Adding Wifi to pfSense



  • If this question has been asked previously, I apologize for leaving it to be answered yet again. Anyhow, I have pfSense running on a little desktop machine I have installed in a my server rack. Plugged into the motherboard slots is 4 PCIe Intel Server LAN cards running a 1G connection. Currently, I have one configured a WAN in DHCP, and another configured as LAN with Static IP which I have set as the default gateway address and all is fine on my network with very fast connections. Now, on the third NIC card, I want to send setup as a line to feed internet to my Asus wireless AC router. My understanding of this was that I would connect to the network cord from the card on the firewall box to one of the 4 LAN ports on the router itself and set it to run in access point mode. So, I hooked it all up, gave the NIC I was desiccating for this purpose it's own StaticIP and set about connecting the router. Only, the router is not getting in internet connection that can push out. What am I not setting up properly?


  • LAYER 8 Netgate

    Firewall rules are not automatically added to interfaces like they are on LAN when you first install.

    Firewall > Rules then select the new interface.  You can probably start by duplicating the rules on LAN but for he new interface.

    Barring that, we'll need basic troubleshooting.

    Do you get DHCP?
    can you ping the pfSense interface?
    can you resolve DNS?
    does it work with a static assignment on the host?
    etc.



  • Thank you for getting back with me. I thought I would start by address your statement about setting up rules. I created them as you specified last night and I wanted to make sure that I have done this correctly. Please see the attach photo below. I have also attached a photo of the interface I want to use. The IP address I gave will be changed and I set to this for testing only. With these settings, I plug the router into the OPT2 port from one of the LAN ports and did a factory reset. After the reset, I set the router to Access point and to use DHCP. After the router restarts to finish the setup, the router is still set to IP 192.168.1.1, Suffix 255.255.255.0, gateway 192.168.1.1 with no DNS address. It is as if the router is not getting an address from pfSense.





  • LAYER 8 Netgate

    The source addresses for your rules should be OPT2 net, not LAN net.

    Did you set up a DHCP server for OPT2?  That's not automatic either.

    I don't know enough about your wireless gear to know how it should behave.  Get internet on a wired host plugged into OPT2 then worry about the wi-fi.



  • Alright, I made changes as you suggested and still no dice. I have attached two screens. One is the main screen and the other is the rules screen. I set up the same rules on both of my OPT ports and plug my laptop directly to the port but as you can, the DHCP only returns a 0.0.0.0 address. I ran ipconfig on the laptop and address it physically has on the LAN connection is a 169.254 address. Clearly the issue is that no address is being passed to the OPT ports





  • LAYER 8 Netgate

    Umm.  You're all over the place.

    What interface do you want to connect the AP to?

    What IP address and netmask are you going to give that interface?

    What DHCP pool and other options do you want the DHCP server on pfSense to serve up?

    What you're showing me says the interface is expecting to get its IP addressing from a DHCP server somewhere.  This is probably not what you want since pfSense is probably going to BE the DHCP server.



  • In opt 1 I have an intel server card. in opt 2 I have a basic realtek lan card. I wanted to try them both but I have achieved the same result. I plan on using the OPT1 since it is a server NIC card. If I need to give the OPT1 port an address, id like to use 192.168.1.2 but do I need to give it something else? my installation of pfsense is setup to be a router. I have a separate server that all my computers are attached to that is the physical DHCP for the computer. All I need for this OPT1 to do is feed internet to my AP. Will the AP need to dish out IP's for pfsense?

    Overall, my experience with this is very minimal. Until you said something about the DHCP server, I had no idea about it so after reading you, I gave OPT1 an address of 200.214.1.1 and set a range in DHCP server for 200.214.1.1 - 200.214.1.254


  • LAYER 8 Netgate

    @jbhowlesr:

    In opt 1 I have an intel server card. in opt 2 I have a basic realtek lan card. I wanted to try them both but I have achieved the same result.

    They will likely both work fine if properly configured.

    I plan on using the OPT1 since it is a server NIC card. If I need to give the OPT1 port an address, id like to use 192.168.1.2 but do I need to give it something else?

    I cannot answer that because I have no idea what your numbering scheme is.

    • Interfaces > OPT1 Pick an unused subnet, put an address in that subnet on pfSense (.2 is fine) with the proper netmask.

    • Services > DHCP Server Set up a DHCP server on OPT1 with all the settings you want for your WiFi clients.

    • Firewall > Rules, OPT1 tab Create firewall rules passing traffic from OPT1 net to any.

    • Firewall > NAT, Outbound tab If you are not on Automatic Outbound NAT (you are unless you changed it) you'll need to create NAT rules on WAN for your OPT1 subnet.

    my installation of pfsense is setup to be a router. I have a separate server that all my computers are attached to that is the physical DHCP for the computer. All I need for this OPT1 to do is feed internet to my AP. Will the AP need to dish out IP's for pfsense?

    Not if you enable a DHCP server on pfSense like in step 2 above.



  • For my number convention, I don't have one..lol Under Services>DHCP server - do I need to put in anything in the DNS boxes? If so, what numbers should I use..lol For Firewall>Rules, OPT1 tab, did I create this correctly base on the screen I posted?


  • LAYER 8 Netgate

    @jbhowlesr:

    For my number convention, I don't have one..lol Under Services>DHCP server - do I need to put in anything in the DNS boxes? If so, what numbers should I use..lol For Firewall>Rules, OPT1 tab, did I create this correctly base on the screen I posted?

    If you put nothing in the DNS servers, it will give the users the interface address.  Hopefully you're running DNS forwarder or something.  If not, you need to put DNS servers that you use there.

    Yes, those OPT1 rules in Reply #4 looked fine.



  • I honestly about to give up on this program. It is so complicated and until about 5 days ago, I had never touched anything like this before. I am trying everything you are suggesting but I am beginning to think there is some other issue. For my OPT1 port, any address I assign that is not a 192.168.1.1, gives me an error that "The specified range lies outside of the current subnet" when I try to enable the DHCP server. For the DNS forwarder, I get an error that it is already in use.

    I think best that at this point that we go into some basic setup first before trying to troubleshoot a problem that I may have caused in my lack of knowing how to properly set this program up.



  • Not sure what I did, but It works now… LIKE A CHAMP I might add.


  • LAYER 8 Netgate

    Glad it's working.  All routers are complicated once you get one that has some flexibility.  All require some general networking knowledge.





  • The router I am using is an Asus AC56U which is a dual processor unit. Pretty much what I did was delete my OPT interfaces and rules. Recreate the inferfaces and rules giving the OPT an address in the same range as the old standard 192.168 and wallah; came right up. Thank you so much for your help with this. I clicked the thank you button on your last post.


Log in to reply