IPV4 network question
-
The low down is this, and I am not too sure how to proceed with it. I have a Ubiquity 2.4 Ghz connection to Comcast line of site at the building, I then have another wireless Ubiquity connection from that building to my house, my house is not in line of site with the Comcast connection, hence the other building. I still need to keep access to the Ubiquitys built in webpage, changing the range would be a pain to access the built in webserver…. at lease past experiences would dictate to me.
I am not a guru with networking, I am not a guru with PFSence, I find my way around it all ok and read some good information on here. Routing for me is a pain, but I will try and find a way to make it work while being as simple as possible.
I know this is making you scratch your head, and I am sorry for that. I will attempt again to put it on a different network and work on the routing side of it...
I appreciate your time and efforts to help me fix this weird issue.
-
dude what filtering do you want to put in place? What firewall rules? What do you want to block something in building 1 or 2 from accessing in the other building?? If you can not think of any firewall rules.. Then just connect it your switch and then they are all on the same network and you can access whatever webpage you want to access.
Seem to me your just looking to make this complicated.. If you do not know how you want to filter, and you believe its easier when on same network. Then connect it to your switch. If you know what to filter and don't want stuff talking to other stuff unless you say its ok via the firewall then route.
If you have some need that you can actually articulate that they need to be on the same broadcast domain, yet be able to filter traffic between the buildings where host in building 1 can not talk to host in building 2 on ports xyz, but host 2 needs to talk to building 1 host 2 on ports XYZ.. Then sure setup a bridge.
But it sure sounds to me that this all becomes really simple if you just connect it to your switch..
-
I see what you are saying, I just like to keep wireless items separate because I know it is hackable. How to filter? I am not sure what to filter to tell you the truth, but using the Ubiquity as a gateway to the internet, I just wanted something more secure than the built in options on the Ubiquity..
You're right, this is too complex or I am making it more complex. I should just bridge the first ubiquity to Comcast, set the two on another network and bring in the second Ubiquity as a Wan of sorts into the other port and route.
There is nothing in the other building that needs access to my network, not at this time. The other building is just being used as a hop of sorts, so filtering would be done just like my DSL bridge, but without bridging at PFSense.
I presume that would work?
I know this is a weird setup, but this is the only way I can get Comcast and dump my slow DSL, being located where I am does not give me good line of sight from this location to the Comcast WiFi access point several miles from my home.
-
there is nothing weird about it.. And why would you make it another wan??
So you don't want this wireless network talking to your other network?? Then create a new network.. Pfsense will auto route between them.. And you can allow or block whatever traffic you want..
Does not matter if the network is in the same building, or building a block over..
-
Sweet, I appreciate your feedback. Going to work on it now!
-
This really is 10 seconds of work… Add opt interface assign to whatever phsyical port you want to use.. Give it a IP in your network you want to use lets say 192.168.1.0/24 Create firewall rules, I would most likely start with any any.. Enable dhcp on this interface if you want..
Once you have everything working on that network you can fancy with the firewall rules if you so desire.
-
Having no luck with this… lol.
I set a static IP on the Ubiquity that I need to access, 192.168.1.232, my adapter is on 192.168.1.1. Created rule on the interface using "all", can ping the interface from my 192.168.0.8 machine, can't ping the 192.168.1.232 device.
Any ideas what I am missing?
No static routes, no gateway on the adapter.
-
Has to be a routing issue, I can ping from the box to 192.168.1.232 and it is fine, from the box again, ping and selecting the adapter, I can ping google.com and any other site.
-
ARP table shows the devices and macs, route table also shows the ip's… Not sure what the issue is..
-
"Has to be a routing issue"
How is it a routing issue if you can not ping from pfsense that you gave 192.168.1.1/24 and connected to this other device that is also on 192.168.1.0/24 with a 192.168.1.232 address
Where you you seeing the mac address? And what is you rule - you sure you didn't create an any any rule for tcp only?
How are they connected together?
-
Sorry, should of said. Routing between the 192.168.0.0/24 network and the 192.168.1.0/24 network. I can ping using PFSense ping option, selecting the adapter for the 192.168.1.0/24 network.
ARP table within PFSense shows the 192.168.1.1 adapter and the mac, it also shows the 192.168.1.232 device and its mac. Also all the other networks and downstream devices IPs and macs.
Connection to the device is direct ethernet cable. I set up a basic rule IPV4* * * * * * none. All protocols, all sources, all ports, all gateways, no queue.
I also tried the above and adding the source lan3 net and a destination of lan2 net and vice versa with no luck.
None of the lan adapters have any gateways associated with them, just to be clear on that.
I can do some screenshots if it will help, please let me know what you want to look at, and I will provide the information for you..
Appreciate it again.
-
Anyone? My billing cycle is coming up and I really do not want to pay another Dime to Frontier…. lol
-
I have made a new topic, with less pollution and screen captures… I placed it in the correct forum, so I will lock this and you can find it here... https://forum.pfsense.org/index.php?topic=111286.0
