Solved Failing to route from wireless AP

[semi-ambivalent]

I was running a WAP from a Ralink PCI card. It worked fine except the signal was weak/spotty because the machine was in the basement. So I replaced the PCI WAP with an Intel network card and cabled that to a D-Link DAP-2330 upstairs. The signal is great now and I can see (tcpdump) traffic when I go to a site on my phone but nothing comes back in.

The interfaces are:
em0 - 192.168.1.2: Goes to the router and then internet. Works fine.
em1 - 192.168.100.1: Internal network. Reaches internet fine with current pf.conf.
em2 - 172.22.22.1: goes to the WAP at 172.22.22.254. Should have no contact with the internal network.

I set the WAP's default route to the system's router, just like the internal network. Should it actually be 172.22.22.1? Then I just need a rule to pass from 172.22.22.0 to 192.168.1.0 and keep the state. I'll try altering the 172. default route after I post this.

Thanks for any help,
s-a

 

[John Watson]

Can you ping to router and external internet addresses from your phone?

 

[semi-ambivalent]

Can you ping to router and external internet addresses from your phone?

Thanks for the reply John.
I don't have a terminal on my phone but there is a laptop here and I'll use its wireless in a bit. If I run pf wide open things work so it looks like the network layer is OK, it's just pf rules to figure out. Got to step away now but wanted you to know I saw your post.
thx,
s-a

 

[semi-ambivalent]

This is solved. I had a rule to pass traffic from $air_if to $ext_if but not the other way. I was thinking that 'keep state' handled that but that appears to be in effect only for in and out on one interface, not across two. My pf.conf isn't pretty but the logic looks OK, just clean-up now and another look at my copy of Hansteen's book.