Here is the graphic:
+-----+ +----------+ +-----+
| | | | | ~
| ISP | <-> | m0n0wall | <-> | LAN ~
| | | | | ~
+-----+ +----------+ +-----+
10.0.0.1
+-----+ +----------+ +-----+
~ | | soekris | | |
~ LAN | <-> | 4801 w/ | <~~> | T42 | via 802.11g
~ | | pfSense | | |
+-----+ +----------+ +-----+
^ 10.0.0.33 10.0.0.34
|
v
+----------+
| |
| desktop |
| |
+----------+
10.0.0.11
The LAN is split across two lines for readability (I hope).
All the above boxes (save for the ISP) are FreeBSD boxes.
On the Soekris 4810 (running pfSense 1.2.1) the only wire
attached is the LAN ethernet (sis0) which is attached to
my local LAN (along the the FreeBSD desktop as shown).
The connection to the wireless laptop (T42) is via 802.11g
(OPT2 which is ath0) and everything works except the most
important thing - I can't get packets through the Soekris. :-(
That is to say, from my desktop, I can administer pfSense
using HTTP and/or ssh(1) just fine. The T42 associates
just fine now with the 4801 and is assigned a static IP
address as shown. I can ping the T42 from the 4801 and
vice versa. I can ping the T42 from my desktop and vice
versa. From my desktop I can ping my m0n0wall gateway
just fine. But from the T42 I cannot ping the m0n0wall
gateway. From the Soekris box, using either ssh(1) or
the GUI, I can NOT ping the m0n0wall gateway either.
Nor can I ping any public IP address from either the T42
or the Soekris 4801 likely due to the failure to ping my
m0n0wall gateway.
It is as though something is missing in pfSense to let
the packets flow. The pfSense LAN (sis0) interface is
bridged to the OPT2 (ath0) interface, and vice versa.
There are wide open firewall rules on both interfaces:
LAN Proto Source Port Destination Port Gateway
* * * * * *
OPT2 Proto Source Port Destination Port Gateway
* * * * * *
I get 100% packet loss when trying to ping my m0n0wall
gateway from withing pfsense even when both rules are
changed to this:
Proto Source Port Destination Port Gateway
* * * * * 10.0.0.1
I am missing something fundamental about firewall filtering
or routing or bridging. This setup is very close to working
(as an access point) for me, but I can't figure out how to
make packets flow the way I thought they would be flowing.
I have entered two DNS server IP addresses and my gateway's
IP address to the advanced (or system) setup pages in pfSense.
I can see the DNS server addresses in /etc/resolv.conf when
I ssh(1) into the Soekris 4801. I do notice that there is
no static route for IPv4 when I run "netstat -nr" while there.
If I manually issue "route add default 10.0.0.1", I see the
change in the "netstat -nr" output, but no difference in the
results of "ping 10.0.0.1" (which is 100% loss).
Any pointers or suggestions would be appreciated. Is there
a better way to turn the OPT2 (ath0) interface into an access
point (hostap) that is more straightforward than what I have?
Regards,
web...
--
William Bulley Email: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
