2 WANs and 2 LANs
-
Add a rule at the top of your firewall rules that passes traffic to the other subnet, that has a gateway of "default" - it's possible that the policy routing for multi-wan is sending that traffic directly out your WAN instead of it going locally.
Though I thought there was an automatic policy route negation for local networks, it's worth trying.
-
Hi,
Thanks for reply, I have them already on it.
I guess is because the other one is by a WiFi router (I use a TL-WR1043ND) and creates his own network.
Looks like the only real solution would be adding a WiFi card directly on pfsense to connect that far PC (is only 1 PC).
-
Is the pfSense box connected to the WiFi router's WAN port?
-
the pass rules need to be added on the tab of the source interface …
so when you want traffic going from lan1 to lan2 you would go to the lan1 rule tab and add something like this:
Action: PASS
proto: any
src: LAN1 subnet
dest: LAN2 subnet
.....i made the mistake in the past and tried it the other way around, as in going to the LAN2 rules to allow traffic originating from LAN1 .... this does not work
-
Is the pfSense box connected to the WiFi router's WAN port?
Hi,
Yes, like this one:
WAN (wifi) > NIC2 (on pfSense) or
2.253 > 2.254From pfSense shell I can ping 2.253, but not from network.
-
the pass rules need to be added on the tab of the source interface …
so when you want traffic going from lan1 to lan2 you would go to the lan1 rule tab and add something like this:
Action: PASS
proto: any
src: LAN1 subnet
dest: LAN2 subnet
.....i made the mistake in the past and tried it the other way around, as in going to the LAN2 rules to allow traffic originating from LAN1 .... this does not work
Yes, I have all that, still no go. I did some changes and now I can ping and access WiFi control panel (on web) from network, in other words, WAN port from WiFi.
But still no joy when I'm trying to access the internal LAN from WiFi, looks like TP-Link creates his own LAN network, so I'm unable to access the computers/devices connected by.
Tips? Hints?
-
Well, I still cannot ping/access my WiFi router.
My setup:
TL-WR1043ND: 192.168.2.253/252 (gateway 192.168.2.254) and LAN: 192.168.2.100~192.168.2.105
I have 2 xDSL + 4 NICs on pfSense, setup is:
WAN1: 192.168.10.254/24 (xDSL1: 192.168.10.1)
WAN2: 192.168.20.254/24 (xDSL2: 192.168.20.1)LAN1: 192.168.0.254/24 (connected to my wired switcher on network1)
LAN2: 192.168.2.254/24 (connected to WiFi as 192.168.2.253/30)From my computer (192.168.0.1) I can ping everything, except WiFi (192.168.2.253) and WiFi's network (192.168.2.100~192.168.2.105).
I use Load Balancing and works well, but I just cannot ping anything from my wired network1 to wireless network2, and vice-versa.
My firewall rules are very simple:
From WiFi, I can also ping/access everything except my wired network (LAN1).
Help!
-
Adding this:
Action: PASS
proto: any
src: LAN1 subnet
dest: LAN2 subnetI can ping 192.168.2.253 (my WiFi), but not 192.168.2.100~192.168.2.105 (WiFi network).
-
There is something pretty odd, I can access my HP printer (192.168.0.240) from WiFi w/o problem, but not my Win7 computers. ???
Edit: I can now ping my .0.1 from WiFi (culpit was Norton Firewall), but I still cannot ping my notebook (on WiFi) from my local, the inverse is possible.
I turned off the firewalls and still no go.
-
i'm guessing the client-computers are the ones blocking the pings … it's unlikely some ip's are pingable and others are not while the entire subnet should be allowed according to your firewall rules
-
Well, I did turn off every firewall on computers (not on pfsense), and still no go (cannot ping).
It must be TL-WR1043ND since it creates his own internal IP (is a WiFi router). :(
-
Try to turn it like accesspoint
-
turn off DHCP in your wifi router and dont use the wan port. connect the cable from your pfsense box to a lan port and try.:)
-
turn off DHCP in your wifi router and dont use the wan port. connect the cable from your pfsense box to a lan port and try.:)
But if I do that, then I will don't have WiFi at all. Besides, I cannot access my WiFi at all, I'm forced to use WAN or nothing (on WiFi) works.
If I turn off DHCP and try to use the same network it gives me:
Error code: 5008
WAN IP address and LAN IP address cannot be in a same subnet. Please input another IP address. -
Try to turn it like accesspoint
I wish how. Looks like the official FW is very limited.
The only option I see is:
Enable WDS Bridging - You can select this to enable WDS Bridging, with this function, the Router can bridge two or more Wlans. NOTE: If this checkbox is selected, you had better make sure the following settings are correct. -
- Set management ip and subnet, make sure that this ip is usable and in same network than your firewall
- Set your wireless settings
- Turn dhcp off from that wireless router
- connect only power cable and lan cable from your network switch or firewall(pfsense) and connect that cable only to lan side no wan at all
- Enjoy
