Wifi and LAN on same subnet (SOLVED)
-
LAN Net > Any
WiFi Net > Any
Bridge Net > AnyWhat interfaces are those on? There should be no more LAN net or WIFI Net - only Bridge Net.
-
Here are the Firewall Rules
-
First, change your bridge rules to any. You have them set for TCP only. DNS and many other things won't work like that.
Second, make rules on LAN and WIFI that look EXACTLY like the rules on bridge. (Not with source LAN net or WIFI net, but for BRIDGE net - yes, on LAN and WIFI, source BRIDGE net)
-
Still not working.
-
All your rules are still TCP only, bro.
Change them all to this:
![Screen Shot 2014-11-18 at 8.56.33 AM.png](/public/imported_attachments/1/Screen Shot 2014-11-18 at 8.56.33 AM.png)
![Screen Shot 2014-11-18 at 8.56.33 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-11-18 at 8.56.33 AM.png_thumb) -
Did that still not working.
-
What's not working?
Do you get DHCP on the WIFI port? On the LAN port?
Can you ping the BRIDGE address from the WIFI port? From the LAN port?
Can you ping the next hop gateway from the WIFI port? From the LAN port?
Can the Hosts on LAN ping the hosts on WIFI? Vice versa?
What DNS is being handed out to the DHCP clients? Is that the DNS server actually in use by the clients? Can you resolve names using that address?
Etc. -
Wait… From my phone I'm connected to Pfsense. I opened Chrome browser and can't get to any website, BUT I just accidentally went to my cloud and it loaded. At this point and some testing... I can access any https site, just not http sites.
-
Let me guess. You're also trying to run squid or snort or both.
-
No actually it's a fresh install and no packages installed.
Can't seem to figure out what it is. So Close! smh
-
That doesn't make any sense. pf or otherwise. Firewall logs logging anything?
-
I don't see anything,
But the question I have is how long has WiFi worked just was blocking non secure websites? I'll backup the config then rebuild it again from scratch and find out.
I really appropriate all the help you've given me. Thank You for all your Help!
Rick
-
Proxy configured in the web browser? Weird.
-
Totally rebuilt it. Setup just like I did before. WiFi works on https only. So this whole time it basically worked. Just not for non secure!
I'm going over everything since now I have fresh log files.
-
Ok Got It! I had a setting wrong on my phone. The LAN computers connected worked just fine.
Got to give the Credit to "Derelict" for getting this working! Thanks!!!
This is to setup a WiFi card on the same subnet
Here are the Steps. (After you get a pfsense box up and running, connected to the internet. (I renamed Opt1 and Opt2)
1. Shut down install WiFi card (Card is on the recommended list of cards that work with Pfsense)
2. Interfaces > Added WiFi card (Opt1) renamed it to WiFi. > Setup WiFi settings.
3. Interfaces > Assign > Bridges > Created a Bridge > Renamed it to Bridge > Selected LAN and WiFi
4. Interfaces > Added new Interface > Opt2 > Renamed to Bridge > Network Port = Bridge
5. DHCP Server > Turned on DHCP for Bridge > Enabled > Set Range. (No DHCP on LAN or WiFi)
6. Firewall > Rules > Added New Rule > Interface > LAN > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
7. Firewall > Rules > Added New Rule > Interface > WiFi > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
8. Firewall > Rules > Added New Rule > Interface > Bridge > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
9. Interfaces > LAN > IPv4 Configuration Type = None > IPv6 Configuration Type = None
10. Interfaces > WiFi > IPv4 Configuration Type = None > IPv6 Configuration Type = None
11. Interfaces > WiFi > Allow intra-BSS communication > Check Box. < For WiFi devices to talk to each otherI have to come back and give the Answer! LOL Trust me I've seached a lot of stuff on Cisco and I would find Headings that said "Solved!" and you read all the way to the end and all they would say is "Got it Working" with no directions on how too! lol
Again Thanks Derelict.
Rick
-
Glad it's working.
One last little thing. With this:
9. System > Advanced > System Tuneables > net.link.bridge.pfil_member > Changed from 1 to 0
This should be unnecessary:
6. Firewall > Rules > Added New Rule > LAN > Source = Bridge Net > Protocol = ANY > Rest set to Any.
7. Firewall > Rules > Added New Rule > WiFi > Source = Bridge Net > Protocol = ANY > Rest set to Any.With that sysctl set to 0 I'm pretty sure those rules on the bridge members aren't being looked at at all.
-
Ok Removed
9. System > Advanced > System Tuneables > net.link.bridge.pfil_member > Changed from 1 to 0
-
Ok.. I'm back :( But with just a little issue.
From my computer I can Ping another Computer. I can ping a WiFi, phone, laptop, etc.
From my laptop I can ping my Computer, But can't ping any WiFiBasically WiFi to WiFi I can't ping. I need this to work because I connect my Phone to a WiFi Device and it can't see it.
Not sure what to do here.
-
Probably wifi isolation.
“Intra-BSS Communication
If you check Allow intra-BSS communication, wireless clients will be able to see each other directly, instead of routing all traffic through the AP. If clients will only need access to the Internet, it is typically safer to uncheck this. ”
Excerpt From: Jim Pingle. “pfSense-2.1-book.epub.” iBooks. https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewBook?id=3AC70C08837752AA49E641D5CEB871FE
-
That was it!! Working!
Thanks Again!
Updated HowTo
Interfaces > WiFi > Allow intra-BSS communication > Check Box. < For WiFi devices to talk to each other