I set up pfsense on a wired lan, trying to ad a wifi router but having no luck

  • I'm sure this has been asked on this forum but I am strapped for time right now and I am tired of searching..

    Here is my current set up: Modem –> pfSense computer --> wired lan (switching hub) --> computers. I set up pfsense as a perimeter firewall and currently have things working on my wired lan and can get obtain an ip (192.168.1.xxx) and get out on the internet. I figured that I could also add a wireless router by connecting it from the WAN port on the router to the switch (which would make the wifi point inside my pfSense network). I figured the wifi router would just acquire an ip from pfSense dhcp server and then allow wifi clients on the router to get out on the internet as well. No such luck.

    I read various walkthroughs about setting up a wifi access point but it's not working. Why wouldn't it just work the same way as when connecting the router directly to the modem?

    I understand there could be some network address conflicts if there are multiple's and whatnot, but I thought those things would be separated by the nat on the wifi router...

    EDIT: btw my wifi router is Linksys w54gl and I'm running DD WRT
    EDIT 2: Is this even the common way of setting this up, or should I be doing something else?


  • Your AP should be on the LAN like any other computer and DHCP on it should be off.

  • Banned

  • @kejianshi:

    Your AP should be on the LAN like any other computer and DHCP on it should be off.

    Well my question was why wouldn't it work simply by connecting the router like you would to the modem, where it acquires an ip as a client on the wan side of the router and then on the lan side acts like a dhcp server to the clients on wifi? The only difference is that instead of getting a public ip from the isp, my wifi router will just get a private ip from pfsense.

  • Because thats absolutely not what you ever want to do.

    Ideal simple setup is:

    modem (with no DHCP) > pfsense WAN

    Then pfsense LAN (With DHCP on) connects to a switch that has wired clients connected to it and your wireless AP.

    Then the modem is taking 1 public IP and giving it to pfsense.
    Pfsense is NATing that 1 IP so that all your devices connected to the LAN switch and the AP get an IP on the same LAN subnet.

    Then all your devices are happy.  They can all talk to each other and see the web.

  • add a wireless router by connecting it from the WAN port on the router to the switch

    I see the confusion here - the WiFi device is one of these that is also a router - has a few LAN ports and a WAN port.
    Normally you just ignore the fact that it has a WAN port - put tape over it. Plug one of the LAN ports into your LAN switch. Switch off DHCP on the "WiFi router". Just have it offering WiFi, the DHCP will come from pfSense, through the LAN switch, through the WiFi device and delivered to WiFi clients.

    You could, as I think you were meaning, connect the WiFi-router WAN port onto the LAN switch. The WAN of the WiFi-router will get an IP address handed out by DHCP on the pfSense LAN. If you static map this address in pfSense DHCP, then you know that all your WiFi clients will be NATed behind the WiFi router. I guess that has some advantages - WiFi devices can't set themselves a static pfSense LAN IP, your pfSense LAN firewall rules can be sure about the source IP address of all traffic from the WiFi. That might help with a bit of control of WiFi "guest" devices.

Log in to reply