Communication between subnets or DHCP relay
-
Hey guys,
I setup this networking at my place to familiarize myself with networking a little bit more but I've hit this bump:
I want devices from my Wi-Fi AP to be able to communicate with my wired devices.
My ideal setup would have my PFsense box running as DHCP for wired and wireless, but I'm open to anything else.
Please see my network diagram for all the info.I'm open to any idea/tips on how to achieve this!
Thanks guys!
-
Well move your belkin behind pfsense and use it just as AP so all your device are on the same network both wired and wireless. Or even segment out your wireless behind pfsense and then create the rules you want in pfsense to allow the traffic you want between wired and wireless.
In your current setup your wired are behind a nat compared to your wireless.
-
Well move your belkin behind pfsense and use it just as AP so all your device are on the same network both wired and wireless. Or even segment out your wireless behind pfsense and then create the rules you want in pfsense to allow the traffic you want between wired and wireless.
In your current setup your wired are behind a nat compared to your wireless.
I have the same question. You cant bridge the Bell modem because then you loose wifi. Is there anyway to keep the Bell modem as a Modem/Router/AP but have all wifi traffic forward to the pfsense as the gateway?
-
Well I figured it out!!
So here is how I got my wifi to work this morning and route traffic to the pfsense box. My Rogers modem is 192.168.0.1 and my pfsense WAN is 192.168.1.13 to Rogers modem. Lan is 192.168.2.1. I disabled DHCP on Rogers modem(Not bridge mode) and assigned the static WAN port on the pfsense box. I enabled DMZ on rogers modem to 192.168.1.13. On the pfsense I setup Nat outbound to static port in hybride mode. PS4 is Nat2 and working great. Wifi devices get a 192.168.2.0/24 IP so everything is working great!! -
Doesn't matter if your isp devices supports bridge mode or not.. You can double nat to internet.. But use something as AP for you wifi. Trying to leverage your isp device lan network for your wifi and then creating another network bethind pfsense also behind nat is going to cause you issues.
If you have an isp device that you can not bridge and give you a public on your pfsense wan, I would really suggest changing that device out with your isp so that you can get public on pfsense. Then use either a true AP or wifi router as AP for your wifi network.
If you have to double nat, then you have too.. But it for sure is not an optimal configuration.
And yes if you can not bridge your isp device, then putting your pfsense wan in the DMZ of that device would allow you to control port forwards on just pfsense and not have to do them on both devices. This setup for sure is going most likely going to have issues with nat reflection setups. Which shouldn't be used anyway.
-
@johnpoz is right, because the pfSense is doing also NAT, you where creating a DMZ Zone between the both
NAT doing devices and in the normal or most the common terms and conditions it is the goal that the
devices behind the pfSense are able to connect to the DMZ Zone but not vice versa!But you want to do it now and there fore there are three way you could go;
- Like John was suggesting set up an AP behind the pfSense as well.
- don´t create a double NAT, go with only one NAT doing device
- Open at the pfsense Ports and forward them to the internal LAN behind the pfSense,
but then the pfSense makes no sense anymore in my eyes!
-
So, as mentioned by Darkneo and others, the only way to do this would be to DMZ my bell modem/router/AP/POS.
Well time to shell out for a switch + AP I guess!
Thanks guys!
-
Good opportunity to get nice smart/managed switch and real AP that supports vlans - the new unifi AC line is really very reasonable..
