Routing problem with different gateways
my pfSense box running fine so far with multiple WAN connections. I have defined certain IP ranges and assigned these ranges their individual gateway to connect to the internet. That works pretty will for wired clients, but not for wireless devices. All wireless devices connected to the access point use the default gateway that the access point is using - no matter what default gateway they have configured.
Is there any way to correct this behavior except installing some more (physical) access points?
How is the AP set up?
Do the WiFi clients behind it get addresses in the pfSense LAN? Or does the WiFi AP give out addresses in some other subnet and then NAT them onto the pfSense LAN?
You likely need to connect a WiFi AP LAN port direct to the pfSense LAN, and turn off any DHCP on the WiFi AP. Let the clients get DHCP from pfSense. Then they will all have pfSense LAN IP addresses, you can static-map them as you wish and then control them as you wish with firewall rules.
The AP (Ubiquitit UAP-LR) only forwards the requests to my DHCP server (Windows 2012 server). You can see the clients successfully obtained a lease and registered. There is only one subnet as no need for multiple subnets yet. Certain IP ranges have different gateways assigned. For wired clients that works perfect. But the problem is with the AP is within a IP range with gateway "A" assigned and then a wireless client connected to it with an IP that supposed to use gateway "B" but still using "A".
It should work - so there must be some configuration trick. Post your rules and examples of client IP address and default gateway received from DHCP that do and do not work.
There is only one LAN interface on the pfsense machine. And all clients have this IP as default gateway. I tried with various clients and the their IP-configuration is exactly the same, the only difference is the way the connect (ethernet vs. wifi). I also attach a pic of the firewall rule. Note: the AP does not have an IP within the specified range. This might explain the behavior. But then again if I change the AP's IP to .224 or above all wireless clients use the clearnet gateway. Although some of them shouldn't do that cos they have an IP that is assigned a different gateway. I'm clueless :-X
It seems that the AP must be doing some sort of NAT or proxy thing to the traffic, and when it arrives at pfSense LAN the source IP of the packets is the AP IP address.
Do some packet capture on pfSense LAN and see what is the source IP of traffic.
Look for some fancy thing happening on the AP - e.g. they support VLANs and multiple BSSID, so I guess they might support a way to have a somewhat-isolate WiFi net that is NATed out to the wired LAN or…?
Thanks for your quick reply. Well in the AP I do not see any setting that might be related to that issue and also I am not using any special configuration like VLAN or multiple BSSID etc.
I did some packet capture and testing with my smartphone (192.168.0.137) and the correct IP as source destination is in the log. Also the IP of the AP doesn't show up so I guess the AP is not the culprit?!
Also I have to correct my prior statement: the wireless clients ALWAYS use the SAME gateway, no matter in which IP range the AP is, sorry. :-\
Post your firewall rules, alias definitions and full details of what works and does not work. There has to be some little setting that has been overlooked somewhere.