Netgate SG-1000 microFirewall

Author Topic: WI-Fi extender without internet  (Read 346 times)

0 Members and 1 Guest are viewing this topic.

Offline xplozia

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
WI-Fi extender without internet
« on: December 17, 2017, 04:31:39 am »
I have a network, with an pfSense router, connected to an wireless router set like a switch, for wireless access. pfSense is my DHCP server, the DHCP from wireless router was disabled. In other floor I have an WI-Fi extender (Edimax N300). With 1 month ago, the internet connection on the second floor, worked fine. I don't remember what setting I maked on the pfSense router, because, now, the internet connection on the second floor, not working. The WI-Fi extender is fine, have IP in same class with pfSense. If I conect my computer, to WI-Fi extender, I receive IP in same class with pfSense, but internet connection not working and pfSense not responding to ping.
I'm sure, is a settings from pfSense, because I configurated the wireless router, for routing WAN connection,  and all is fine.
« Last Edit: December 17, 2017, 06:18:00 am by xplozia »

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2297
  • Karma: +173/-9
    • View Profile
Re: WI-Fi extender without internet
« Reply #1 on: December 17, 2017, 06:22:45 am »
...  have IP in same class with pfSense. If I conect my computer, to WI-Fi extender, I receive IP in same class with pfSense,
You received an IP, fine, your member of the LAN, but other IP's are also important.
I'll list them for you :
IP - you have it.
Gateway ?
DNS ?


edit : release the DHCP lease on your PC, and renew it?
Did you saw the corresponding DHCP lease log when checking the DHCP log in pSense ?
« Last Edit: December 17, 2017, 06:33:45 am by Gertjan »

Offline xplozia

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: WI-Fi extender without internet
« Reply #2 on: December 17, 2017, 08:38:55 am »
The pfSense router are set to give me the same IP.
My settings aftter I changed between extender and router:

WI-FI Extender:

   Connection-specific DNS Suffix  . : localdomain
   Description . . . . . . . . . . . : Qualcomm Atheros QCA9377 Wireless Network Adapter
   Physical Address. . . . . . . . . : 58-00-E3-92-65-57
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5565:7c25:1ade:4ce4%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.10.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, December 17, 2017 4:32:15 PM
   Lease Expires . . . . . . . . . . : Sunday, December 17, 2017 6:32:15 PM
   Default Gateway . . . . . . . . . : 192.168.10.1
   DHCP Server . . . . . . . . . . . : 192.168.10.1
   DHCPv6 IAID . . . . . . . . . . . : 156762339
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-1F-CB-73-A8-1E-84-34-DE-43
   DNS Servers . . . . . . . . . . . : 192.168.10.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

pfSense DHCP lease WI-FI Extender:

Dec 17 16:32:14   dhcpd      DHCPREQUEST for 192.168.10.100 from 58:00:e3:92:65:57 via ue0
Dec 17 16:32:14   dhcpd      DHCPACK on 192.168.10.100 to 58:00:e3:92:65:57 via ue0



Wireless router :

   Connection-specific DNS Suffix  . : localdomain
   Description . . . . . . . . . . . : Qualcomm Atheros QCA9377 Wireless Network Adapter
   Physical Address. . . . . . . . . : 58-00-E3-92-65-57
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5565:7c25:1ade:4ce4%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.10.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, December 17, 2017 4:33:14 PM
   Lease Expires . . . . . . . . . . : Sunday, December 17, 2017 6:33:13 PM
   Default Gateway . . . . . . . . . : 192.168.10.1
   DHCP Server . . . . . . . . . . . : 192.168.10.1
   DHCPv6 IAID . . . . . . . . . . . : 156762339
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-1F-CB-73-A8-1E-84-34-DE-43
   DNS Servers . . . . . . . . . . . : 192.168.10.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

pfSense DHCP lease Wireless router:
Dec 17 16:33:14   dhcpd      DHCPREQUEST for 192.168.10.100 from 58:00:e3:92:65:57 via ue0
Dec 17 16:33:14   dhcpd      DHCPACK on 192.168.10.100 to 58:00:e3:92:65:57 via ue0




Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2297
  • Karma: +173/-9
    • View Profile
Re: WI-Fi extender without internet
« Reply #3 on: December 17, 2017, 10:36:39 am »
The info you showed seems fine to me.

I and you know now that the the DHCP protocol (on port 68, UDP) works fine.

Now for the next tests:
Can you resolve ?
Easy test :
On your PC, ping to www.google.com.
At least, you should see this :
Code: [Select]
C:\Users\My-PC>ping www.google.com

Envoi d'une requête 'ping' sur www.google.com [2a00:1450:400b:c00::63] avec 32 o
ctets de données :
Réponse de 2a00:1450:400b:c00::63 : temps=98 ms
Réponse de 2a00:1450:400b:c00::63 : temps=65 ms
The first line show that resolving works for me. "ww/google.com" is "2a00:1450:400b:c00::63" - does it for you - did you get an IPv4 or IPv6 ?

Also : show us your firewall rules on your interface - LAN I presume.
If you have ANY rules, just test like this : delete them all - and the default "pass - all " will be used (if your interface IS LAN) - does your connection works then ?

Another test (very useful !) : when you connect your PC directly to pfSense, does your connection work ? (and if so, you know now where to look ...)

Offline xplozia

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: WI-Fi extender without internet
« Reply #4 on: December 17, 2017, 01:15:08 pm »
My ping to from WI-FI Extender:
C:\Users\Cristian>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 8.8.8.8:
    Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),

My ping from Wireless router:
C:\Users\Cristian>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=48ms TTL=57
Reply from 8.8.8.8: bytes=32 time=46ms TTL=57
Reply from 8.8.8.8: bytes=32 time=46ms TTL=57
Reply from 8.8.8.8: bytes=32 time=21ms TTL=57

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

The ping in google.com not working on WI-FI Extender but working on Wireless router
The Wireless router are directly connected to pfSense

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2297
  • Karma: +173/-9
    • View Profile
Re: WI-Fi extender without internet
« Reply #5 on: December 17, 2017, 02:41:46 pm »
My ping to from WI-FI Extender:
C:\Users\Cristian>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 8.8.8.8:
    Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),

My ping from Wireless router:
C:\Users\Cristian>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=48ms TTL=57
Reply from 8.8.8.8: bytes=32 time=46ms TTL=57
Reply from 8.8.8.8: bytes=32 time=46ms TTL=57
Reply from 8.8.8.8: bytes=32 time=21ms TTL=57

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
You are using an IP : 8.8.8.8 so resolving does NOT take place.
I said : www.google.com - not some IP.

The ping in google.com not working on WI-FI Extender but working on Wireless router
The Wireless router are directly connected to pfSense
As your already know by now : pfSense is ok, but the setup of one of the other devices isn't.

Btw, a wireless router should just be an AP and not a router - keeping these devices as router can complicate things. You don't want a "router after router" setup.

Offline xplozia

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: WI-Fi extender without internet
« Reply #6 on: December 18, 2017, 01:17:31 am »
The router are set like a switch. The LAN cable, form pfSense, are insert on LAN port of the wireless router. The WAN port are empty on Wireless router. The DHCP service are disabled on Wireless router.
I'm sure, is a settings from pfSense, because I configurated the wireless router, for routing WAN connection,  and all is fine with WI-FI Extender.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2297
  • Karma: +173/-9
    • View Profile
Re: WI-Fi extender without internet
« Reply #7 on: December 18, 2017, 02:03:49 am »
And what about the LAN firewall rules ?

Consider also packet capturing on pfSense on the LAN.
Disconnect / remove all device except one on the extender.
Activate the capturing, see what comes in, and gets out.
UDP port 68 works, as DHCP works.
Do you see the ICMP arrive ?
Other (TCP) ?


Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 430
  • Karma: +40/-0
    • View Profile
Re: WI-Fi extender without internet
« Reply #8 on: December 18, 2017, 06:56:45 am »
Do you have "Block private networks and loopback addresses" ticked if you do untick it.

Offline xplozia

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: WI-Fi extender without internet
« Reply #9 on: December 18, 2017, 07:58:53 am »
Do you have "Block private networks and loopback addresses" ticked if you do untick it.
Yes, are ticked

Offline xplozia

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: WI-Fi extender without internet
« Reply #10 on: December 18, 2017, 08:40:46 am »
And what about the LAN firewall rules ?

Consider also packet capturing on pfSense on the LAN.
Disconnect / remove all device except one on the extender.
Activate the capturing, see what comes in, and gets out.
UDP port 68 works, as DHCP works.
Do you see the ICMP arrive ?
Other (TCP) ?
Thanks!
I have set "DHCP Static Mappings" for few devices. I changed, IP for my phone, on pfSense, from192.x.x.102 to 192.x.x.111, and after connected my phone, to the wirelsess router I received 192.x.x.111 IP and the same IP when I connected my phone to WI-FI Extender.
I captured traffic for my phone and I have, where 192.168.10.1 is my pfSense:
For wireless router:
192.168.10.1.53:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
192.168.10.1.53:
169.60.79.74.5222:
185.60.218.170.443:
185.60.218.170.443:
185.60.218.170.443:
185.60.218.170.443:




For Extender:
192.168.10.1.53:
192.168.10.1.53:
157.240.9.170.443:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
157.240.9.170.443:
157.240.9.170.443:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
157.240.9.170.443:

In my Wi-FI extender you can see only 53 and 443 ports  :(

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 430
  • Karma: +40/-0
    • View Profile
Re: WI-Fi extender without internet
« Reply #11 on: December 18, 2017, 10:00:38 am »
Do you have "Block private networks and loopback addresses" ticked if you do untick it.
Yes, are ticked

If Block private networks and loopback addresses is ticked and your other device is using  rfc1918 address space pfSense will block it.

Untick it, rfc1918 address space is :-

10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)
« Last Edit: December 18, 2017, 10:03:55 am by NogBadTheBad »

Offline xplozia

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: WI-Fi extender without internet
« Reply #12 on: December 18, 2017, 10:25:26 am »
Do you have "Block private networks and loopback addresses" ticked if you do untick it.
Yes, are ticked

If Block private networks and loopback addresses is ticked and your other device is using  rfc1918 address space pfSense will block it.

Untick it, rfc1918 address space is :-

10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

I Untick it, but the problems persist. The extender shoult copy the router settings

Offline xplozia

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: WI-Fi extender without internet
« Reply #13 on: December 19, 2017, 11:37:52 am »
I'm out of other ideas. :(

Offline xplozia

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: WI-Fi extender without internet
« Reply #14 on: December 28, 2017, 08:54:58 am »
Problem solved!

 :D

I reinstalled the pfSense an I reconfigurated step by step. The problem was with "Create an ARP Table Static Entry for this MAC & IP Address pair." because I configurated static mapping for few devices. When I have checked on "Create an ARP Table Static Entry for this MAC & IP Address pair."  the connexion with WIFI extender not working. Without this check, all is fine.