Access webui need to open 443?
-
@nadvig23 LAN has an allow to any rule out of the box. If that was removed then yes a rule is needed for DNS and Internet. All Interfaces have a hidden deny all rule.
-
I have done no change yet
-
If the rules by default :
Firewall- rules - lan:
Default allow Lan to any ruleWill permit to my laptop from the Lan to go out well i can’t go out to internet
My laptop is 192.168.1.99 with gateway and dns 192.168.1.1
I have put this Mac addr and ip of this laptop in Dhcp server- static mapping…. -
@nadvig23 said in Access webui need to open 443?:
Webui - diagnostics- ping:
Yes !
Host 8.8.8.8
Source wanNo!
Host 8.8.8.8
Source LanI was working on a problem router today that I think has a bad WAN port. I reinstalled, and I had this behavior until I finished the setup wizard. I don't recall having to do that in the past.
You might reset to factory defaults and start over just to see.
-
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
hello i was in vacation....
i have bought Netgate sg-2100...it is really great! my network is working now!
just a question...can i plug the wifi router (netgear) in the LAN2 port of Netgate??
thanks -
@nadvig23 you can use any port. On the 2100 the 4 LAN ports are a switch.
-
Or if you want the WIFI AP on a different subnet so you can filter traffic differently you can set on the ports to be a discrete interface:
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.htmlSteve
-
@stephenw10
good idea i prefer to have the wifi on another subnet that the local network. i will folow this documentation, thanks! i have netgear wifi router, i will see how to set up this one too (probably that i need to put this one on static ip 192.168.100.1)? -
The netgear router/ap could pull a lease from pfSense in the new subnet. I would set it to static mapping so it always gets the same IP address if you do. But, yes, setting it statically will also work.
-
hello i have finaly have time to configure my wifi to Netgate on OPT1.
i have follow your link. everything go well thanks!
but i have to do some firewall rules...because none of my laptop go out to Internet. here what i have configured:
can youhelp?
-
i have just add the gateway...i have forgot that !
wifi OPT1 192.168.100.1 192.168.100.1
-
but still not go out:
from a laptop 192.168.100.201:
cyber@cyberlaptop:~$ ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
From 192.168.100.201 icmp_seq=1 Destination Host Unreachable
From 192.168.100.201 icmp_seq=2 Destination Host Unreachable -
That should pass anything but you can see it has not opened any states or passed any traffic on any of those rules.
I assume the OPT1 interface is where you have the WIFI connected? And that is using the 192.168.100.1/24 interface address?
Do wifi clients pull a dhcp lease in that subnet correctly?
-
@stephenw10
oh my god!!!! the probleme was :wifi 6 netgear nighthwak ....yellow port ....was connected to the netgate lan 4 (opt1). i have unpluged it, put the cable in the lan 1 port of the netgear (not the yellow one) and it's working!!!!!!!!!!!!!
-
@nadvig23 said in Access webui need to open 443?:
i have unpluged it, put the cable in the lan 1 port of the netgear
The "yellow" (single) port on the AP Netgear router is a so called WAN port.
You've created a Router (Netgear) after Router ( pfSEnse) setup.
That could be just what you want, but is often totally not understood. (read = you've complicated your live)What you probably want : using your Netgaer as a "Access Point" only, and not as a router (and not a DNS, not a firewall, not a DHCP server) == just as an AP.
The basic setup for such a device is :
Your pfSense LAN (== OPT1) uses 192.168.100.1 / 24
Set your LAN IP of you Netgate like :
192.168.100.2 /24 (= 255.255.255.0) = =a static IP setup.
Set the Netgear gateway to 192.168.100.1
Set the DNS of Netgear as 192.168.100.1Disable the DHCP server on Netgaer !
Done.
-
that's what i have done sunday! i was surprised that it didn't worked, but i saw the cable was still in the yellow of port of the netgear....i put it in the right port and everything goes well!
