DHCP not working for different subnet

  • Hi,
    I was wondering if someone can help me out or help me understand?

    I have my lsp modem as bridge (static ip) connected to my firewall ( then i connect it to my access point r7000( disabled)  with ddwrt. So i created 2 wifi connections. One is for home which has the same subnet (192.168.1.x) and then i created a virtual which is within ddwrt. I get perfect connection on the 192.168.1.x but I cannot connect to the wifi guest ( I was wondering if someone could guide me how can i create another pool within the same LAN in pfsense or what steps do i need to take for it to work?

    Thank you

  • Banned

    Not implemented. You can only provide DHCP for subnets defined on pfSense.


  • I do this in ddwrt with iptables to nat to access point

    Lookup multiple wlan in ddwrt.

  • Hi thank you for your response

    Would it be possible to send me a screen shot of how you have your ddwrt configured as an access point with your pfsense?

    Thank you

  • The configuration is done in ddwrt. It is ap mode for subnet and router mode for subnet with dhcpd and nat. We do not have the same hardware and ddwrt version so start here


    pfsense sees all traffic from subnet as coming from

  • thank you so much i will let you know how it goes ill keep you posted

    Thank you again

  • Hi again
    I wanted to tell you that everything was working well but my guest network is not getting internet I have tried asking on ddwrt forum and they cant seem to help me either http://www.dd-wrt.com/phpBB2/viewtopic.php?p=960056#960056

    My problem is the iptable for the nat it is not getting internet but I am getting DHCP

    I was wondering gjaltemba if you can help me out with the ip table only to get internet or am i missing something?

    Keep guest network from reaching main LAN devices.

    iptables -I FORWARD -i br1 -d nvram get lan_ipaddr/nvram get lan_netmask -m state –state NEW -j DROP

    NAT so the guest network can access the internet:

    iptables -t nat -I POSTROUTING -o br0 -j SNAT --to nvram get lan_ipaddr

    Keep the guest network users from getting at the r7000:

    iptables -I INPUT -i br1 -m state --state NEW -j DROP

    But let the guest network hit the DHCP and DNS ports:

    iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
    iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
    iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

    Thank you

  • For the sake of "Get her done" well take care of the ddwrt config here and move on to pfsense topics.

    iptables -I FORWARD -i br1 -m state –state NEW -j ACCEPT
    iptables -I FORWARD -i br1 -d nvram get lan_ipaddr/nvram get lan_netmask -m state --state NEW -j DROP
    iptables -t nat -I POSTROUTING -o br0 -j SNAT --to nvram get lan_ipaddr

    for some hardware you may put the following as line 2
    iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

    You can lock things down after connection is made.
    Keep in mind that some firewall scripts are for wan interface. In AP mode the wan port is disabled in ddwrt.


  • Hi thank you again for your effort but i figured out and made a tutorial if anyone is in need


    Thank you

Log in to reply