Looking for pointers - Netgate m1n1wall with dual WAN + Wireless


  • I've got a Netgate m1n1wall running pfSense 2.0.1.  It's working well with LAN and dual WAN.  I've added a wireless card to the unit, and I'm having trouble getting it configured to work.  The wireless itself is working.  I can connect to it and obtain and IP address, but I can't seem to figure out the right rules to get it talking to the WAN/OPT/LAN interfaces or perhaps DNS Forwarder.

    Originally, I had the wireless configured using the same base address as the LAN but using a different DHCP range.  I have since changed it to a different subnet, because I thought it might be clashing.  That now doesn't appear to be the case.  Just nothing is getting through.

    I admit to not being a networking guy.  I know about enough to be dangerous (read: stupid).  Just wondering if someone can give me a pointer or two to look into that might lead to some success.

    Thanks,
    Dave


  • @dchicks:

    Originally, I had the wireless configured using the same base address as the LAN but using a different DHCP range.  I have since changed it to a different subnet, because I thought it might be clashing.

    It was. Interfaces need to have IP addresses in distinct subnets.

    Have you created firewall rules to allow traffice from the wireless interface to other destinations? Default firewall rules are to allow anything from LAN interface, block everything for every other interface. After "significant" firewall rule changes it is necessary to reset firewall states - see Diagnostics -> States and click on the Reset States tab.


  • I did add a single rule to the WIRELESS interface which essentially says to allow anything from this interface to be sent to the default gateway.  Since my DNS forwarder is running on the LAN interface, I added that address to the DNS servers list for the WIRELESS DHCP.  But, if I ignore DNS for the moment, I still can't even ping a known address on the Internet.  I guess my rule isn't right.  It looks like this:

    Pass> * * * * * * none

    This is essentially equivalent to the "allow everything from LAN" rule that already existed for the LAN interface.  I tried resetting the state table as you suggested.  That did not seem to have any effect.


  • What response do you get when you ping the IP address of the pfSense wireless interface?

    Is the wireless client associated with pfSense (check its MAC address is in Status -> Wireless)

    Does the client get a correct IP address and subnet mask, DNS IP address and default gateway address (should be address of pfSense Wireless interface)?


  • Pinging the wireless interface address results in a timeout.  Never thought to try that before.

    The Status->Wireless does show the MAC address of my client, and my client does have a proper address from DHCP along with the correct DNS and network information.


  • I figured it out.  I had checked the "Block Private/Bogon Network" options when I set up the Wireless interface.  Removing those allowed the traffic to get through.  I just didn't realize what it was that I had set until I looked at the rules closer.

    Thanks for your input!  Definitely helped me get to the root of the problem.

    Dave