pfSense Gold Subscription

Author Topic: HOW TO - EASY (wireless) bridge configuration in 2.0  (Read 108546 times)

0 Members and 1 Guest are viewing this topic.

Offline gnhb

  • Full Member
  • ***
  • Posts: 207
  • Karma: +2/-0
    • View Profile
HOW TO - EASY (wireless) bridge configuration in 2.0
« on: November 29, 2009, 05:21:18 am »
------------------- Updated May 2, 2010 ----------------
SKIP DOWN to my next POST to see step by step instructions

Hello All,

I read this post http://forum.pfsense.org/index.php/topic,12101.0.html titled "wireless not giving IP when bridged with LAN" and it took me a long time to figure out how to implement it on my box, so I offer this clarification.

I'm running 2.0-ALPHA-ALPHA-nanobsd built on Sept 15th, 2009 on an ALIX 2D3 board.

I have attached below an image of my "interfaces assign" page from the web GUI. This setup defines OPT1 (renamed WLAN) as my wireless interface, OPT2 as one of my 10/100 interfaces.
The bridge interface includes OPT1 and OPT2.
I didn't have to create ANY new firewall rules for this to operate smoothly. Clients on the wired LAN or WLAN can get to the internet and can get to each other.

The second image is from the System => Advanced => System Tunables page.
The DHCP server setting are unchanged from the default settings (running on the LAN interface.)

GNB

« Last Edit: May 02, 2010, 08:13:05 am by gnhb »

Offline grantemsley

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: HOW TO - recommended wireless configuration in 2.0
« Reply #1 on: April 30, 2010, 02:59:12 pm »
I've been trying to duplicate this for most of the day.
Following your instructions, I was able to get DHCP addresses from both the wifi and lan, however neither could connect to anything - they couldn't even ping the pfsense box.

Does this still work on the latest (as of yesterday) beta?

Offline gnhb

  • Full Member
  • ***
  • Posts: 207
  • Karma: +2/-0
    • View Profile
Re: HOW TO - recommended wireless configuration in 2.0
« Reply #2 on: May 02, 2010, 08:10:07 am »
Hi,

Yes, it still works. I'm on a snapshot from April 18th. I'll be testing the May 1st 2G Nano snapshot in the next hour.

Here's the procedure I use to create the bridge interface and assign it to the LAN port. This procedure doesn't cause you to loose connectivity to the GUI or have to monkey around with assigning IP addresses to other ports temporarily.

Assume we're starting with these interface definitions:
WAN -> fx0
LAN -> fx1
OPT1 -> ath0
Also, assume that the DHCP server is already enabled on the LAN interface and is running.

1. On Interfaces Assign page create another OPT interface called OPT2 (create more than one if you want to bridge physical ports too - we'll call any additional ports OPTx.)
2. Assign a physical port or a vlan port, or a PPP port to OPT2 just as a place holder.
2a. Assign physical ports to the other OPTx interfaces you've created.
3. Go to the Interfaces -> OPT2 page and click the "Enable" checkbox. (Repeat for all OPTx interfaces.)
4. Go to the Interfaces -> (assign) page and click on the "Bridge" tab.
5. Select OPT1, OPT2, OPTx (if you created additional ports for the bridge) to be members of the bridge interface and Save.
6. Go to Interfaces -> (assign) page again and select "BRIDGE0" for the LAN interface, and select the fx1 port (formerly assigned to LAN) for the OPT2 interface and Save.

Now we have these interface definitions.
WAN -> fx0
LAN -> BRIDGE0
OPT1 -> ath0
OPT2 -> fx1
OPTx -> <whatever else you want>

7. Go to the System -> Advanced -> System Tunables page and make it look like the pic I posted earlier.

No loss of connectivity to the GUI or the router will occur during this procedure.
You DON'T need ANY new firewall rules for this to operate smoothly.
Clients on the wired LAN or WLAN can get addresses from DHCP and can get to the internet (WAN) and can get to each other. (However, be sure to set up your wireless config properly. There is a checkbox in wireless config that allows or prevents wireless clients from seeing each other.)

Hope it works for you.

GB
« Last Edit: May 02, 2010, 08:19:29 am by gnhb »

Offline grantemsley

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #3 on: May 03, 2010, 09:58:54 am »
Thank you so much for posting this.  I got it working following those instructions.

Offline Efonne

  • Hero Member
  • *****
  • Posts: 627
  • Karma: +2/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #4 on: May 03, 2010, 05:57:44 pm »
Just wanted to note that if you have an extra interface that you are keeping out of the bridge, the bridge configuration is easier if you access the web GUI over that interface instead of accessing it over an interface you are going to put into the bridge.  This way there is no chance you will lose access to the web GUI before you finish the configuration.

Offline spiritbreaker

  • Full Member
  • ***
  • Posts: 102
  • Karma: +1/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #5 on: June 23, 2010, 11:56:44 am »
Hi,

thx about ur little Tutorial.

According to ur system tuneable settings...u need only to set Spanning tree on LAN interface or
 u still need to set it on Memberinterfaces or all Members and LAN (bridge0)?

Cya
Pfsense running at 11 Locations
-mobile OPENVPN and IPSEC
-multiwan failover
-filtering proxy(squidguard) in bridgemode with ntop monitoring

Offline danswartz

  • Hero Member
  • *****
  • Posts: 1168
  • Karma: +1/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #6 on: June 24, 2010, 07:53:04 am »
I would be surprised if spanning tree needs to be on - usually it is a mistake to have it on in most configurations, as it can slow down how long ports take to be usable, for no gain.

Offline Rick164

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #7 on: June 27, 2010, 05:44:01 am »
How does one get traffic shaping to work on both LAN and WiFi?
Because you can only make a shaping config for LAN and WiFi seperately and not the wireless bridge(Bridge0 for instance), this results in them getting seperate queues which means line saturation/usage is not shared between those 2.
« Last Edit: June 27, 2010, 05:45:41 am by Rick164 »

Offline jrussell05

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #8 on: August 07, 2010, 03:14:54 pm »
Followed this tutorial.  I have 4 Lan ports bridged to LAN.

I can access the internet from all of my devices connected to the ports and I can access each device from the WAN.  However, the devices can't talk to each other.  I have even tried adding firewall rules to each of the individual interfaces.

Any suggestions.


Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5240
  • Karma: +11/-1
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #9 on: September 30, 2010, 05:13:27 pm »
Followed this tutorial.  I have 4 Lan ports bridged to LAN.

. . .
If this is still an issue I suggest you start a new topic. I suspect it might have got lost in the sticky topic with wireless in the title. I usually don't even look at the sticky topics because they don't tend to change much.

Offline Efonne

  • Hero Member
  • *****
  • Posts: 627
  • Karma: +2/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #10 on: November 01, 2010, 10:36:24 pm »
I just wanted to add a note that for this type of bridge configuration, sometimes it is useful to assign a MAC address to the bridge interface.  Normally it just gets a random MAC, but this behavior will cause some client systems to notify that you are connecting to a new network or router every time it gets a new random MAC (each time you boot up the router), potentially requiring some kind of firewall setup steps for the new network.  Setting a fixed MAC address on the bridge interface resolves this (MAC address on bridge members is ignored in the type of setup this topic is about).

Offline Bai Shen

  • Full Member
  • ***
  • Posts: 220
  • Karma: +1/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #11 on: February 04, 2011, 11:39:52 am »
I just tried this, and it hung at step 6.  I had to use the local console to reset my interfaces.

Also, I don't see a picture showing the Advanced changes that need to be made.

Offline romainp

  • Full Member
  • ***
  • Posts: 133
  • Karma: +6/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #12 on: February 28, 2011, 08:37:44 am »
Hi,
I have tried that setup with some differences and can't make it work...
My goal is to:
- have a wireless with a vlan tag (not the wifi interface but with a bridge based on the lan interface)
- have a dhcp server for the wifi network

For what I understand, I need to

LAN -> BRIDGE0 -> vlan100 on em1 -> em1
                      -> em2 (the phy interface exist but will not be used, just for the bridge to work)

dhcp enable on LAN

and

WIFI -> BRIDGE1 -> vlan200 en em1 -> em1
                       -> ath0

dhcp on WIFI interface

Does this make sense? Any advices to make this setup work?

Thanks


Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5240
  • Karma: +11/-1
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #13 on: March 01, 2011, 02:30:46 am »
My goal is to:
- have a wireless with a vlan tag (not the wifi interface but with a bridge based on the lan interface)
If I recall correctly this is not supported: I don't think FreeBSD supports VLANs on any wireless interface. (Feel free to check the FreeBSD vlan man page.)

In pfSense 2.0 there is support for multiple wireless networks on a single physical interface, provided the interface driver supports that. (Some drivers do support it and some don't.)

What are you trying to accomplish by this combination?

Offline romainp

  • Full Member
  • ***
  • Posts: 133
  • Karma: +6/-0
    • View Profile
Re: HOW TO - EASY (wireless) bridge configuration in 2.0
« Reply #14 on: March 01, 2011, 03:24:31 pm »
In fact I do not try to tag the wifi ath0 interface but tag the lan interface and use it with a bridge to have my wifi tagged this way. I managed to make it works with 1.2.3 but I can't in RC1.
My goal is to
- tag with a vlan my lan and wifi traffic and have a dhcp server that deliver ips for the wifi and lan network with differents addresses.

Hope it's clearer.