According to Tim Nelson <[email protected]> on Thu, 01/08/09 at 11:22:
>
> I don't have the previous messages quickly available but IIRC you're
> running DHCP on your OPT interface which is bridged. IIRC, DHCP on
> a bridged interface does not work?
Yes, I have OPT2 (ath0) on the 4801 bridged to the LAN (sis0) on the 4801.
I had no idea that DHCP on a bridged interface would not work, sigh... :-(
But thinking about it now, it does make a bit of sense. Wish I could
have set up static IP addresses on the wireless client end - that was
my original plan.
I enabled the DHCP server in pfSense (unlike the URL wireless access point
example configuration I mentioned in a reply) since I don't have a DHCP
server running on my local LAN (although I could easily set one up - this
is FreeBSD after all!) :-)
The reason I used this configuration was because it was easier for
my testing since I didn't know how (have never set up) to configure a
FreeBSD (or Linux for that matter) wireless client using a static IP
address. For my testing on the T42 client, I first tried:
ifconfig_ath0="WPA DHCP"
and let it go with that. Today I can associate with the 4801 using:
ifconfig_ath0="WPA DHCP media 11g"
So, I changed that to this:
ifconfig_ath0="WPA 10.0.0.34 media 11g"
in order to test your suggestion of static IP address configuration,
but I am not sure that would have done it. In the last two examples
above I get a successful wireless association, but not route off the
wireless client. It was after this test that I found out that even a
local (to the 4801/pfSense) ping(8) test did not work. :-(
> > Recall I have the OPT2 interface bridged to the LAN interface. And
> > I have these (and only these) firewall rules on those two interfaces:
> >
> > OPT2:
> >
> > * * * * * *
> >
> > LAN:
> >
> > * LAN net * * * *
>
> Change that 'LAN net' to a * as well. Just some minor stabbing in the dark
> here...
Okay. That is an easy change to make (and to test).
> So in the web interface there is nothing configured at all for the WAN?
Yes, that is correct. It is unused in this (access point only) application.
> Since you're simply using this device as a bridge, you should not
> need to worry about the routing tables. Only the traffic from the
> pfSense box itself will have routing problems, not the devices on
> the bridged interface. Also, it just occurred to me that you don't
> even need to be running DHCP on the pfSense box if it is in fact
> bridged. the DHCP server on your m0n0wall device will hand out DHCP
> happily to any of the bridged clients as well, assuming the firewall
> rules are setup propertly. :-)
I am simply using it as an access point (which according to the example
URL that I found on the pfSense wiki "AccessPoint2" also showed using
pfSense in this same bridging mode) which also happens to bridge the
LAN and the OPT2 interfaces.
True enough, except I am not running a DHCP server on the m0n0wall
gateway either. Like I said, I could easily set up a DHCP server on
my local LAN on a FreeBSD box, but since I use static IP addresses
in the RFC1918 non-routeable "net ten" address space, I have not had
the need to set up DHCP prior to this (wireless) test.
Ah, there's the rub: "...assuming the firewall rules are setup properly." :-)
> Flash is a nice presentation format but some of us don't like it
> either. Then again, you get what you pay for. :-) Boot up another
> box (Linux or Windoze) and redo the tutorial in a PDF or something
> similar. :-)
I don't know how to do that, or I would. The word "redo" above is a
problem for my lexical parser... ;^)
I have no Bill Gates' software anywhere. And I have no use for it.
> While not for the same reasons, I'm eagerly awaiting the book as
> well. pfSense is incredibly robust and having a nice "all-in-one"
> reference will be nice. Plus, it gives everyone a nice opportunity
> to support the project.
I'll second that. If I get this working, I may consider writing up
the steps I took, since it may be useful to the next guy... :-)
Regards,
web...
--
William Bulley Email: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
