Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Repeater allows users through MAC filter

    Scheduled Pinned Locked Moved Wireless
    6 Posts 4 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bakerboy1977
      last edited by

      PFsense 2.0-RC1

      I need to extend my wireless network using a Repeater. This works very well BUT - a device which is not included in my Pass-Through MAC list (Captive Portal) can get internet access through the repeater!

      This is obviously a security issue.

      The repeater itself is included in the Pass-Through MAC list - this is the only way I can get it to work. But this seems to give full internet access to all devices which connect to the network via this Repeater.

      Is there any way around this?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Well I would assume this repeater is actually NATTING the traffic then and all clients connecting from the repeater are coming from the repeaters IP and MAC.

        And I have to ask - why would you be running 2.0-rc1 and not current version?

        Why would you repeat wireless traffic is another question.. This will at min /2 wireless bandwdith..  If you need to extend wireless coverage the CORRECT way to do it is to add more AccessPoints to cover the area you need via a WIRE from your network to the AP.

        What specific repeater are you using?  Make and model?

        I would look to adding AP vs using repeaters if my network.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • B
          bakerboy1977
          last edited by

          I have to ask the question - will the current version of PFsense solve this problem? We have not upgraded because 2.0-rc1 works very well.

          We repeat wireless traffic in this certain area of our site as running a cable is not possible. I should mention - we are a mission Hospital in rural Uganda, spread across a 30 acre area. Running cables to all areas is not an option.

          The specific repeater is a TP-Link TL-WA 901ND

          Thanks.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            No pfsense 2.1 is not going to fix what is not an issue with pfsense.  But does not matter where your at, your running an an RC version for gosh sake ;)

            What your seeing is by design of a repeater..

            You could try changing over to the bridge AP mode- this should bridge all traffic from any clients connected it to your other wireless network while maintaining their own macs vs your repeaters mac being used for all traffic.

            I am sure you are on a tight budget and all..  But what your using is a home device with not very much range..  There are much better antennas, much better AP designed for large coverage areas.

            I would think running a cable in a "rural area" would be much easier - dig a bit of hole.. Run the cat5 cable ;)  The tiny ditch that cat 5 cable would need could be dug with a stick ;)  If your AP is POE, all you have to do is run the 1 wire.. Don't even need power in the area and put it up in a tree ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • L
              lsf
              last edited by

              This repeater of yours is probably not bridging the way you think. You need linux with ebtables (or similar) to have a repeater truly bridge and pass thru the mac address of the clients. If you use dhcp then you will probably see that all users  behind the repeater has the same mac addr as the repeater. Very few "repeaters" act as l2 bridges. Most  WDS setups however do. So if you can use WDS as a config option on your repeater then you should be able to get it working the way you want.
              r

              -lsf

              1 Reply Last reply Reply Quote 0
              • A
                Ashfaq
                last edited by

                Hi lsf,
                am using a similar TP-Link router TP-WR740N for repeating function, it has WDS-bridging option.  but has similar problems, like all devices on the LAN of this router gets their own IP but their MACs are same as the router itself.

                one major problem is that anyone with a single access can just use one such router/repeater and many un-authenticated devices can use the net.

                I had posted a similar query in the following post:
                https://forum.pfsense.org/index.php?topic=80237.msg437605

                Thanks
                Ashfaq

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.