Wifi and LAN on same subnet (SOLVED)
-
Well I got as far as being able to ping anything on the network from wireless or static. The WiFi just can't get out. WiFi gets an IP address from DCHP.
-
What are the firewall rules on wifi? You need rules on all bridge members and the bridge itself.
-
LAN Net > Any
WiFi Net > Any
Bridge Net > Any -
Here is all the steps I exactly took:
Fresh Build Pfsense. Got it configured and connected my computer to it and have internet access and access to my LAN.
1. Shut down install WiFi card (Card is on the recommended list of cards that work with Pfsense)
2. Interfaces > Added WiFi card (Opt1) renamed it to WiFi. > Setup WiFi settings.
3. Interfaces > Assign > Bridges > Created a Bridge > Renamed it to Bridge > Selected LAN and WiFi
4. Interfaces > Added new Interface > Opt2 > Renamed to Bridge > Network Port = Bridge
5. DHCP Server > Turned on DHCP for Bridge > Enabled > Set Range. (No DHCP on LAN or WiFi)
6. Firewall > Rules > Added New Rule > Source = Bridge Net > Rest set to Any.
7. System > Advanced > System Tuneables > net.link.bridge.pfil_member > Changed from 1 to 0
8. Interfaces > LAN > IPv4 Configuration Type = None > IPv6 Configuration Type = None
9. Interfaces > WiFi > IPv4 Configuration Type = None > IPv6 Configuration Type = NoneMy Configuration:
Old:
WAN > DHCP
LAN > 10.10.0.1New:
WAN > DHCP
LAN >
WiFi >
Bridge > 10.10.0.2 > DHCPI can connect my Phone and Laptop to WiFi. I can ping both from either one. No Internet Access.
Now you know what steps I took to get here. I know them well I've rebuilt it about 20+ Times from scratch trying to get this to work.
Thanks,
Rick -
LAN Net > Any
WiFi Net > Any
Bridge Net > AnyWhat interfaces are those on? There should be no more LAN net or WIFI Net - only Bridge Net.
-
Here are the Firewall Rules
-
First, change your bridge rules to any. You have them set for TCP only. DNS and many other things won't work like that.
Second, make rules on LAN and WIFI that look EXACTLY like the rules on bridge. (Not with source LAN net or WIFI net, but for BRIDGE net - yes, on LAN and WIFI, source BRIDGE net)
-
Still not working.
-
All your rules are still TCP only, bro.
Change them all to this:
 -
Did that still not working.
-
What's not working?
Do you get DHCP on the WIFI port? On the LAN port?
Can you ping the BRIDGE address from the WIFI port? From the LAN port?
Can you ping the next hop gateway from the WIFI port? From the LAN port?
Can the Hosts on LAN ping the hosts on WIFI? Vice versa?
What DNS is being handed out to the DHCP clients? Is that the DNS server actually in use by the clients? Can you resolve names using that address?
Etc. -
Wait… From my phone I'm connected to Pfsense. I opened Chrome browser and can't get to any website, BUT I just accidentally went to my cloud and it loaded. At this point and some testing... I can access any https site, just not http sites.
-
Let me guess. You're also trying to run squid or snort or both.
-
No actually it's a fresh install and no packages installed.
Can't seem to figure out what it is. So Close! smh
-
That doesn't make any sense. pf or otherwise. Firewall logs logging anything?
-
I don't see anything,
But the question I have is how long has WiFi worked just was blocking non secure websites? I'll backup the config then rebuild it again from scratch and find out.
I really appropriate all the help you've given me. Thank You for all your Help!
Rick
-
Proxy configured in the web browser? Weird.
-
Totally rebuilt it. Setup just like I did before. WiFi works on https only. So this whole time it basically worked. Just not for non secure!
I'm going over everything since now I have fresh log files.
-
Ok Got It! I had a setting wrong on my phone. The LAN computers connected worked just fine.
Got to give the Credit to "Derelict" for getting this working! Thanks!!!
This is to setup a WiFi card on the same subnet
Here are the Steps. (After you get a pfsense box up and running, connected to the internet. (I renamed Opt1 and Opt2)
1. Shut down install WiFi card (Card is on the recommended list of cards that work with Pfsense)
2. Interfaces > Added WiFi card (Opt1) renamed it to WiFi. > Setup WiFi settings.
3. Interfaces > Assign > Bridges > Created a Bridge > Renamed it to Bridge > Selected LAN and WiFi
4. Interfaces > Added new Interface > Opt2 > Renamed to Bridge > Network Port = Bridge
5. DHCP Server > Turned on DHCP for Bridge > Enabled > Set Range. (No DHCP on LAN or WiFi)
6. Firewall > Rules > Added New Rule > Interface > LAN > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
7. Firewall > Rules > Added New Rule > Interface > WiFi > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
8. Firewall > Rules > Added New Rule > Interface > Bridge > Source = Bridge Net > Protocol = ANY > Rest set to ANY.
9. Interfaces > LAN > IPv4 Configuration Type = None > IPv6 Configuration Type = None
10. Interfaces > WiFi > IPv4 Configuration Type = None > IPv6 Configuration Type = None
11. Interfaces > WiFi > Allow intra-BSS communication > Check Box. < For WiFi devices to talk to each otherI have to come back and give the Answer! LOL Trust me I've seached a lot of stuff on Cisco and I would find Headings that said "Solved!" and you read all the way to the end and all they would say is "Got it Working" with no directions on how too! lol
Again Thanks Derelict.
Rick
-
Glad it's working.
One last little thing. With this:
9. System > Advanced > System Tuneables > net.link.bridge.pfil_member > Changed from 1 to 0
This should be unnecessary:
6. Firewall > Rules > Added New Rule > LAN > Source = Bridge Net > Protocol = ANY > Rest set to Any.
7. Firewall > Rules > Added New Rule > WiFi > Source = Bridge Net > Protocol = ANY > Rest set to Any.With that sysctl set to 0 I'm pretty sure those rules on the bridge members aren't being looked at at all.
