Wireless Access Point WAP on OPT1 with Static Ports enabled (SOLVED)



  • I was getting frustrated with my OPT1 interface using a Wireless access point (DD-WRT on WRT54GS) because I could not get out to the internet.  I came from using IPCOP and blue interface for this purpose.  Now I have finally solved the problem. First let me give my settings:

    LAN 192.168.1.1 subnet 192.168.1.0/24
    OPT1 192.168.2.1  subnet 192.168.2.0/24
    WRT54GS 192.168.2.2 DHCP disabled, connected to OPT1
    WAN DHCP

    I added a rule for OPT1 to allow any traffic to anywhere.
    I also enabled DHCP for OPT1 to give addresses in 192.168.2.0/24 range.

    I was able to get a DHCP address when connected via WIFI and could ping 192.168.1.0/24 addresses but I could not ping any internet addresses.  I could however resolve internet IPs, I just would not get a ping response.

    It turned out to be the static ports option I enabled (various games require this).  I needed to add the same rule for the 192.168.2.0/24 net as I had for the 192.168.1.0/24 net.  I just clicked "add a new rule based off this one" from the Firewall –> NAT --> Outbound page.  After This everything worked OK.

    This is something to consider if you have enabled static ports and are using another interface(OPT1) to separate your wireless clients from your wired ones.

    There were some other posts that had similar problems but none of them worked for me and none of them mentioned the static port option.

    ***Note - If you need to enable static ports please refer to the sticky in the Gaming section of the PFsense forum.



  • Your problem was not the "static port option" but more that you forgot to follow the note which is on the AON-page.

    Note:
    If advanced outbound NAT is enabled, no outbound NAT rules will be automatically generated any longer. Instead, only the mappings you specify below will be used. With advanced outbound NAT disabled, a mapping is automatically created for each interface's subnet (except WAN).

    –> you have to add your outbound-NAT rules manually.

    To avoid such problems you could create a single rule with as source "any".


Log in to reply