Pfsense connected to the internet but Lan cannot
-
To preface i am not entirely sure where my problem lies as a subject in this forum but it occurred around the time that i was fiddling around with the dhcp settings of both my Lan and my AP (while following this: https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense).
Ive encounterd a problem with the ap as well (wireless clients only able to access ap's web config page) but for now I want to recover my ability to use the internet on my main computer though pfsense.
my network is as follows:
Isp -> Modem(bridge mode) -(em0)> pfsense -(em1)> Lan
| -(vr0)> access pointI have power cycled my modem, pfsense, computer, Access point, though all of the steps ive taken to fix this problem. I can ping outside resources though Pfsense with no loss, i can ping through and from my computer and the Pfsense box. My Wan is my default gateway and seems to be working (0% loss, online). Firewall rules are set to allow all outbound traffic from lan.
lan is set with a static ipv4 of 192.168.1.3 / 24
AP is set with a static ipv4 of 192.168.1.4 / 24
wan is set to dhcpboth lan and AP are on the same subnet with the same mask, though
lan range is set to 192.168.1.10 to 192.168.1.15
ap range is set to 192.168.1.50 to 192.168.1.80nothing else is checked or configured on both dhcp server pages but the range and
"enable dhcp…"I am still a complete newbie on pfsense and networking as a whole so pardon if i didint display any information critical to this problem, but i am still open to any suggestions.
-
"ap range is set to 192.168.1.50 to 192.168.1.80 "
Why would you be setting dhcp on your AP?? Turn it OFF.. dhcp should come from pfsense - pointing to pfsense lan IP as your gateway. Your AP with its dhcp server is most likely pointing to the ap ip as gateway - which is not valid.
There are really only 2 steps to using any soho wireless router as just an AP. Turn off its dhcp server, connect it via lan port vs wan/internet port on AP. Optional is change its lan IP to be on the network your using so you can easy access its web gui and configure the wireless settings.
-
Sorry for the miscommunication John the Access Point (tplink TL-WA830RE V2) itself does not have DHCP enabled and has the following configuration:
IP Address: 192.168.1.7
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.4It is connected to an interface card on pfsense called AP (vr0 treated as second lan port)
I am assuming that i dont need to point (via gateway) it on em1 because it is not connected to it.
also i changed the setup;
I disabled EM1's dhcp and gave my computer a static ip of 192.168.1.6/24 (gateway .3)
dhcp for Vr0 is still 192.168.1.50 to 192.168.1.80
-
You've got two NIC's in your pfSense box configured to the same subnet. Unless you bridge them or split them into two smaller portions of the 192.168.1.x/24 subnet, you'll have trouble with that setup.
If I guess correctly what you're trying to accomplish, all you need is a small switch attached to your LAN NIC (em1). Turn on DHCP on LAN, attach the AP to the switch and the rest of your physical devices as well. pfSense will assign IP's (and DNS) via DHCP and pass/block traffic to WAN. The switch will let devices talk to one another without having pfSense in the way.
This is a common setup scenario. Unless you have a particular reason for using two NIC's on the same subnet, it's best to use the KISS principle (keep it simple, stupid) ;)
-
thank you for the suggestion divsys, that seems like the best solution for me at the moment, and though the long run.
I will follow up on this thread tomorrow with the arrival of the switch
-
I have a similar set up that I am having an issue with, already set up coming through a switch, I'm still has the issue he's reporting
https://forum.pfsense.org/index.php?topic=79492.msg433615#msg433615
-
@mtjindy - don't hijack threads. And put some info in your thread that is of use
LAN - Static 192.168.x.8 -
Wifi - Static 192.168.x.1 -
Why would you hide that.. Are they the same? I fail to understand why people think they need to obscure rfc1918 address space??
Why would you do this
DHCP Forwarding to 192.168.x.8
Unit is set as router, not gatewayWho told you to change it from gateway? As stated there are 2 things required to use a wireless router as AP – changing it to router is not one of them ;) Are you trying to route? Is your 192.168.x different networks?
-
I wasn't trying to hijack the thread. I was stating that the proposed fix may not work for him, like it doesn't work for me.
-
Problem solved (thank you divsys):
Adding a switch (TP-Link TL-SG1008D)
Removing/disabling the now useless interface (vr0)
Removing DHCP settings on (vr0)
Restarting DHCPD serviceNow my main computer can access the internet as well as all devices in my network.
Other devices connected via the access point (tplink TL-WA830RE V2) can also do the same thing.anyway i guess what caused this for me is that i thought i could make do with 3 ports on my set up: 1 for wan, 1 for lan, and one for the AP, but it seems like i would have to create two different networks; seeing that i just need simple needs (at the moment): robust security + control over my network + internet
A switch would be the most simple solution.for reference pf-sense is running on:
Processor : AMD Athlon XP 2600+
Motherboard : a7v8xla
Ram : 491MB(em1) D-Link DGE-530T
(em0) D-Link DGE-530T
(vr0) on-board chip (VT6103)
-
I wasn't trying to hijack the thread. I was stating that the proposed fix may not work for him, like it doesn't work for me.
Not working for you because your setup is not like his - and your not even given any info in your thread that allows anyone to help you.
