LAN/OPT1 client ping through WAN -> host unreachable.

hoba

Click on the small block icon in front of the line at system>systemlogs, firewall. It will tell you which rule blocked the connection. If it reads something like "block all just to make sure" your rules are not correct.

nostromo

If I connect to my ISP directly through PPPoE without any rule
in firewall except default ones, then everything works fine.
If I use static IP to connect to my friends AP and I enable these rules
for WAN:
proto Source Port Destination         Port     Gateway
TCP/UDP 192.168.0.11      *    1.1.5.0/24    808    1.1.5.10    LAN > WAN
ICMP    192.168.0.11      *    1.1.5.0/24    *            *          ICMP LAN -> WAN
ICMP    OPT1 net    *    1.1.5.0/24    *            *          ICMP OPT1 -> WAN
TCP/UDP    OPT1 net    *      1.1.5.0/24    808    1.1.5.10    OPT1 -> WAN

I cannot ping no one on 1.1.5.0 net neither to have internet.
192.168.0.11 is my machine (a client on OPT1).
I have checked on log option for each of these rules and none of them did
appear in System logs/Firewall.
Also I checked this option for LAN and OPT1 rules which are passing everything
and guess what, none of them appeared in log although they should.
All I can see is that WAN is blocking incoming packets and yes there is
"block all just to make sure" if I click on icon in log.

I must admit that I am a noob about all these things but I want to learn more.
I also didn't mention that I'm not using my original MAC on WAN with my friend
because we are using the same (my) account at ISP which is filtering MAC addresses.
So in order to connect to my friends AP I'm using different address because of
possible collisions or whatever, and he is using my when we are sharing the internet.
Perhaps this could be the problem.
My wlan is Prism2.5 based.

hoba

The rules have the wrong direction (source and destination). Also I think your whole setup is a bit wrong. Just to clarify:

internet–----your friends Accesspoint ) ) ) )    wifi      ( ( ( (wireless wan/pfsense/lan-----clients

Is it this way? What is the OPT1 for?

I suggest first setting rules at all interfaces like this: pass any protocol, any source, any destination. This way you have allowed all traffic.

nostromo

@hoba:

I suggest first setting rules at all interfaces like this: pass any protocol, any source, any destination. This way you have allowed all traffic.

Well, I did that at first and it didn't work so I tried to add some rules.
That is why am I confused. As you can see I mentioned in my first post
that I allowed everything everywhere and OPT1/LAN interfaces, which are behind
WAN can ping the outside, but the client behind OPT1 is somehow blocked.

The OPT1 I use to directly connect my machine with pfsense through switched UTP
and that is just for this time until I configure pfsense. The LAN is connected to my switch.

This is my configuration:
internet–----your friends Accesspoint ) ) ) )    wifi      ( ( ( (wireless wan/pfsense/lan-----clients
                                                                                                                    |
                                                                                                                    |
                                                                                                                  opt1-------my machine

The OPT1 and LAN are in same IP range. Could this be a problem?

hoba

Yes, OPT1 and LAN should have different ranges or you break routing. Otherwise bridge OPT1 to LAN and don't use an IP-Adress on OPT1.

nostromo

I am sorry for troubling you hoba but this just doesn't work for me.

I have reset pfsense box to the factory settings, and I connected my machine (slackware)
to the LAN.
Then I set static IP  and MAC for WAN, also I disabled 'block private networks' and set
the firewall rule for WAN to pass everything and to log its traffic.
LAN is not blocking anything.

I still can't get to remote network or to use internet.

One thing that is very interesting that I used this same wlan card on my machine (slackware)
and whenever I tried to connect to my friends AP I needed to refresh its settings because
when it associates for first time I wasn't able to use the net so I tried to connect few times
to google and the wlan card just dissassociate itself from AP. After that I just refresh it and everything
goes fine. And I need to do that everytime I reboot.

In pfsense, when I use PPPoE in Status/Wireless my ISP's AP is clearly noted but for Static IP
there is nothing noted about my friends AP.
???

This could be an hardware issue.
What drivers pfsense is using for Prism based cards?

hoba

What happens if you save the Interface settings of the wireless client again? it will reload the interface settings and reinitialize the card.

nostromo

Yes, but still there is no AP listed in Status/Wireless. :(

hoba

I'm not sure if this will show up there if you use a mode other than accesspoint.

nostromo

Well at this very moment  I'm using my PPPoE account on ISP and there IS listed the IPS's AP.
There is a SSID, BSSID, channel, everything.

nostromo

here is a snapshot

nostromo

@hoba:

I'm not sure if this will show up there if you use a mode other than accesspoint.

I assume that you didn't believe me when I said that my WISP is broadcasting it's MAC
addresses.
However you can check it here on this link www.panonnet.net/
Please click on 'MAPA' at the bottom of the page.