Help me define this setup (in pfsense terms)



  • I am fairly well versed in network and especially *bsd, but the pfsense gui/terminology has really thrown me for a loop.

    I have a pfsense box with dual wlan and one nic.  I already have an openbsd gateway elsewhere on the lan and want to use my pfsense box as a wlan AP with captive portal and the like.  I have already bridged the wlan to the lan and that worked, though you can't have a portal on that.. so now i'm off to find out how to get it going without bridging.  Take a look at the attached diagram and just point me in the right direction.  Do the WLAN clients have to be on a separate ip range?  I have RTFMed a bit and poked around the forum but I'm at a loss.

    Assuming they go on a diff. ip range.  I need to go from WLAN –> LAN --> openbsd gateway (which is elsewhere on the LAN)

    Am I going to have to NAT my wlan subnet to my LAN interface?

    Any help/direction is greatly appreciated.

    TIA,
    Chris




  • Yes, the wlan subnet behind the captive portal has to be on a different iprange.

    You then have 2 options:

    • using nat which will make all clients appear to be coming from the pfsense wan interface IP
    • disable nat by enableing manual outbound nat (firewall>nat, outbound) and deleting all autocreated rules and add a static route at your openbsd gateway through the wan ip of the pfsense to that subnet behind the cp.


  • You are saying if I nat they will appear to come from my Pfsense WAN? I want them to appear to be from Pfsense LAN.  I don't really have a WAN per se on the Pfsense box.

    I haven't really done static routes in Openbsd.. (i know it's route add) I've always done homogeneous networks.  Sounds like a cleaner way to go but I don't follow the configuration that is required on the pfsense box.  Do I have to have a virtual interface for my Openbsd gateway that is on that subnet? If I had the space I'd add another network card to my gateway but alas that isn't an option.

    And the other thought is that I could connect my other wireless interface to a remote wlan and then call that my WAN, then nat my stuff over to that interface and skip my openbsd gateway.

    blah.

    ::chris



  • @hoba:

    • disable nat by enableing manual outbound nat (firewall>nat, outbound) and deleting all autocreated rules

    That is all, that is needed at the pfSense to shutdown NAT. Additional to that you only need that one static route at the openbsd box.

    I don't get that other thought with the WLAN and nat but the above procedure is pretty simple and probably better.


Locked