Can not connect external ap
-
i can not ping the pfSense Lan IP .
for the log not really sure what im looking for i see a lot of things blocked from the wan and it looks like everything from the Wireless was allowed. although the only thing comming from the wireless is the actual AP it's self.
could it be something in the AP.
i just noticed that i still had the internet setup in the AP as Automatic Configuration - DHCP. does it need to be static? if so what do i chose for the IP address. just anything on the Lan Subnet?
What it is now.
What i think it might need to be.
-
If you are just using the wireless router as an AP, you want to totally disable the WAN interface if possible. I know some firmwares do not let you do that. If you are in that boat, give the WAN interface a bogus IP you will never use, like 192.168.222.222 or somesuch. However, if the clients are getting IPs from the pfsense, their packets should be going to it, so the WAN configuration on the AP is not likely to matter much.
-
okay good to know i just cant figure out why i can connect to it and the DHCP server but i cant access the web. though wireless.
i can ping my computer on the wireless though a computer on the LAN though. but i cant ping my computer on lan from my computer on wireless.
i can also connect to the computer remotely over the LAN. -
I reread the first post or so. Do you really still have the AP plugged into a separate OPT1? If so, why? You are bridging the wireless segment to the LAN with no restrictions, so why not just plug the AP into the LAN and be done with it?
-
18.4.3. Bridging wireless to an OPT interface
If you want more control over your wireless clients, adding an OPT interface to pfSense for your access point is the preferred solution. If you wish to keep your wireless and wired networks on the same IP subnet and broadcast domain, you can bridge the OPT interface to your LAN interface. This scenario is functionally equivalent to plugging the access point directly into your LAN switch, except since pfSense is in the middle, it can filter traffic from your wireless network to provide protection to your LAN hosts.
You can also put your wireless network on a dedicated IP subnet if desired, by not bridging the OPT interface on pfSense and assigning it with an IP subnet outside of your LAN subnet. This enables routing between your internal and wireless networks, as permitted by your firewall ruleset. This is commonly done on larger networks, where multiple access points are plugged into a switch that is then plugged into the OPT interface on pfSense. It is also preferable when you will force your wireless clients to connect to a VPN before allowing connections to internal network resources.From the book it's really just a control thing. from what i read.
-
you're missing the key point though: if you have a default "allow any" rule, there IS no extra control, so you are complicating your setup for no real gain.
-
Maybe the "allow any" rule is there for the present to try to get the configuration working.@pman860507:
i can ping my computer on the wireless though a computer on the LAN though. but i cant ping my computer on lan from my computer on wireless.
What report do you get when you ping the computer on lan from computer on wireless?
-
Maybe the "allow any" rule is there for the present to try to get the configuration working.@pman860507:
i can ping my computer on the wireless though a computer on the LAN though. but i cant ping my computer on lan from my computer on wireless.
What report do you get when you ping the computer on lan from computer on wireless?
I get a 100% reply.
-
OK, so your earlier report that you can't ping a computer on the LAN from a computer on the wireless is no longer current?
-
OK, so your earlier report that you can't ping a computer on the LAN from a computer on the wireless is no longer current?
sorry i miss read that from the wireless to lan computer i get no reply. from lan computer to wireless computer i get 100% reply.
you're missing the key point though: if you have a default "allow any" rule, there IS no extra control, so you are complicating your setup for no real gain.
i understand what you are saying and it does make since. if i put the wireless on the lan do i need to bridge it with anything or just plug it in and good to go?
nvm thats a dumb question once i think about it im going to hook the wireless into the Lan. if i ever need to add some restrictions to it i might move it back.and amazing enough it worked perfectly thanks a lot for all your help many next time i have to do this kind of stuff i will be more familiar with the firewall rules.