Install to netbook, dd-wrt router, two wireless networks?


  • I have been having some trouble getting this set up:

    Internet–>pfSense on netbook (internal NIC)-->usb NIC-->dd-wrt router

    dd-wrt router then acts as switch for 3 wired devices (desktop, voip, and printer) and creates two wireless networks, one bridged to the wired devices, one only to internet.

    Any detailed help is appreciated. I have tried following a few tutorials and posts , but cannot seem to make it work, particularly the second ("un-bridged") wireless network.

    I think the two biggest obstacles are not having a third NIC, so the tutorials all describe making an OPT1 interface, but this is also my LAN. Also do I then make a vLAN for the unbridged?

    Do I just need to get a third NIC?

  • Netgate Administrator

    With just two NICs you will need to use VLANs to isolate the two wifi APs effectively. You could probably also do some sort of tunnelling from dd-wrt but that's probably even more complex.  ;)

    I assume you have disabled all the DHCP and NAT functionality in dd-wrt?

    Steve


  • Thanks.
    Yes dhcp and NAT are disabled on the dd-wrt.
    Wasn't sure if I needed to make a vlan on both pfsense and dd-wrt.

    that's probably even more complex

    Pretty sure the whole thing is over my head, but I'll plug away intermittently.

  • Netgate Administrator

    Keep at it.  :)
    At the very least you'll learn quite a bit just by trying.

    You need to configure DD-WRT to tag traffic coming from the virtual access point with your VLAN tags, say VLAN 10. Then in pfSense you add a VLAN interface with the same number. You can then configure your firewall rules appropriately to allow/disallow traffic.

    One thing to be aware of is that some NICs have a problem with tagged and non-tagged traffic at the same time. They will simply reject the non-tagged traffic. It's a small proportion of NICs though, I've never seen it happen. It is advised, therefore, that you avoid having tagged and non-tagged traffic on the same interface. You could do this by tagging all traffic from DD-WRT but with different tags and then using only VLAN interfaces in pfSense. However this is probably something you can look at somewhere down the road.  ;)

    Steve


  • I have VLAN isolated VAP's working in Atheros DD-WRT. Never could get them working in Broadcom DD-WRT. I strongly recommend just buying an AP made for this. Right now, I'm recommending the EnGenius EAP-600.