Pfsense on Alix 2D13

opalit

I have just had 2 Alix boards delivered with pfsense on 4GB cards, I have been running pfsense for over 12 months so no how to install it and set it up.

My problem is that with these boards I can not get the bridging to work or the wireless to connect to the internet, I have copied a working config from my FX 5624 based router, which has the exact configuration that I want on the Alix.

I have noticed something very peculier, I can get an IP on the wireless card when th LAN is plugged in,  thinking the internet was coming in over the LAN, I disabled the LAN port on the Laptop and the internet was indeed working over the WIFI when the cable was plugged, unplug the LAN cable  from the Laptop or ALIX and the WIFI would no longer work. and would not even get an IP, it is as if laptop is acting as an earth path, Also the LAN ports are lit all the time which is most unusual.

The LAN works ok on its own but the second LAN port has the same problem as the WIFI card, it will not bridge.

Has anybody else having problem with latest boards.

doktornotor

There is nothing peculiar about this. You need to assign the bridge interface itself (bridgeX) and configure that interface - not create a new bridge out of already configured interfaces. Otherwise, as soon as a single member of the bridge goes down, the whole bridge goes down.

bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether 02:e2:72:4f:8e:00
        inet 10.20.31.254 netmask 0xffffff00 broadcast 10.20.31.255
        inet6 2001:470:dead:beef::dead:beef prefixlen 64
        nd6 options=1 <performnud>id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vr0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 1 priority 128 path cost 55
        member: vr2 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 3 priority 128 path cost 55
        member: vr1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 2 priority 128 path cost 55</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></performnud></up,broadcast,running,simplex,multicast> 

Plus, frankly - bridging WiFi and wired is not the best idea around, no good reason for that really. If you still want to do that, do it as suggested above. Also, you need this in System - Advanced - System tunables:

opalit

Thanks for your answer but I think you have miss-understood, I have done all you say in the reply but because I could not make it work, I have set-up my FX box from scatch with the config that I want, made it work perfectly then copied that config across to the ALIX 2D13

I can not understand how you can say it is not peculier that you have to have the LAN cable physically plugged in to the LAN port on the Laptop to get an IP on the wireless card.

I know what you are saying regarding not bridging the WIFI but at the moment I am just trying to emulate the existing router as a base to start from, then when it is on line, I can play about getting everything I want in place.

I have to start with a replica of the router it will be replacing but I can not even get the basics working on these new boards.

opalit

P.S.

Tuneables not required to be changed on 2.1, although I have set them.

doktornotor

Stop importing random stuff from different hardware. Already told you above how it should be done. Otherwise, if you have the IP configured on the LAN and pull the cable, the bridge will go down. That's just how it works if you do it the wrong way. This has nothing to do with Alix or any other particular board (in fact the above config is from Alix 2D13).

P.S. And yes, the tunables are definitely required if you do it as suggested above.

opalit

I have done exactly as you have said, I know how to make it work as a bridge, I did not import, I copied visually from working online screens and manually typing it in to the Alix based routers screens until they where the same.

I will start again from scratch for the 27th time but I get exactly the same result everytime.

opalit

OK, how do you stop it configuring the ports, it configurs them when you boot up for the first time and you can not log on unless they are configured.

doktornotor

Sigh. Any member interface of the bridge should have IPv4/IPv6 set to None. You only configure the IPs on the bridge itself. This all can be done via the GUI and the config applied only after all the configuration is done. (Reboot after that.)

opalit

Yes, that is what I have done, I logged in on the Wan port after setting an allow rule, removed the config for each port and added the ports to the bridge, then set up DHCP on the bridge.

In case I missed a step I will do it again with your instructions in front of me, i do not understand  though why i do not have to jump through all these strange hoops when setting up the FX box, cables can be removed from the FX without the bridge going down, it has 6 ports + WIFI, 5 + WIFI  are bridged one is WAN.

opalit

P.S. Please do not give me a hard time, I am not new to pfsense only the Alix, I just need helpful advice regarding this strange hadware.

Is it normal for the LAN sockets to be lit, when there is nothing plugged in.

doktornotor

There is nothing strange about the HW, you simply are doing it wrong. If you wish to continue here, either post some information (like, screenshots of WTH are you doing, ifconfig output etc.) or send a crystal ball.

opalit

OK Thanks, I have now got one working, I have in front of me the two units and 2 laptops, each screen appears the same, each config appears the same but only one will work.

Here is what I did to get the one working, factory reset, at menu -> 1. Assign Interfaces, then 2. Assign IP's, had to assign Lan as default value not suitable.

Did not assign DHCP, set static on Laptop, Logged in, created a anti lockout rule on WAN, logged out, connected to switch the WAN is connected to, logged in to WAN, then removed IP from LAN interface, assigned and configured LAN and other interfaces with none, created bridge added LAN, OPT1 and OPT2 to bridge.

Enabled bridge and assigned IP, set-up DHCP on bridge, went to firewall created auto outbound nat rule by simply saving, created access rule for bridge, set tuneables.

Applied setting and re-booted and it worked.

stephenw10

Either set the tunables before you create the bridge or, as you've done, reboot after setting them to have them take effect. Not doing so or doing it in the wrong order will render your firewall rules in the wrong place.
Do the NIC link leds behave the same on both boxes? Are both boxes booting correctly with no errors in the logs?

Steve

opalit

The  right hand ( when looking at them ) NIC lights on the interface are on all the time, even with no cable is connected, when the cable is connected the left hand light comes on and flickers with the data, I have never seen the LED's lit on any other router or switch until a cable is connected, both boxes are the same.

There does not appear to be any problems showing in the logs other than less than 512M detected, disabling APC.

Another problem I am having and have logged this separately, is that I can not get internet through an existing 1/2 bridge modem that has a working Cisco RV042 connected to it, the ALIX/pfsense is to replace the Cisco, Cisco has VPN problems with iPhone/iPad

stephenw10

I don't have an Alix box to compare that behaviour to and I agree it's not what I'd expect to see on other equipment but if both boxes are doing it and one is working then it seems unlikely to be the cause of your problem.

@opalit:

less than 512M detected, disabling APC.

That's normal on the Alix which has 256MB.

Steve