Repeater allows users through MAC filter



  • PFsense 2.0-RC1

    I need to extend my wireless network using a Repeater. This works very well BUT - a device which is not included in my Pass-Through MAC list (Captive Portal) can get internet access through the repeater!

    This is obviously a security issue.

    The repeater itself is included in the Pass-Through MAC list - this is the only way I can get it to work. But this seems to give full internet access to all devices which connect to the network via this Repeater.

    Is there any way around this?


  • LAYER 8 Global Moderator

    Well I would assume this repeater is actually NATTING the traffic then and all clients connecting from the repeater are coming from the repeaters IP and MAC.

    And I have to ask - why would you be running 2.0-rc1 and not current version?

    Why would you repeat wireless traffic is another question.. This will at min /2 wireless bandwdith..  If you need to extend wireless coverage the CORRECT way to do it is to add more AccessPoints to cover the area you need via a WIRE from your network to the AP.

    What specific repeater are you using?  Make and model?

    I would look to adding AP vs using repeaters if my network.



  • I have to ask the question - will the current version of PFsense solve this problem? We have not upgraded because 2.0-rc1 works very well.

    We repeat wireless traffic in this certain area of our site as running a cable is not possible. I should mention - we are a mission Hospital in rural Uganda, spread across a 30 acre area. Running cables to all areas is not an option.

    The specific repeater is a TP-Link TL-WA 901ND

    Thanks.


  • LAYER 8 Global Moderator

    No pfsense 2.1 is not going to fix what is not an issue with pfsense.  But does not matter where your at, your running an an RC version for gosh sake ;)

    What your seeing is by design of a repeater..

    You could try changing over to the bridge AP mode- this should bridge all traffic from any clients connected it to your other wireless network while maintaining their own macs vs your repeaters mac being used for all traffic.

    I am sure you are on a tight budget and all..  But what your using is a home device with not very much range..  There are much better antennas, much better AP designed for large coverage areas.

    I would think running a cable in a "rural area" would be much easier - dig a bit of hole.. Run the cat5 cable ;)  The tiny ditch that cat 5 cable would need could be dug with a stick ;)  If your AP is POE, all you have to do is run the 1 wire.. Don't even need power in the area and put it up in a tree ;)



  • This repeater of yours is probably not bridging the way you think. You need linux with ebtables (or similar) to have a repeater truly bridge and pass thru the mac address of the clients. If you use dhcp then you will probably see that all users  behind the repeater has the same mac addr as the repeater. Very few "repeaters" act as l2 bridges. Most  WDS setups however do. So if you can use WDS as a config option on your repeater then you should be able to get it working the way you want.
    r



  • Hi lsf,
    am using a similar TP-Link router TP-WR740N for repeating function, it has WDS-bridging option.  but has similar problems, like all devices on the LAN of this router gets their own IP but their MACs are same as the router itself.

    one major problem is that anyone with a single access can just use one such router/repeater and many un-authenticated devices can use the net.

    I had posted a similar query in the following post:
    https://forum.pfsense.org/index.php?topic=80237.msg437605

    Thanks
    Ashfaq


Log in to reply