Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Repeater allows users through MAC filter

    Wireless
    4
    6
    5035
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bakerboy1977 last edited by

      PFsense 2.0-RC1

      I need to extend my wireless network using a Repeater. This works very well BUT - a device which is not included in my Pass-Through MAC list (Captive Portal) can get internet access through the repeater!

      This is obviously a security issue.

      The repeater itself is included in the Pass-Through MAC list - this is the only way I can get it to work. But this seems to give full internet access to all devices which connect to the network via this Repeater.

      Is there any way around this?

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        Well I would assume this repeater is actually NATTING the traffic then and all clients connecting from the repeater are coming from the repeaters IP and MAC.

        And I have to ask - why would you be running 2.0-rc1 and not current version?

        Why would you repeat wireless traffic is another question.. This will at min /2 wireless bandwdith..  If you need to extend wireless coverage the CORRECT way to do it is to add more AccessPoints to cover the area you need via a WIRE from your network to the AP.

        What specific repeater are you using?  Make and model?

        I would look to adding AP vs using repeaters if my network.

        1 Reply Last reply Reply Quote 0
        • B
          bakerboy1977 last edited by

          I have to ask the question - will the current version of PFsense solve this problem? We have not upgraded because 2.0-rc1 works very well.

          We repeat wireless traffic in this certain area of our site as running a cable is not possible. I should mention - we are a mission Hospital in rural Uganda, spread across a 30 acre area. Running cables to all areas is not an option.

          The specific repeater is a TP-Link TL-WA 901ND

          Thanks.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            No pfsense 2.1 is not going to fix what is not an issue with pfsense.  But does not matter where your at, your running an an RC version for gosh sake ;)

            What your seeing is by design of a repeater..

            You could try changing over to the bridge AP mode- this should bridge all traffic from any clients connected it to your other wireless network while maintaining their own macs vs your repeaters mac being used for all traffic.

            I am sure you are on a tight budget and all..  But what your using is a home device with not very much range..  There are much better antennas, much better AP designed for large coverage areas.

            I would think running a cable in a "rural area" would be much easier - dig a bit of hole.. Run the cat5 cable ;)  The tiny ditch that cat 5 cable would need could be dug with a stick ;)  If your AP is POE, all you have to do is run the 1 wire.. Don't even need power in the area and put it up in a tree ;)

            1 Reply Last reply Reply Quote 0
            • L
              lsf last edited by

              This repeater of yours is probably not bridging the way you think. You need linux with ebtables (or similar) to have a repeater truly bridge and pass thru the mac address of the clients. If you use dhcp then you will probably see that all users  behind the repeater has the same mac addr as the repeater. Very few "repeaters" act as l2 bridges. Most  WDS setups however do. So if you can use WDS as a config option on your repeater then you should be able to get it working the way you want.
              r

              1 Reply Last reply Reply Quote 0
              • A
                Ashfaq last edited by

                Hi lsf,
                am using a similar TP-Link router TP-WR740N for repeating function, it has WDS-bridging option.  but has similar problems, like all devices on the LAN of this router gets their own IP but their MACs are same as the router itself.

                one major problem is that anyone with a single access can just use one such router/repeater and many un-authenticated devices can use the net.

                I had posted a similar query in the following post:
                https://forum.pfsense.org/index.php?topic=80237.msg437605

                Thanks
                Ashfaq

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy