Cannot access AP web ui
-
@nopfsense what interface is the 11.0/24 network on?
and 22.0/24?
what are the Firewall rules for each network?
-
@nopfsense said in Cannot access AP web ui:
I can't get to 192.168.22.1 pfsense webgui on the AP_01 interface. Whilst connected to 192.168.22.53
What are the 192.168.22.1 ( AP_01 ?) firewall rules ?
-
@nopfsense said in Cannot access AP web ui:
I have tried adding the AP under DHCP static mapping for this interface under The DHCP server for the AP interface, his that what you mean?
Not need as the AP will never initiate a DHCP request : it has a static IP set up.
But the DHCP static mapping on pfSense is still useful, as you now have a host name for your AP, and you can use this name instead the IPv4.Btw : your LAN firewall rules are fine, it's not the LAN firewall that blocks you from accessing the AP on 192.168.22.2 from LAN.
IPv6 (rule) is not needed if you do not use IPv6. -
@gertjan Ok, good to know, thanks, so it's the AP_01 rules that block access to the AP? But the rules look ok? So why can't i access the AP from the LAN?
-
-
@nopfsense said in Cannot access AP web ui:
so it's the AP_01 rules that block access to the AP?
No. Never.
Read Docs » pfSense
software » Firewallthis is the important word :
"enters" means : traffic going into the pfSense device.
So, all traffic coming into (like entering) is filtered by the firewall.
When you initiate a connection from a device on your LAN interface, and you want to connect to a device on some other local (or remote !) , like AP_01 interface, the traggic enters the LAN interface, and is filtered by the firewall.
Then, the traffic is 'in' pfSense, and pfSense is a router and knows that the traffic destinated for 192.168.22.x/24 has to be placed on the AP_01 interface to reach a device on the 192.168.22.x network.
When doing so, your traffic is only filtered by one interface, the LAN interface, using the LAN firewall rule set.
And not the AP_01 firewall rule set, because, again, only incoming traffic is filtered, not outgoing traffic.Of course, the AP will send info back. You could say : that's incoming traffic for the interface AP_01 !?
Noop.
You are now very close to discover what a state-full firewall actually is, as explained on the page mentioned above.There is an exception : read ```
https://docs.netgate.com/pfsense/en/latest/firewall/floating-rules.html but don't worry : write it on the wall : "Whatever happens, never ever use floating rules set" and you will be fine ;) -
@gertjan Ok, thanks i had a read and I'm not sure if I'm any closer to finding the answer, on other forums they suggest that local firewalls should be disabled, which they are, windows Defender is off for domain and local.
I've factory defaulted the pfsense box, now LAN is on 192 168.10.1
Wide open rule on interface AP_001
Can ping 192.168.10.1
But something in my view strange is happening when i ping 192.168.22.1
I get a reply from 192.168.1.24 that it's unreachable. That's odd? There is no interface with with that address range. On the pc or the pfsense box.
Is this a clue?
-
@nopfsense unreachable normally means there was no answer to the arp.
example if I ping some IP that doesn't exisit.
You can see that my machine was arping for that - but got no response
You can not arp for stuff that is not on your same local network.. You pinging a IP outside your network would be sent to your router (default gateway, pfsense)..
-
@nopfsense said in Cannot access AP web ui:
I've factory defaulted the pfsense box, now LAN is on 192 168.10.1
Not a real issue, but after a reset LAN would be 192.168.1.1/24.
Screenshot the settings of your LAN and AP_01 interface settings please.
Both have a /24, right ?
Both have an empty = "None" here:
Right ?
Who is 192.168.1.24 ?
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@gertjan yeah who is 192.168.1.24? And why is he answering at all, if on the 192.168.10 network??
I would think maybe you have multiple networks on the same actual L2?
-
-
@nopfsense and what exactly are those interfaces plugged into?
What is this 192.168.1.24 device?
-
@johnpoz hi, there is nothing connected to WAN a win10 pc laptop is connected to the LAN 10.10 and the AP to AP01 22.2 that's all. laptop wifi is turned off. So i do not know what this 192.168.1.24 is. The laptop is receiving the 10.10 ip from pfsense. 1.24 doesnt show in the ARP Table settings on the laptop or the pfsense.
-
@johnpoz ok, so a ping to 192,168.22.1 or 22 from 192.168.10.10 would go to 192.168.10.1, and then should be forwarded to 192.168.22.2 as both networks/interfaces have allow all protocols rules?
Or am i incorrect?
-
@nopfsense so your saying your windows 10 pc plugs directly into lan interface on pfsense - there is no switch between. Its IP is 192.168.10.10
And you try and ping 192.168.22.1 and you get back a reply from 192.168.1.24??
Lets see ifconfig output on pfsense. Or the status interface page in the gui.
What your saying it really just impossible. So clearly there huge amount of pieces missing from this puzzle.
Did you setup a VIP on pfsense? I see a wireguard interface on pfsense - what is that IP? Something thinks its IP is 192.168.1.24
-
@johnpoz the wireguard was before i wiped the pfsense box.
Now:
If i ping 24.1 it responds
Forgive me it took a moment for me to think of but it's too hot here, there's a heatwave going on, I disconnected the LAN from the pc and can still ping 1.24, so it's on the laptop, so i disabled the network card and can still ping it, so i have noooooo idea what's going on. Any ideas? -
@nopfsense does your laptop have wireless card? Does your laptop have vm software installed?
On your laptop do an ipconfig /all from a cmd prompt
Does the laptop have any vpn software installed?
-
@johnpoz The wireless card is off and there is very little installed on this pc, no vmware
I rebooted in to safe mode with networking reinitiated the n/wcard and it disappeared, it has stayed gone on ordinary reboot.
But i still can't get to the 22.x network :(
Also plugging the pc in to the AP 22.x interface i can't ping 192.168.10.1 even though the rules should allow it.
I don't have another pc here to test if it's a pc issue. I'll be able to try in a few days.
-
@nopfsense that machine is not pinging anything, general failure on that pc is not anything to do with pfsense.
-
@johnpoz hi, i finally got hold of another laptop, plugged it in and it worked as it should. No problems, as you suspected the problem was with the other laptop. The weird thing is that when i plugged in the original laptop it also works fine now. No sign that there was ever a problem. I'm mystified, all the same cables. Just 4 days of inexplicable headache. I've rebooted and wiggled cables and can't replicate the problem, so unless it returns I have to guess that the problem, whatever it was is gone. So I say thanks to everybody that spent the time to give advice.
