HG612 & OPNSense Firewall
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: HG612 & OPNSense Firewall
Re: HG612 & OPNSense Firewall
18-01-2023 7:41 PM - edited 18-01-2023 7:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
There is one thing you learn very quickly with both pfSense and OPNsense, each and every time you make a configuration change make a backup! Believe me it makes life a hell of a lot easier! Diagnostics-Backup & Restore.
Re: HG612 & OPNSense Firewall
23-01-2023 9:11 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
HI
I need a little more guidance please
I have my OPNsense box with the PPPoE credentials connection and works fine and connected to LAN1.
I converted my wifi router R7800 DD-WRT into a WAP with guidance from the DD-WRT devs.
But when i pop it into my switch i get no wifi whatever i try.
But if i shove the wifi router in LAN of the modem everything is fine?
What am i doing wrong?
Re: HG612 & OPNSense Firewall
23-01-2023 9:18 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Sounds like the r7800 is still configured as a router and not a WAP.
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: HG612 & OPNSense Firewall
23-01-2023 9:25 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: HG612 & OPNSense Firewall
23-01-2023 9:26 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: HG612 & OPNSense Firewall
23-01-2023 9:32 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
When i say LAN i mean LAN2 port i still have OPNsense in LAN 1 on the modem
Re: HG612 & OPNSense Firewall
23-01-2023 9:41 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: HG612 & OPNSense Firewall
23-01-2023 9:44 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Modem (Internet) - OPNSense (Dual Nic) - Switch or Hub and then your WAP?
Re: HG612 & OPNSense Firewall
23-01-2023 9:56 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
HI
I was under the impression with LAN & WAN being in OPNsesne it controls the issue of IP addresses it is the master DNS server otherwise you would have 2 ?
Re: HG612 & OPNSense Firewall
23-01-2023 10:01 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Basically I have segregated the Pfsense and Mesh WAP from eachother so they work in harmony.
Re: HG612 & OPNSense Firewall
23-01-2023 10:04 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@OsoPolar well you certainly don't want gateway mode!
According to this https://wiki.dd-wrt.com/wiki/index.php/Wireless_Access_Point it should be in router mode with WAN and dhcp disabled
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: HG612 & OPNSense Firewall
23-01-2023 10:52 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
HI
Yes i was aware of this but from a senior Dev on DD-WRT i received this message
There is a wiki: https://wiki.dd-wrt.com/wiki/index.php/Wireless_access_point But IMHO opinion that is somewhat flawed. I do it like this: Wireless Access Point (WAP): A secondary router connected wired LAN<>LAN on the same subnet as the primary router. On Basic Setup page: • On Basic Setup page: o WAN disabled o DHCP server Disabled (=off and NOT set as Forwarder!) o Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates. o Gateway and Local DNS pointing to primary router • Keep DNSMasq enabled (both on Basic Setup page and Services page) • On Setup > Advanced Routing, keep Operating mode in the default Gateway (the wiki says Router mode but do not do that, either it does not matter (this case) or break things) • On Security > Firewall keep the SPI Firewall enabled, although you do not want a firewall it will be automatically disabled as there is no WAN so no need to change this setting form default. • Connect LAN <> LAN (do not use the WAN port unless you really need that extra port, for most routers traffic still must use the CPU so performance is lacklustre and there are some routers where the WAN port is not added to the br0 so the WAN port could be non-functional on some routers). Note: for Broadcom routers for best throughput enable CTF on Basic Setup Page You have to add the following rule to the firewall in order to get internet access from clients attached to a VAP/Bridge on your WAP. In the web-interface of the router (the WAP): Administration > Commands save Firewall: #Always necessary (alternatively set static route on main router and NAT traffic from VAP/Bridge out via WAN): iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr) If you want to only have the VAP/bridge to have internet access and not access to the rest of the network #Replace with the appropriate interface of your VAP, e.g. wl0.1, wlan0.1 etc: GUEST_IF="wlan1.1" #Net Isolation does not work on a WAP so keep it disabled, add for isolating VAP from main network: iptables -I FORWARD -i $GUEST_IF -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -m state --state NEW -j REJECT #For isolating the WAP itself from the VAP/bridge: iptables -I INPUT -i $GUEST_IF -m state --state NEW -j REJECT iptables -I INPUT -i $GUEST_IF -p udp --dport 67 -j ACCEPT iptables -I INPUT -i $GUEST_IF -p udp --dport 53 -j ACCEPT iptables -I INPUT -i $GUEST_IF -p tcp --dport 53 -j ACCEPT
Re: HG612 & OPNSense Firewall
23-01-2023 11:31 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@OsoPolar as long as you are connecting LAN to LAN then it shouldn't matter. It should basically be , allocate it an ip in the main router subnet and disable dhcp and wan
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: HG612 & OPNSense Firewall
23-01-2023 12:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
SO you saying i should try it in modem mode?
Re: HG612 & OPNSense Firewall
23-01-2023 12:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It ( r7800) doesn't have a modem mode.
Connect the r7800 via one of its lan ports to a lan port on the opnsense. Disable dhcp on the r7800.
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: HG612 & OPNSense Firewall