Bridging LAN and WLAN (again).
-
I have searched the forums, searched google but the examples etc does not work for me or I am doing something wrong. (for reference I was trying to follow https://forum.pfsense.org/index.php/topic,20917.0.html)
So I bought a supported Atheros card and wish to add wireless. I added the card and added a WIFI interface with AP settings, a static
ip different to the LAN. Example below:WAN: 192.168.0.1
LAN: 192.168.1.1
WIFI: 192.168.10.1I can see and connect to the WIFI interface, get a IP from the WIFI DHCP server. I would like to now bridge the WIFI and LAN together. I set up a bridge interface (Interfaces -> Assign), and selected LAN and WIFI.
But when I try and assign BRIDGE0 to LAN and the original LAN (re1) I get the error message:
You cannot set port bridge0 to interface LAN because this interface is a member of bridge0.
Not sure what I am doing wrong or if there is a step I need to do to bridge the interfaces.
-
@ak:
So I bought a supported Atheros card and wish to add wireless.
Beyond that, you are doing that in wrong order.
P.S. For goddamn sake, someone remove this bridge usage "example"/"suggestion" from the wiki. >:(
-
~~OMFG.
Edit your Wireless interface. Set IPv4 and IPv6 to None. Save and apply.
Create a bridge with members re1 and your wireless interface.
Go to System > Advanced, System Tunables tab
Set net.link.bridge.pfil_member = 0
Set net.link.bridge.pfil_bridge = 1Go to Interfaces > (assign) And CHANGE the assignment for LAN from re1 to BRIDGE0.
And you're done.~~
Those steps probably do not undo things enough for it to work. Delete everything and start over.
-
Those steps probably do not undo things enough for it to work. Delete everything and start over.
Yeah, it's extremely tricky to get this right once you already have LAN assigned and are actually connected via LAN; chances are high you'll cut yourself off at some point as well.
-
So from what dokornotor says/implies, I don't need to bridge. and someone should remove the entry from the wiki due to this being misunderstood by the majority?
Derelict suggests that following what has been said before is wrong and should be undone - however, backing out the changes is probably not enough and should start from scratch.
So is there a sticky, resource or thread available with regards to the best practice for this? - the last post implies that it would be difficult as typically a LAN is assigned up front to gain access and start using pfSense.
Can any one point me to some form with setting up a AP with 2 (or more) SSID, where one of the SSID is permissioned for the LAN and the other is a guest?
-
@ak:
Can any one point me to some form with setting up a AP with 2 (or more) SSID, where one of the SSID is permissioned for the LAN and the other is a guest?
You certainly don't achieve this by bridging… and unless that AP is VLAN-capable and can tag traffic per SSID, you need two separate APs on two separate physical interfaces for this (unless you want to do something stupid, like using the AP as router with double/triple... NAT).
-
:D when did everyone get bridge-happy?
-
:D when did everyone get bridge-happy?
Probably the same time people started to google to find out how to add a built in AP and only have what is available to read. It would be useful for a sticky or some form of documentation for this so it is correctly done - so far there has been nothing (here or otherwise) for this or am I looking in the wrong place?
-
Oh - Its because of the bad choice to go with a built in AP. Then one mistake leads to the next?
-
Here is some information on the "Standalone" method without the need for a bridge. This method is required for a pfSense based Access Point -Captive Portal- as they do not allow bridged interfaces with Captive Portal.
http://www.interspective.net/2012/07/one-pfsense-wireless-config-to-rule.html
-
Everyone does realize:
1. There would be no need for any of this if you used and external AP
2. You would probably get much faster and more stable wireless using all the latest wireless protocols
3. 1 and 2 aren't enough?
-
Well 802.11 has been built in to pfSense since 2004 and people been saying its broke ever since.
Why do so many people ask "why" in regards to something that has been built in forever? I don't get it. This is open source. Think different. ie cheap.
I think pfSense wireless works superb. Maybe not for big setups, but for home use.
Back on topic i have to disagree with info contained in this post here. You can do this with one physical wireless interface. You can create 8 separate Access Points with one module. The only kicker is they must all be in the same band, either 2.4ghz or 5ghz. Not both
For example Main wlan0 on 5ghz with own SSID and Guest wlan1 on 5ghz with own SSID.
Totally doable, rules for each interface must be applied. See the wireless tab under interfaces. -
How much does one of those cards plus some antennas cost? What modes and speed are supported reliably?
-
Well the atheros driver is working well so anything on thier list. Ar5BXB112 is around 12 bucks and 450M rate. I dont have any 3X cleints to test 450M yet. Still needing to do some laptop antenna mods for 3X MIMO.
They sell dipole antennas for 3-5 bucks each. rp-sma to u.fl pigtails around the same.
I should note -on my above instructions- that different rules would be needed for the main and guest networks so your LAN remains unexposed.
-
@Phishfry:
Here is some information on the "Standalone" method without the need for a bridge. This method is required for a pfSense based Access Point -Captive Portal- as they do not allow bridged interfaces with Captive Portal.
http://www.interspective.net/2012/07/one-pfsense-wireless-config-to-rule.html
Thanks for pointing me to a resource and the right direction. Really appreciate the help.
-
So once you get one wireless network up with the rules correct and working then setup the guest network. I would also spread the channels out to lowest and highest to add separation of different signal best you can. With that in mind i would only do 5ghz.
Note this link is only one persons way of doing the filtering. I am see there are other ways to apply rules while researching pfsense guest wireless..
-
Here is another approach. Forget that its an external AP, rules are rules. OPT1 internal or external -it don't matter for rules.
-
I need to correct my post above. It is only possible for 4 separate Access Points from one miniPCIe module. One main and three clones under the wireless tab. All can use separate channels. All must be in either 2.4 or 5ghz band not both.
-
Thanks - managed to get it to work WITHOUT a bridge. And also get a guest WLAN on the same single card setup and isolated from the LAN.
-
P.S. For goddamn sake, someone remove this bridge usage "example"/"suggestion" from the wiki. >:(
What do you want edited/remove dok
I was searching through the docs and found this
https://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used
So I edited the portion that says bridge lan to wireless to
Bridging a wireless interface to a LAN - Not a good idea, Don't Do This!
Point me to what else you think is wrong and be happy to edit/delete
