4. Help getting WLAN traffic passing

Help getting WLAN traffic passing

  • S

    Running 2.2.2 on ALIX board with Atheros internal WLAN card - I can get a DHCP from the LAN Can someone please tell me what rules I need to apply here - Do I need to specify rules on LAN to allow traffic from WLAN even if bridged?

    Bridged LAN/WLAN
    When I try to assign the bridge to LAN I get an error

    You cannot set port bridge0 to interface LAN because this interface is a member of bridge0.

    Basic config
    LAN vr0 static ip and DHCP server
    WAN vr1 static ip
    OPT vr2
    WLAN ath0 no ip bridged AP mode

    BRIDGE0 Members: LAN, WLAN

    SysTunables:

    net.link.bridge.pfil_member 0
    net.link.bridge.pfil_bridge 1

    Firewall Rules
    WAN BLOCK RFC/ Reserved
    LAN ALLOW ALL to LAN Address 443/80
    ALLOW LAN net ALL
                    ALLOW WLAN net ALL

    WLAN ALLOW UDP 0.0.0.0 Port 68 255.255.255.255 Port 67
    ALLOW ANY Source LAN net ALL

    Not sure what bridge0 vr0 match block in 6? UDP 53 DNS?

    May  8 14:04:16 pfSense filterlog: 7,16777216,,1000000105,bridge0,match,block,in,6,0x00,0x00000,255,UDP,17,53,fe80::3e97:eff:fe71:997d,ff02::fb,5353,5353,53
    May  8 14:04:16 pfSense filterlog: 7,16777216,,1000000105,vr0,match,block,in,6,0x00,0x00000,255,UDP,17,53,fe80::3e97:eff:fe71:997d,ff02::fb,5353,5353,53
    May  8 14:06:25 pfSense filterlog: 7,16777216,,1000000105,bridge0,match,block,in,6,0x00,0x00000,255,UDP,17,53,fe80::3e97:eff:fe71:997d,ff02::fb,5353,5353,53
    May  8 14:06:25 pfSense filterlog: 7,16777216,,1000000105,bridge0,match,block,in,6,0x00,0x00000,255,UDP,17,53,fe80::3e97:eff:fe71:997d,ff02::fb,5353,5353,53
    May  8 14:06:25 pfSense filterlog: 7,16777216,,1000000105,vr0,match,block,in,6,0x00,0x00000,255,UDP,17,53,fe80::3e97:eff:fe71:997d,ff02::fb,5353,5353,53

    Thanks for your help
    scopa

    0
  • D
    Banned

    @scopa:

    Basic config
    LAN vr0 static ip and DHCP server
    WAN vr1 static ip
    OPT vr2
    WLAN ath0 no ip bridged AP mode

    The above is just wrong. Your rules should be on the bridge interface that should be assigned to LAN.  Considering the currently unused vr2, you should have just zero problems assigning the bridge0 properly. Remove the OPT, assign vr2 to LAN, create the bridge, switch LAN assignment to the bridge and do whatever you want with vr2.

    Hint: Stop creating useless bridges and you won't get self-p0wn3d.

    0
  • S

    thank you - everything works now

    0
  • S

    And your right - i got rid of all the bridges and used the firewall. everything works perfectly and less complicated

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy