Broadband Tech > Networking > DHCP on Tomato can't see pfSense and wise versa?

DHCP on Tomato can't see pfSense and wise versa?

I still have not found the solution for this.
Maybe my initial post is to confusing but all I want to do is
Able to access other network shares while DHCP is turned on tomato router.

Can you draw a diagram of your network, how these two routers are connected.

reply to JohnnyBeGood
And why you are trying to use two routers,
and what type of internet connection you have,
and is it provided by a modem or a router/modem combination?

reply to toby

you could, or just scribble it in paintbrush.

reply to toby

Network Diagram

reply to billaustin

reply to JohnnyBeGood
We may need to know that the Asus gets an IP address from pfSense in the 192.168.1.X range.

pfSense will need to know that the way to the 192.168.2.X subnet is via the 192.168.1.X Tomato interface. This is normally done using static routes.

I have no specific experience with pfSense or Tomato, so I can't recommend menu specifics.

kirby

reply to JohnnyBeGood

overview

basic network

reply to JohnnyBeGood
If you are going to use two routers, you want the bandwidth limiter to be effective, and you want the PC's to see each other, then you need to change the way things are connected.

The WAN port on the pfSense box should be connected to the modem. It should be getting a public IP from the ISP. Either DHCP or Static, depending on what you are paying for.

I would set the pfSense LAN address to 192.168.2.1 with the DHCP server on and the pool from .101 to .110 (depending on how many devices you will need here).

The WAN address on the Tomato Router should be set for DHCP (or Automatic). The LAN port on the pfSense box should be connected to the WAN port on the Tomato Router.

I would set the Tomato LAN address to 192.168.1.1 with the DHCP server on and the pool from .101 to .130 (depending on how many devices you will need here). All your devices needing internet access should be connected to the LAN side of the Tomato Router.

This configuration will make the pfSense the main router. It will make the bandwidth limiter on the Tomato router effective. It will allow all the PC's to see each other (printer and file sharing will work).

If you need to do port-forwarding for any devices, it will have to be done in both routers. On the pfSense box, it will need to be forwarded to the Tomato address. On the Tomato Router, it will need to be forwarded to the actual device.

reply to JohnnyBeGood

pfSense DHCP server

Set the main router LAN to a range that is not commonly used so it doesn't have to be changed in the future, and doesn't conflict with items connected downstream. Most routers default to 0.1 or 1.1 for the LAN. If you replace the Tomato Router in the future, or just reset to defaults, you avoid the issues with duplicated IP ranges.

You could also use one of the other available private ranges (like 10.0.0.1) for the pfSense LAN.

Starting with .101 instead of .100 is just a personal preference.

I just changed pfSense to 192.168.2.1 and tomato 192.168.1.1
and I can access pfSense (»192.168.2.1) from laptop but I can't access tomato (»192.168.1.1) from desktop.

Also, when on laptop I can't see desktop computer under "my network places". If I type \\192.168.2.100 I can see desktop share.

Then you don't have it connected the way I told you. ALL devices needing internet access should be connected to the LAN side of the Tomato Router. You have the desktop connected to the LAN side of the pfSense box, where ONLY the Tomato Router should be connected.

What exactly is your goal? If you want the PC's to see each other, they need to be in the same subnet.

When I asked why you had two routers, you said you wanted to use the bandwidth limiter in the Tomato Router.

If you are just using the Tomato unit to provide wireless access, then configure it as an Access Point, not as a Router.

reply to JohnnyBeGood
I just saw this thread for the first time. I use pfsense and Tomato professionally, so I hope I can help.

I don't think it's entirely clear what you're trying to do, so let's start by clarifying your goals. You have a cable internet connection, two routers (pfsense and tomato), and a bunch of wired and wireless clients. You want the wireless clients to use tomato's traffic shaper, but not the wired clients. You want the wired and wireless clients to have free access to each other.

Right so far? Do you want free access between wired and wireless hosts, or just certain services, like windows file sharing? Do you want the access going both ways, or would you prefer that only the wired clients be accessible by the wireless and not vice-versa, for example?
--
db

reply to JohnnyBeGood
I just re-read this thread and I'm pretty sure I understand what you're asking.

As billaustin said, the pfsense LAN and tomato LAN need to be in non-overlapping subnets. Tomato's WAN needs to be on the same subnet as pfsense's LAN, and use pfsense as its default gateway. The easiest way to do this is to set Tomato's WAN to dhcp. So for example:

pfsense
WAN: dhcp
LAN: 192.168.1.1/24
dhcp server enabled

tomato
WAN: dhcp
LAN: 192.168.2.1/24
dhcp server enabled

If you only do that, then your setup will enable you to browse wired shares from wireless hosts. If that's your goal, then you could stop here.

However, with the above setup, wired hosts won't have access to wireless hosts or shares because tomato is acting as a NAT firewall, preventing access in that direction. The other potential problem is that you have a double NAT for the wireless hosts, which can make troubleshooting difficult. If you want to change that, you have to do the following:

In tomato, under Advanced>Routing, change mode from Gateway to Router. Hit the save button. This tells Tomato to route between WAN and LAN without doing address translation, so the second NAT in your network is eliminated.

The problem now is that pfsense doesn't know where 192.168.1.0/24 is, so let's tell it:

In pfsense, go to Services>DHCP Server or Status>DHCP Leases and create a dhcp reservation for tomato, ensuring that it always gets the same WAN IP address.

Now in pfsense go to System>Routing and create a new gateway as follows:

Interface: LAN
Name: whatever you want to name it. "Tomato" is probably a good choice.
Gateway: enter Tomato's WAN IP address. hint: this is the same address that you just created a reservation for.
Hit Save.

Now click on the Routes tab (still under System>Routing). Create a new route as follows:

Destination Network: 192.168.1.0/24 (this must match the LAN subnet of Tomato)
Gateway: Choose the gateway you just created, ie "Tomato".
Description: as you like
Hit save.
Hit "Apply Changes" button if it appears.

Now pfsense knows where to find the wireless hosts, but the wired hosts do not. So at this point if a wired host wants to send a packet to a wireless host, 192.168.1.100 for example, it will foward the packet via its default route, pfsense. If I'm not mistaken, pfsense will reply with a special ICMP packet to tell the wired host that the destination host, ie, 192.168.1.100, can be reached via the gateway of 192.168.2.100 (or whatever Tomato's WAN address happens to be). The wired host then re-sends its packet to Tomato for delivery to 192.168.1.100.

If I'm wrong about the last part, or if you want to skip the added traffic and latency of having to involve pfsense every time a wired host wants to send a packet to a wireless host, then you need to add a static route to your wired hosts, so that they know that Tomato is the gateway to the wireless network.

This is done on a Windows box thus:

Open a command prompt (as an administrator if on Vista or 7)

route -p add 192.168.1.0 mask 255.255.255.0 192.168.2.100