[DHCP problem] on external access point
-
I have a strange problem which I cannot seem to resolve. Hopefully you guys can help.
I am running the latest stable version of Pfsense (2.1.5) with the following setup:
_WAN interface (em0)
DHCP up
IPv4 address 10.0.0.100
Subnet mask IPv4 255.255.255.0
Gateway IPv4 10.0.0.1
ISP DNS servers 127.0.0.1 & 10.0.0.1**LAN interface (em1) **
IPv4 address 192.168.5.1
Subnet mask IPv4 255.255.255.0**GUEST interface (em2) **
IPv4 address 172.16.108.1
Subnet mask IPv4 255.255.255.0_WAN is connected directly to my ISP modem and it receives an DHCP address. The ADSL modem is configured to forward all traffic to this PFSENSE IP (DMZ host).
This way NAT including port forwards can be set-up and managed on the pfsense level. So far so good.LAN is our local network and private network and GUEST is a separate network for our bed and breakfast. These networks are separated in a way that they are both on a different physical network card and that the LAN is connected to a LAN SWITCH and that the GUEST interface is connected to a WIFI ACCESSPOINT (Engenius ECB-3220)
So far so good, the main issue is that any clients connecting to the wifi network through the GUEST access point are NOT getting a DHCP lease.
To troubleshoot this I made a allow all traffic (TCP/UDP rule) in the guest network
Still no DHCP address. So I tried taking the same network cable coming from the pfsense and plugging it directly into my laptop and then I receive a DHCP lease with the correct subnet info etc and internet + proxy + captive portal works.
So in other words the problem lies at the wireless bridge. Since this device is set-up as a network bridge with a static ip (172.16.108.5 with a gateway of 172.16.108.1) and has no firewall capabilities I don't understand why it is not working. For some reason the DHCP broadcast is not reaching it's wifi clients through this device.
Does anybody know how to resolve this problem? If I enable another DHCP server on this bridge I will be causing a double DHCP I presume. The bridge only has one lan port..
Thanks in advance for your idea's/help.
-
Just so you know, when you enable a DHCP server on a pfSense interface, all the rules necessary for clients to get leases are automatically activated behind the scenes. Otherwise your pass any any rules are a good idea for testing.
I'd run a packet capture on the interface to be sure the DHCPREQUEST is not being received. If not, it's a setting in the wifi device. Not sure how much help you'll find with that.
Are you sure it's DHCP and not all layer 2? If you give a wifi device a static IP does everything work like it should?
Also, you want to make your DNS pass rule TCP/UDP. DNS is usually, but not always, UDP. If the response is larger than one packet, it uses TCP. (DNSSEC can trigger this fairly regularly.)
Also, a better way to do your WAN would be to put your DSL modem in "bridge mode" and let the pfSense WAN port get the public address. Your DSL modem is essentially invisible if you do that. No double NAT.
-
Just so you know, when you enable a DHCP server on a pfSense interface, all the rules necessary for clients to get leases are automatically activated behind the scenes. Otherwise your pass any any rules are a good idea for testing.
So I don't need to add any allow/block rules for DHCP? It's always allowed even though I have a block all rule for specific interface? Thanks didn't know that.
I'd run a packet capture on the interface to be sure the DHCPREQUEST is not being received. If not, it's a setting in the wifi device. Not sure how much help you'll find with that.
Are you sure it's DHCP and not all layer 2? If you give a wifi device a static IP does everything work like it should?
When taking the network cable which now goes into the wireless bridge and putting it into my laptop I do receive a DHCP lease in the 172x subnet and everything works perfectly. So the problem lies with the wireless LAN bridge which is taking LAN based traffic and turning it into a WIFI switch. The wifi network can found by the devices, but they can't connect (unable to connect it says in windows).
The unit is set up as AP with static ip and DHCP disabled. The strange thing is that I CAN connect to the device from my LAN subnet (when traffic between subnets are allowed as a temporary rule) So 192x –> can access the wireless bridge setup page. For some reason the clients are not able to connect through wifi though..
Are you sure it's DHCP and not all layer 2? If you give a wifi device a static IP does everything work like it should?
Static ip on the client is a good idea, I tried that and still getting the error that I can't connect to the wireless network. Strange.. It has no security (I'm using captive portal and strict rules) so I don't understand what's going wrong. Guess I gotta troubleshoot more on the wireless bridge somehow.
Also, you want to make your DNS pass rule TCP/UDP. DNS is usually, but not always, UDP. If the response is larger than one packet, it uses TCP. (DNSSEC can trigger this fairly regularly.)
Thanks. Will do.
Also, a better way to do your WAN would be to put your DSL modem in "bridge mode" and let the pfSense WAN port get the public address. Your DSL modem is essentially invisible if you do that. No double NAT.
Unfortunately my WAN ADSL modem does not have this feature. So this is the only work around.
-
http://www.engeniustech.com/component/content/article/158-business/262-400mw-wireless-80211g-access-point-client-bridge
I notice the AP has features like:Modes: Access Point / Client Bridge / Client Router
WAN (Client Router mode): PPPoE
If it is somehow thinking it should do any routing, then the WiFi clients connected to it might not be getting bridged through to pfSense Guest interface NIC.
Just using dumb Access Point mode sounds like the thing you want here.
-
Anyone has solved this problem? I have the same too.
-
This thread is from 2014… The OP never came back.. So have no idea what his actual problem was.
Vs necro such an old thread, why don't you start a new one giving YOUR details.
