Wifi and LAN on same subnet (SOLVED)

Rickinfl · Nov 18, 2014, 5:13 PM

Did that still not working.

Derelict · Nov 18, 2014, 5:26 PM

What's not working?

Do you get DHCP on the WIFI port? On the LAN port?
Can you ping the BRIDGE address from the WIFI port? From the LAN port?
Can you ping the next hop gateway from the WIFI port? From the LAN port?
Can the Hosts on LAN ping the hosts on WIFI? Vice versa?
What DNS is being handed out to the DHCP clients? Is that the DNS server actually in use by the clients? Can you resolve names using that address?
Etc.

Rickinfl · Nov 18, 2014, 5:26 PM

Wait… From my phone I'm connected to Pfsense. I opened Chrome browser and can't get to any website, BUT I just accidentally went to my cloud and it loaded. At this point and some testing... I can access any https site, just not http sites.

Derelict · Nov 18, 2014, 6:03 PM

Let me guess. You're also trying to run squid or snort or both.

Rickinfl · Nov 18, 2014, 6:12 PM

No actually it's a fresh install and no packages installed.

Can't seem to figure out what it is. So Close! smh

Derelict · Nov 18, 2014, 6:34 PM

That doesn't make any sense. pf or otherwise. Firewall logs logging anything?

Rickinfl · Nov 18, 2014, 6:48 PM

I don't see anything,

But the question I have is how long has WiFi worked just was blocking non secure websites? I'll backup the config then rebuild it again from scratch and find out.

I really appropriate all the help you've given me. Thank You for all your Help!

Rick

Derelict · Nov 18, 2014, 7:07 PM

Proxy configured in the web browser? Weird.

Rickinfl · Nov 18, 2014, 7:19 PM

Totally rebuilt it. Setup just like I did before. WiFi works on https only. So this whole time it basically worked. Just not for non secure!

I'm going over everything since now I have fresh log files.

Rickinfl · Nov 19, 2014, 5:47 AM

Ok Got It! I had a setting wrong on my phone. The LAN computers connected worked just fine.

Got to give the Credit to "Derelict" for getting this working! Thanks!!!

This is to setup a WiFi card on the same subnet

Here are the Steps. (After you get a pfsense box up and running, connected to the internet. (I renamed Opt1 and Opt2)

1. Shut down install WiFi card (Card is on the recommended list of cards that work with Pfsense)
2. Interfaces > Added WiFi card (Opt1) renamed it to WiFi. > Setup WiFi settings.
3. Interfaces > Assign > Bridges > Created a Bridge > Renamed it to Bridge > Selected LAN and WiFi
4. Interfaces > Added new Interface > Opt2 > Renamed to Bridge > Network Port = Bridge
5. DHCP Server > Turned on DHCP for Bridge > Enabled > Set Range. (No DHCP on LAN or WiFi)
6. Firewall > Rules > Added New Rule > Interface > LAN > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
7. Firewall > Rules > Added New Rule > Interface > WiFi > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
8. Firewall > Rules > Added New Rule > Interface > Bridge > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
9. Interfaces > LAN > IPv4 Configuration Type = None > IPv6 Configuration Type = None
10. Interfaces > WiFi > IPv4 Configuration Type = None > IPv6 Configuration Type = None
11. Interfaces > WiFi > Allow intra-BSS communication > Check Box. < For WiFi devices to talk to each other

I have to come back and give the Answer! LOL Trust me I've seached a lot of stuff on Cisco and I would find Headings that said "Solved!" and you read all the way to the end and all they would say is "Got it Working" with no directions on how too! lol

Again Thanks Derelict.

Rick

Derelict · Nov 18, 2014, 8:41 PM

Glad it's working.

One last little thing. With this:

9. System > Advanced > System Tuneables > net.link.bridge.pfil_member > Changed from 1 to 0

This should be unnecessary:

6. Firewall > Rules > Added New Rule > LAN > Source = Bridge Net > Protocol = ANY > Rest set to Any.
7. Firewall > Rules > Added New Rule > WiFi > Source = Bridge Net > Protocol = ANY > Rest set to Any.

With that sysctl set to 0 I'm pretty sure those rules on the bridge members aren't being looked at at all.

Rickinfl · Nov 18, 2014, 8:43 PM

Ok Removed

9. System > Advanced > System Tuneables > net.link.bridge.pfil_member > Changed from 1 to 0

Rickinfl · Nov 19, 2014, 1:59 AM

Ok.. I'm back :( But with just a little issue.

From my computer I can Ping another Computer. I can ping a WiFi, phone, laptop, etc.
From my laptop I can ping my Computer, But can't ping any WiFi

Basically WiFi to WiFi I can't ping. I need this to work because I connect my Phone to a WiFi Device and it can't see it.

Not sure what to do here.

Derelict · Nov 19, 2014, 2:42 AM

Probably wifi isolation.

“Intra-BSS Communication

If you check Allow intra-BSS communication, wireless clients will be able to see each other directly, instead of routing all traffic through the AP. If clients will only need access to the Internet, it is typically safer to uncheck this. ”

Excerpt From: Jim Pingle. “pfSense-2.1-book.epub.” iBooks. https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewBook?id=3AC70C08837752AA49E641D5CEB871FE

Rickinfl · Nov 19, 2014, 5:48 AM

That was it!! Working!

Thanks Again!

Updated HowTo

Interfaces > WiFi > Allow intra-BSS communication > Check Box. < For WiFi devices to talk to each other

BananaMan · Oct 14, 2016, 12:29 PM

Credit goes to Rickinfl for this solution.

What I have here is based upon what Rickinfl has typed up, but I've changed things up just a bit and added a few steps. I kept getting locked out when changing settings on the LAN IP, but finally got it figured out. This works for 2.2.6.

I'm posting because I thought it may be helpful for those trying to bridge the LAN and WIFI so they're on the same subnet. Hope this helps.

Bridging Wifi to LAN Interface

1- Set up wizard - set the initial LAN IP address to be higher than the final LAN IP, and set the netmask to /30.
For example, if you want the LAN IP to be 192.168.1.1, set the IP for the LAN to be 192.168.1.50 /30 during this step.
2- Interfaces > Assign > Add (it will be auto-named Opt1)
3- Click on Opt1 to set up Wifi Settings
3.1 Rename to Wifi
3.2 Enable interface
3.3 Under “Network-Specific Wireless Configuration” Set mode to “Access Point”
3.4 Set channel to Operate on
3.5 Select WIFI name and passphrase
3.6 Check “Allow intra-BSS Communication”
3.7 Check “Enable WME”
4- Interfaces > Assign > Bridges > Create a Bridge [+ Add] > Selected LAN and Wifi as the interfaces on this bridge > Save
5- Interfaces > Add new Interface [+ Add] > Opt2 > Set Network port = Bridge > Save
6- From Interfaces, click on Opt2 to change options
6.1 Enable Interface
6.2 Rename to “Bridge”
6.3 IPv4 Configuration Type = Static IPv4 >
6.4 IPv4 address = acutual desired IP address of LAN [must set netmask to 30 for now - will change to 24 later] (example above would be 192.168.1.1)
6.5 Save
7- Services > DHCP Server > Turn on DHCP for Bridge > Enabled > Set Range (range with a /30 netmask will be small)
8- Disable DHCP on LAN and WiFi (if they are enabled)
9- Firewall > Rules > Added New Rule > Interface > LAN > Source = Protocol = ANY > Bridge Net > Reset to ANY.
10- Firewall > Rules > Added New Rule > Interface > WiFi > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
11- Firewall > Rules > Added New Rule > Interface > Bridge > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
12- From “Interfaces” set the IPv4 Configuration Type for both LAN and Wifi to None.
13- Router is now reachable by the Bridge IP address (192.168.1.1) and the LAN and WIFI are bridged.
14- Log into router by Bridge IP and change the netmask to /24
15- Change DHCP scope options