Having trouble with DHCP and access point

magu2k

Hello all,
I am brand new to pfSense, and am finding how relatively limited my knowledge is. So, I apologize now if I out myself as a total newb, but I reserve that right for myself.
I recently installed pfSense on a i5 2500K machine with about 8gb ram. This machine has an onboard GB NIC which I use for LAN, and 2 Intel Pro100+ cards. One is WAN, and the other I am trying to use as OPT1. WAN connects an ADSL connection by PPPOE. I have DHCP running. The wired clients on LAN however, are not getting any DHCP info (or not all of it, far as I can tell)
ALso, I am trying to hook up a router running just as an access point on OPT1. LAN interface is 192.168.46.1 with DHCP is serving up IP's to wired clients (kinda?) at 192.168.46..0 subnet. I also have the AP on OPT1 set as IP 192.168.46.5 (or maybe 3 now) and OPT1 interface is 192.168.46.2. However, wireless clients do not currently connect to the network at all, and I can not even log into the router admin page while its attached to the pfsense box. I have to unplug it and hook it up directly to my computer. MAybe the gateway address is wrong? I seem to be confused about what address that is supposed to be. is it the same as the external address on WAN? I had assumed it was supposed to be the same as the lan address (192.168.46.1) but Nothing seems to work.
Few extra bits that are probably relevant.. the wireless router is kinda buggy, and the firmware boots  you out once you try to change settings after it's DHCP server is shut off.. but DHCP is off and I am not connecting it to OPT1 via the wan connection, it's one of the client ports on the router. Could the wireless router itself (Linksys E2500) be the issue? or is it more likely the pfsense dhcp server? or something else entirely?

Your help is appreciated,
Thanks.

Gertjan

This is one you are looking for:
@magu2k:

….or something else entirely?

This is ok:
@magu2k:

LAN interface is 192.168.46.1

[but, I'm just curious, why not keeping the default 192.168.1.1 IP as provided
Normally, your LAN interface runs from 192.168.46.1 up to 192.168.46.254.
This:
[quote author=magu2k link=topic=93113.msg516574#msg516574 date=1430266479]OPT1 interface is 192.168.46.2
is where you blow up things.
It should be something like: 192.168.47.1 (usable IP's: 192.168.47.2 up to 192.168.47.254)

LAN and OPT1 have both of them a DHCP server.
The first is serving (example) 192.168.46.10 to 192.168.46.254 - reserving 192.168.46.2 to 192.168.46.9 for static devices like your APs etc
Th second DHCP server is running on OPT1 - using the 192.168.47.x range.

Btw: do not forget to add firewall rules to the OPT1 interface. By default, its empty, so no communication goes in and out.

A LinksysE2500 : do yourself a favor, and blow away the default firmware. Visit https://www.dd-wrt.com, read about how to upgrade this router, and flash it using a DD-WRT firmware. Its rock solid.

magu2k

Hello, and thank you for your reply. That makes sense, I will change that. the 46 is more vanity and or uniqueness than anything technical. So that 2nd interface does have to be on a different.. subnet I guess. As far as the firewall rules go.. I do have some.. but I suspect there may be an error in them. but once I get to change my settings (I'm at work right now) I will test that. Regarding the E2500, I appreciate the input. I was actually looking for info on how well a 3rd party firmware works on that particular model, but I will take your advice, its most appreciated.

Two quick follow up questions, in the interface configuration window, where you can select the IP type, IE static IP, I do not understand, is that relating to the IP for that interface, or how IP's are to be assigned to devices connected to that interface, (IE allowing an interface that does not use DHCP while others do)?
Lastly, Can anyone fill me in on the gateway address, is it the IP of the interface the devices are connected to IE LAN, OPT2, or the address of the external connection, or something else?

magu2k

now that I sit and think about it
"IP for that interface, or how IP's are to be assigned to devices connected to that interface, (IE allowing an interface that does not use DHCP while others do)?
"
I have answered it for myself, seems kinda silly now haha. But my other question remains open.

dave247

You want to set up the AP to pull an IP from your DHCP server (pfSense) and you probably want to use an Ethernet port other than the WAN port on the back of the AP, unless you have the option to turn it into just another LAN port. Turn off routing and DHCP service on the AP and make it pull an IP from pfSense and that will extend to all the users connecting to the AP and they will each get an IP lease from your DHCP.

magu2k

Well, I flashed dd-wrt to my router, but it's not workign, says wireless is on, but it never shows up. I may try reflashing, with another build that (should be) compatible with it. If it doesn't work, then I will probably just by a proper access point

magu2k

I know it's not the best place to ask this, but if it's acceptable, and anyone has any thoughts or input, I'd like some direction on an AP. I am considering the Cisco WAP121, and while the flexibility of a router box with wireless is ok, I do not plan to ever go back to that sort of solution, as, even though I (still) have issues with pfsense, I plan to stick with this sort of solution long term and just need to add wireless capability to the network. So, any suggestions?

Gertjan

An AP to start with : Linksys (Cisco now), throw out the original firmware, use the DD-WRT firmware.

johnpoz

unifi makes some decent AP.. Entry level is $70 pro is 200, AC is 300.

killmasta93

running pfSense 2.2.2 with ddwrt accesspoint kong build r7000 runs great. Try this link to see if it helps you. Personally why not just have it modem–pfSense--ddwrt--computers (or switch)--more computers

also in the guide it will show you how to create a separate guest with its own dnsmasq

Read the guide and tell me how it goes

http://www.mediafire.com/view/vn61b93b0yv7x12/Setting_up_Virtual_Interface_guest_as_access_point_behind_ddwrt_or_pfsense.docx

Derelict

How does that prevent your guests on 192.168.10.0/24 from accessing everything on your LAN on 192.168.1.0/24.

killmasta93

in ddwrt i save to firewall rule

#Block access between private and guest
 iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP
 iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP

killmasta93

also on a side note the guest handles its own dnsmasq but funny thing that if i block youtube though pfSense in dns fowarder it blocks it on the guest too, been trying to unblock it no luck  :-[

magu2k

@killmasta93:

running pfSense 2.2.2 with ddwrt accesspoint kong build r7000 runs great. Try this link to see if it helps you. Personally why not just have it modem–pfSense--ddwrt--computers (or switch)--more computers

also in the guide it will show you how to create a separate guest with its own dnsmasq

Read the guide and tell me how it goes

http://www.mediafire.com/view/vn61b93b0yv7x12/Setting_up_Virtual_Interface_guest_as_access_point_behind_ddwrt_or_pfsense.docx

Well, my setup will be fairly similar to that, it's just we have a number of cell phones in the house that usually want to be connected to wifi. Otherwise, very similar except for the plan to add a nas box. Just in the process of building a 4x HDD box from some old parts (And some new(er) ones that we need to get.

killmasta93

Well, my setup will be fairly similar to that, it's just we have a number of cell phones in the house that usually want to be connected to wifi.

but arent you trying to do that with the ddwrt as an access point?

Otherwise, very similar except for the plan to add a nas box. Just in the process of building a 4x HDD box from some old parts (And some new(er) ones that we need to get.

Also if your router supports usb which im not sure, you can have a small NAS. I love DDWRT but it sometimes lacks in blocking sites. And to utilize it fully you would need to get AC router with 256mb but besides that its amazing.  :)

magu2k

Yes, well the current situation on wireless/AP is that the lil router I flashed works, but wireless doesn't. I can't find any right now where it does work on the E2500 V3, but looking in the dd-wrt forums, it seems tehre are a number of complaints about it being just fine except the wifi. So, at this point, I jsut plan to buy an AP.

killmasta93

ohh then in that case i suggest buying R7000  ($140) or a unifi LR ($80)

magu2k

I've looked into them, that unifi actually looks pretty good. Only thing is here, I would have to order it in, but I probably will. thanks for the tip on that.

killmasta93

unifi is awesome if you have dead spots (no wifi or low wifi signal)  in the house. But usually that's not the case in America unless you have a huge house. The unifi can also have ddwrt but I haven't tried it and not sure how stable it is but wouldn't change it to ddwrt because the webGUI is awesome. If you do change it to ddwrt tell me how it goes  ;)

magu2k

Thanks, I ordered the unifi AP-LR today, on rush. Pretty excited. Thats cool it can take dd-wrt too.. but I will probably stick with the mfg interface