
you do change the options net.link.bridge.pfil_bridge and net.link.bridge.pfil_member but do not explain why? (though you explain everything else very detailed)
-
why do you bridge wlan, lan and wan together? To be able to surf the internet via wan and connect to servers in the LAN as well? Wouldn't be a bridge between WLAN and LAN be enough?
I think it would be very helpful for others if your blog entry would be in here: http://doc.pfsense.org/index.php/Tutorials
Thanks again for your tutorial
Thilo -
-
Thilo:
Thank you for your comments/questions; feedback is always welcome. Here are the answers to your questions:
1. Bogon Networks - The pfSense manual still advises to leave these checks on public networks (WAN). So I too do so, even though it may no longer be necessary. Besides, we can't know how our ISP has their network configured and it's just safer to do this anyway, just in case.
2. Bridging Options - You're right, I should have been more detailed. I have updated the post to include: "FreeBSD requires us to change these two settings to enable bridging of the interfaces and to allow Layer 7 rules to apply to traffic."
3. Bridging- You're right, I could have just bridged the WLAN & WAN interfaces. However, the box I'm using had an extra "OPT1" port on it and so I wanted it to bridged as well if I needed to plug a network into it. It also served as a good example of how to add other ports to the bridge if anyone was interested in doing so on their own setup.
4. Tutorial Submission - Not sure why I didn't think of it myself, but I have sent an email into the pfSense Core Team to request the post be added to the Tutorials page. Thanks!
Again, glad this has helped you and glad to be of service.
-
In single antenna scenarios one should disable diversity and set the tx and rx antennas, available under the wireless configuration pages under the interface.
-
Thank you for your input. Can you link me to an article, or manual entry, that explains why we'd want to do this? What is the benefit? Thanks.
-
Here you go…. http://forum.pfsense.org/index.php/topic,43501.0.html
It is in the sticky.
I also have the same setup as you do except that I have this wireless kit... http://store.netgate.com/KIT-ALIX-DCMA82-DUAL-P192.aspx
And was looking for the best settings for the wireless card as well. It is used as an access point with 1 laptop, 2 iPhone 4, Samsung bluray player and a Roku.
-
As Mr. Burns would say in the Simpsons… eeexcellent. I'll have to get some more screenshots together and update my blog post to mention this since I have only the one antenna. Thanks!
-
The blog post linked here seems to be down (or perhaps overloaded?) it wouldn't load when I tried it earlier, but it seems to load now, just very slowly.
It would be nice to have all the content on the doc wiki rather than adding links to external sources. (A link to the original article/source in the wiki page would be there of course, for proper attribution)
If you want to get a wiki account, just send an e-mail to wikiadmin@pfsense.org with the login info you want.
-
I never did get an email back from the core team. I just sent an email to wikiadmin@pfsense.org to request a login so I can repost it there. Thanks for the follow-up.
