Small "fratSense 2.0.1" box with multiple WAP via DD-WRT: DD-WRT WAPs.



  • I'll explain how I stumbled onto this perfectly-dorm-suited setup, briefly. I meant to build a small business class network, and I succeeded, I then took it a bit further recently and pushed my pfSense box into what I figure to become the sweet spot of Router w/NFS+Torrent, and this is all done with about $250 of equipment.

    I'll highlight what we're working with for my setup, and then put it all together and configure it along the way:
    Cheap-o Dell P3 1Ghz 256mb PC133 250gb 7200RPM (~$50, check your local Goodwill or similar store for bargain bin computers ~1Ghz+, or Craigslist.)
    WRT300N v1 (DD-WRT flashed) ~$65
    WRT150N v1.1 (DD-WRT flashed) ~$50
    Maxtor OneTouch 500gb USB drive ~$50
    The goal at my location is to support 4 regular users (residents), with 3.5 devices each, plus any random guests, we'll say 1.2 guest devices per resident (typically just cellphone 3.5/3=1.16 round up, 1.2).

    On a "heavy natural load" we're talking 3.5 (all devices on for each user) x 4 (users) = 14 active devices. No problem, given that each user is using maybe 2 of their devices at any one time, gaming console/cellphone + computer, which now leaves room for our guest devices.

    To get these numbers all I did was total the number of all internet connected devices in the home, 6 devices for me (not including pfSense), 3 devices for roommate 1, another 3 for roommate 2, and another 2 for roommate 3 (these numbers have remained through a couple roommate changes surprisingly the same). This is taking into account that we, in this house at least, enjoy our digital entertainment. So naturally because we enjoy the ease of digital content, we have a lot of devices to enjoy the digital content with. We take the total, and divide it by the number of roommates, getting and average device count of 3.5 for each roommate, we then divide this by the next integer down, in this case, 3, getting 1.166, rounding up to 1.2. Again, this is ALL tweaking the numbers just right so you can get a good look at what's likely to be going on, cause the more people show up, the more likely somebody's to bring a laptop and want some free wifi.

    So with all this in mind, I give you the setup.
    pfSense P3 2 NICs, Intel (fxp0) & 3Com (xl0), WAN = xl0 (50/5mbit business class Cox cable) DHCP+3 Static IPs, LAN = fxp0, 192.168.10.0/24 (too long to explain up front, if there's request i'll write up the complete how-to on a pfSense box)
    links to WRT300N WAN port
    WRT300N major settings:
    Setup->Basic Setup: WAN Disabled, WAN Port assigned to Switch, DHCP forwarder to 192.168.10.1, Local IP 192.168.10.253 (254 on 150N), Gateway 192.168.10.1, DNS 8.8.8.8
    Setup->Advanced Routing: Operating Mode Router, Dynamic Interface Routing LAN & WLAN
    Wireless->Basic Settings: Mode AP, Network Configuration Bridged
    Wireless->Security: I leave this up to you, if you want to do WDS bridge outlined here, keep the same SSID, channel, and security settings on BOTH routers!
    Wireless->WDS: LAN <wlan mac="" 150n="">WRT150N, Lazy WDS Disabled (For the second router, 150N in this case, use the first router, 300N's WLAN MAC.)
    Services->Services: Most of this can be disabled now, we don't need it running on the router since we're not acting gateway anymore, I keep SSH enabled in case of emergencies.
    Services->Hotspot: This is your choice, I wouldn't advise it though, there is a better voucher-based capture portal built right into pfSense (mac whitelist your stuff), and with a little scripting, new vouchers can be auto-generated to unlock network time (if you want to charge for public-self-serve access) on the pfSense box.
    Security->Firewall: SPI firewall disable
    NAT / QoS->UPnP: UPnP Service disable
    Administration->Management: Maximum ports 4096, even though it sounds like it makes sense to, DO NOT enable the Remote Access features.
    Administration->Keep Alive: Schedule reboot enable Set time 6:00 Sunday (Just a tiny bit of housekeeping. You can make this repeat sooner if you have more wireless traffic than you do wired to keep the wireless driver stack fresh.) Watchdog enabled if you are heavily dependent on wireless or do wireless bridging to ethernet, use far router's IP .254, high timer rate; suggest 1800. On far router, if connected with Ethernet, 900, if doing wifi repeater bridge (no ethernet between routers, main router's IP .253), 450.

    Now that our APs are set-up, (they should be completely independent, you should be able to disconnect the ethernet cable and move it to a more opportune place, like the living room entertainment center, this wireless bridging costs serious bandwidth though on G routers, N routers do okay, don't expect ethernet cable throughput), we can set up the pfSense, this is way more detailed, especially down the line when we start installing SAMBA. I'll get to writing the pfSense portion soon, encouraging thoughts would be appreciated fuel for the fire.</wlan>


  • Netgate Administrator

    Looks like you've had some fun!  ;D

    Where are you using the 500GB drive? What are you going to be running Samba on?

    Steve



  • @stephenw10:

    Looks like you've had some fun!  ;D

    Where are you using the 500GB drive? What are you going to be running Samba on?

    Steve

    Samba and Transmission are actually running on the pfSense router itself, thus freeing me from needing my computer on all the time. For those long downloads with few seeders, I can now divert that task to the router instead. I'll explain in more detail how to get multiple static IPs combined with a dynamic IP on Cox HSI in my next post, after that I'll probably delve into the Samba + Transmission setup, the highlights of the setup.

    The 500GB is connected to the router ideally, I haven't set that up just yet, but if that becomes another adventure, I'll document that too.


Locked