Rules for wireless LAN access

BigDave

I've got my pfSense machine set up and working within my home network (version 2.2)
My mobo has 2 onboard NIC and there is a PCIe x4 add on card with four more NIC, all are
gigabit and configured LAN-(192.168.1.1) to 16port switch, all the devices on this switch work and
have access to each other.
Opt1-(192.168.2.1) is going to the WAN port of a Actiontec MI424WR router. I have it this way so
my TVs have data to the set top boxes. The Actiontec also provides wireless access to devices like
iPads, iPods, smart phones, etc. Here are the screen shots of LAN and Opt1


Rules for LAN are fine for wired Windows computers, all show in network and things are as expected.
The wireless devices are a much different story however, they can surf the web, but have no lan access :-(
I just don't know which rule, or rules are required on which interface to allow lan access to my devices
receiving their IPs from the router. After trying to search for a cure to my ignorance, I've come up empty
for answers on this. Help would be greatly appreciated. Dave

jahonix

Can you post a diagram of your setup?
I'm not really sure that I understand your writing correctly. Sounds like something that nobody would want to setup.

BigDave

LAN em1 192.168.1.1 –----------------- 16 port switch ---------------- all wired devices in home, PC, printers, TV, blueray, PS4, NAS, etc.

OPT1 em2 192.168.2.1 ----------------- WAN port of Actiontec MI424WR ------MOCA coax to Verizon STBs
                                                                                  |
                                                                                  |
                                                                                  |
                                                                  DHCP to all wireless devices

Several weeks ago I had version 2.1.5 working with this setup and (for example) my iPad had access to my movie collection
on our FreeNAS server, but I've fogotten how I had it (pfSense) configured! Maybe something changed with 2.2, I've only
had this version on my new hardware running since Sat. night. I know this setup needs a wireless AP and then I can turn off
the wireless on this darn pos actiontec junk, but until I buy that AP, my family members are drivin' me nuts about NAS access
from their wireless devices. I hope you can help an old plumber out! I've spoiled these folks around here, but they're about to hang me!

pLu

Routing problem?

How about setting the IP config on OPT1 to None and bridging OPT1 with LAN?

Set the Actiontec to a static 192.168.1.0/24 LAN IP and disable the DHCP server on it.

Connect OPT1 to a LAN port on the Actiontec.

BigDave

@pLu:

Routing problem?

How about setting the IP config on OPT1 to None and bridging OPT1 with LAN?

Set the Actiontec to a static 192.168.1.0/24 LAN IP and disable the DHCP server on it.

Connect OPT1 to a LAN port on the Actiontec.

Well I got it fixed with your suggestion, but I did away with OPT1 interface.
Plugged an ethernet cable to the first LAN port of the router directly from the
network switch, disabled DHCP and set a static IP on the router and pfsense.
This way was easier without bridging LAN & OPT1.

When I can afford a really nice wireless AP, all I have to do is turn off
the Actiontec's radio and configure the new AP.
I'll have better coverage in the house and yard.
Thanks for helpin out a noob!

jahonix

If you are looking for a great AP you might want to search for a used Ruckus Wireless 7343 or 7363.
Great coverage and rock-solid operation in my house for more than a year now where I have to compete with >30 neighboring APs. I manage to provide streaming audio to 6+ Squeezebox receivers constantly without dropouts in an area of 200m².

Anyways, did I get it right that you connect the WAN of the Actiontec cable modem to your pfSense?

BigDave

If you are looking for a great AP you might want to search for a used Ruckus Wireless 7343 or 7363.
Great coverage and rock-solid operation in my house for more than a year now where I have to compete with >30 neighboring APs. I manage to provide streaming audio to 6+ Squeezebox receivers constantly without dropouts in an area of 200m².

Thanks for that suggestion, I'll see what I can find.

Anyways, did I get it right that you connect the WAN of the Actiontec cable modem to your pfSense?

In my original posted question, yes I did have the OPT1 connected to the WAN port of the Actiontec. The coax
output from this verizon router needs to stay viable to provide data to the set top boxes in my home,
I was under the impression that in order for the router to provide this, the WAN had to be used.
This was bad information/assumption on my part!!!
The solution was as follows;
pfSense LAN –> Switch --> LAN1 of Actiontec.
Configure (in pfsense gui) a static IP of 192.168.1.12 for the Actiontec,
Disable (in actiontec gui) DHCP/Firewall/IP Distribution and set static IP (192.168.1.12).
pfSense is now in complete charge of IP distribution, as I can view all clients in "Status-DHCP Leases"

This works great for me, the wireless clients now have access to the local LAN as
well as the Web and my STB have channel guide data and are fully functional!  ;D