Help getting WLAN traffic passing
-
Running 2.2.2 on ALIX board with Atheros internal WLAN card - I can get a DHCP from the LAN Can someone please tell me what rules I need to apply here - Do I need to specify rules on LAN to allow traffic from WLAN even if bridged?
Bridged LAN/WLAN
When I try to assign the bridge to LAN I get an errorYou cannot set port bridge0 to interface LAN because this interface is a member of bridge0.
Basic config
LAN vr0 static ip and DHCP server
WAN vr1 static ip
OPT vr2
WLAN ath0 no ip bridged AP modeBRIDGE0 Members: LAN, WLAN
SysTunables:
net.link.bridge.pfil_member 0
net.link.bridge.pfil_bridge 1Firewall Rules
WAN BLOCK RFC/ Reserved
LAN ALLOW ALL to LAN Address 443/80
ALLOW LAN net ALL
ALLOW WLAN net ALLWLAN ALLOW UDP 0.0.0.0 Port 68 255.255.255.255 Port 67
ALLOW ANY Source LAN net ALLNot sure what bridge0 vr0 match block in 6? UDP 53 DNS?
May 8 14:04:16 pfSense filterlog: 7,16777216,,1000000105,bridge0,match,block,in,6,0x00,0x00000,255,UDP,17,53,fe80::3e97:eff:fe71:997d,ff02::fb,5353,5353,53
May 8 14:04:16 pfSense filterlog: 7,16777216,,1000000105,vr0,match,block,in,6,0x00,0x00000,255,UDP,17,53,fe80::3e97:eff:fe71:997d,ff02::fb,5353,5353,53
May 8 14:06:25 pfSense filterlog: 7,16777216,,1000000105,bridge0,match,block,in,6,0x00,0x00000,255,UDP,17,53,fe80::3e97:eff:fe71:997d,ff02::fb,5353,5353,53
May 8 14:06:25 pfSense filterlog: 7,16777216,,1000000105,bridge0,match,block,in,6,0x00,0x00000,255,UDP,17,53,fe80::3e97:eff:fe71:997d,ff02::fb,5353,5353,53
May 8 14:06:25 pfSense filterlog: 7,16777216,,1000000105,vr0,match,block,in,6,0x00,0x00000,255,UDP,17,53,fe80::3e97:eff:fe71:997d,ff02::fb,5353,5353,53Thanks for your help
scopa -
Basic config
LAN vr0 static ip and DHCP server
WAN vr1 static ip
OPT vr2
WLAN ath0 no ip bridged AP modeThe above is just wrong. Your rules should be on the bridge interface that should be assigned to LAN. Considering the currently unused vr2, you should have just zero problems assigning the bridge0 properly. Remove the OPT, assign vr2 to LAN, create the bridge, switch LAN assignment to the bridge and do whatever you want with vr2.
Hint: Stop creating useless bridges and you won't get self-p0wn3d.
-
thank you - everything works now
-
And your right - i got rid of all the bridges and used the firewall. everything works perfectly and less complicated