Bridging LAN and WLAN (again).

johnpoz

"If you want a wireless card and your LAN to be on the same subnet/broadcast domain you have no choice but to bridge them."

Sure – but why would you not just us an AP and there you go on the same broadcast domain if you want.  Why would you want them on the same broadcast domain is the other question.  But sure if your wanting to use a wireless card in pfsense as your AP (performance/features suck - no offense pfsense team) and you want to bridge that then sure.

When you can use a 20$ wifi router as an AP that will have way better performance and coverage area than any wifi card you might have in your pfsense box..  Why would anyone do that?  Why??

While its great there is some support for it - it sure an the hell can not be the preferred setup to run wifi on a network..

doktornotor

@johnpoz:

So I edited the portion that says bridge lan to wireless to
Bridging a wireless interface to a LAN - Not a good idea, Don't Do This!

Thanks.  8)

Perhaps you should rather ask the people here who keep bridging everything starting with from WLANs, continuing with OpenVPN and ending with their coffee maker and often mention they have followed "the docs" or some "howto" about where did they get the idea… because I just don't get it, seems like a mania lately.

Guest

OK i find myself answering the "why" question again.
My first entry into pfSense was a Steelhead Rivedbed 100/Axiomtek. It was swell for about 2 months. Then i graduated to an Astaro ASG110 Atom box. Much nicer. But what to do with my old hardware? I drilled two antenna holes in it, and plugged an Mini-PCI wifi card I had from my laptop repair work. So total cost was pigtails and antennas. Instant AP with it hanging off an interface on my Astero. I had just bought a Dell tablet so it all worked great for me.

The features we are discussing here have been baked in since forever. So to question "why" goes completely against the grain of open source.  Ease of setup may be lacking but it works very well for me.

Now in saying that -I understand your frustrations of helping people who can't seem to read the docs or research the topic better.

I will concede that building a bridge may require a physical cable swap and lockout is possible.
Much of that has been fixed by allowing ath0 interface assignment from the console.

I don't mean to be such a cheerleader but when you have something working while others are saying it's broke deserves a response.

pLu

@johnpoz:

I was searching through the docs and found this

https://doc.pfsense.org/index.php/What_is_a_bridged_interface_and_how_would_one_be_used

So I edited the portion that says bridge lan to wireless to

Bridging a wireless interface to a LAN - Not a good idea, Don't Do This!

Point me to what else you think is wrong and be happy to edit/delete

The problem isn't bridging but trying to assign LAN to the bridge interface without really knowing what you're doing. Incorrect blog posts don't help.

You make it sound like bridges don't work, when they do.

Bridging is simple if you always have a switch connected to LAN that keeps the interface up instead of messing with reassignment of LAN. I think you have bigger problems than losing a bonus AP (which you should only be running at home) if you lose the switch.

jimp

There is nothing wrong with bridging in the proper circumstances if you're aware of what is going on. Bridging wireless to LAN, though not ideal, is fairly common and rarely a source of actual problems. Mostly the problems come from foot-shooting related items or trying to do things that just aren't feasible with a bridge.

If you connect to the firewall from WAN (in a lab/dev setup) or a wired OPTx, it's fairly easy to swap things around to have the LAN be bridge0 with WLAN and WiredLAN also assigned but without IP addresses.

Trying to reassign LAN while managing the firewall from LAN, that's a recipe for disaster.

ak

So I did setup my WLAN with separate subnets. One internal with access to LAN and one guest SSID with only internet access. This all works great and no need for a bridge.

Now I have being setting up pfSense slowly adding functionality I need and then stabilising until the next piece. Then got a to a real use case for why I now need a bridge. Tried out my Sonos sound system and for an unknown reason (to me) it does not work across subnets. Will take the above advice about creating a subnet and using the WAN side to not lose connectivity when creating.

Quick question - I know I can't assign a newly created BRIDGE0 (containing LAN and WLAN) to LAN again. So would the following work? Assign BRIDGE0 to OPTX, rename LAN to WIRED (for exampled), then rename OPTX to LAN. Would my firewall rules for LAN remain intact and work against the bridge (assuming I also make the changes to system tunables).

Derelict

First, I don't understand.  Put your Sonos on LAN and you're done.

Or do you either need Sonos on your wireless or need to control Sonos with wireless devices and now need to take your guest SSID, throw it out the window, and use the Wi-Fi on LAN and you don't want to do the right thing and just buy an AP?

You have LAN, WLAN and OPTX and you want to bridge LAN and WLAN and assign the resulting bridge on LAN?

• Configure OPTX with an unused subnet, set rules, connect a computer to it and access the webGUI from there

• Set the IPv4 address on WLAN to NONE

• Create a bridge containing only WLAN

• Assign LAN to the new BRIDGE0

• Create a new interface using the newly-available ethernet interface that used to be LAN

• Add the new interface to the bridge

• All of your existing LAN config, rules, etc should be intact.

I didn't go into all the pfil_bridge sysctls since they're all covered elsewhere.

ak

The sonos system requires (from what I have read and a google shows) that the system requires all components to be on the same subnet. This involves at least one component to be on the LAN. Then it creates its own mesh network across wireless. The controller (iPhone, Android) will need a wireless connection to 'discover' the system and control it - there is no controller that utilises a LAN connection. I suspect there is some multicast issue where there is an expectation of components to be on the same subnet during the discovery phase (this is pure speculation from what I read and I have not analysed any packet capture etc - this being out of my depth).

Therefore the need for a bridge to manage the WLAN and LAN on the same subnet without an AP.

Scanner

Hi Everybody
Internet Connection Sharing (ICS) "Windows Term"
I Have not used pfSense but I would like it if somebody could tell me if my configuration would work.

My friend lives 2 houses away from me and we have a very good WiFi link already established.
Using Windows (ICS) on a PC I am connected to his WiFi modem/router and internet traffic is transferred trough the Ethernet port on my machine to my Client.
It isn't perfect but It's better than i first expected it would be.  Currently I have only one computer connected to my ICS machine at a time but i want to change that.

• I would like this to be a DHCP setup on both ends but a static connection between them. (already configured like this on ICS.

• I want to be able to wake the machine over the internet so i can use it when i need to access my CCTV and turn it off to save power. (This is why telnet enabled on 10.0.0.137)

• If I cached websites in pfSense would his router load them on his computer because they always check local before DNS.

Probably enough info for now, any advice appreciated.  :)
http://picpaste.com/pics/Wireless_Network-VAnOUG9G.1428306219.png

doktornotor

@Scanner:

Hi Everybody
Internet Connection Sharing (ICS) "Windows Term"
I Have not used pfSense but I would like it if somebody could tell me if my configuration would work.

Please, do not multipost.