Access wireless AP on the Lan side from internet
-
it is not working
If you are expecting me to respond to this report you will have to enhance it with considerably more information:
1. What did you do to the modem?
2. How did you test the changes to the modem?
3. What was reported in the test?
4. What did you expect to happen?
5. What evidence lead you to conclude "not working"? -
wallabybob,
you are right.
when i pm you the ip to access my router and my pfsensebox from the internet, are you willing to take a look at my setup and change what have to be changed.
i hope you will!!
and i will learn how to fix this.
thx
-
who wants to login and help me to fix this?
-
when i pm you the ip to access my router and my pfsensebox from the internet, are you willing to take a look at my setup and change what have to be changed.
i hope you will!!
and i will learn how to fix this.
Sorry for the delay. I have been working on another topic.
If you want to learn to fix it the best way would be to do it yourself.
In an earlier post I said the modem would need to have a port forward set up and probably a static route. You asked how to configure the static route but made no mention of the port forward. Have you configured the port forward and static route in the modem?
-
no need to say sorry!!!!!!!!!!!
Your right again
I will post screenshot later (i'm working at the moment)
Let's go do this the hard way ;D ;D ;D
-
"Set web access to WLAN AP to 1000"
What does this mean? You set the web ui of your AP to port 1000 vs 80??
So your behind a double nat – why people do this I have no idea. You have a modem (cable?) Why do you have a router in front of pfsense doing nat? Or do you have a gateway device that you can not put into bridge mode?
Anyhoo -- since you have your pfsense wan in the dmz of your first router, then all unsolicited traffic from the web to your public IP there 82.73.xxx.xxx should be forwarded to your pfsense wan inteface. So just forward whatever port your wlan ap web ui listens on in pfsense to its ip 192.168.1.2 and you should be good.
-
Ok here we go
Port forward to my pfsense (18474) and my wlan router on the lan port of pfsense (changed it to 20000)
-
Static route
-
Nat
-
automaticly wan rule
-
What?? That is from your router, thought you said the pfsense wan IP was in the DMZ..
"In my router set DMZ: 192.168.11.17"
There is no reason to forward anything then on your "router" Placement of the pfsense wan IP in the DMZ or "exposed host" as some routers call it means all UNSOLICITED traffic that ends up at your routers wan of that 82.x address that does not currently match up with a state on your router will be sent on to your pfsense wan IP, ie the 192.168.11.17
So You have to forward this traffic on your pfsense box to wlan AP – whatever port that might be.
-
i have dmz set to 192.168.11.17 i upload the wrong picture.
But i forgot to remove the port forward so i have both
who will please login an help me out.
I'm totaly lost now.
Why must i learn it the hard way :'( :'( :'( :'( :'( :'( :'( :'( :'( :'( :'( :'( :'( :'( :'( :'( :'(
-
Hard way? What?
Dude if I log in an fix it for you - what have you learned other than to have someone log in and fix it when you don't understand.
Its basic port forwarding - at a loss to why you do not get.
Pfsense is natting from 192.168.11.17 to IPs in the 192.168.1.x range. If you want to access port X on 192.168.1.2 then you need to tell pfsense to forward port X to port X to 192.168.1.2
Thats all there is too it. Your DMZ setting on your first router forwards ALL ports coming from the internet to your pfsense IP, now you just need to tell pfsense where to send this port X.
You sure and the hell do not need any special route commands in your double nat setup from what you have posted.
But what I am curious on is WHY you have a router in front of your pfsense in the first place? What are the makes and models of your modem and router. Maybe its just the fact that you have a double nat setup that is confusing you? maybe we can remove that for you? Please post up the make and model numbers of your modem and router and we can lookup if we can.
-
Whilst I agree that double NAT is bad it will almost certainly work fine and you can work on bridging your modem later.
You have your port forwarding setup wrong on pfSense. You should have Destination address as your WAN IP and NAT IP set to your internal WLAN access point. See my screenshot as an example.
Steve
-
So now i only have dmz to 192.168.11.17
and a nat rule (see picture)In my webbrowser i typ: http://82.73.xxx.xxx:20000
and after 20 sec i get "webpage cannot be found"
-
and are you doing that from OUTSIDE your network?? And your sure your AP web gui interface is listening on 20000, you can access that using http:\192.168.1.2:20000
edit
And that forward does not look right either - and did you let it create your firewall rule?See how for dest in the nat it says wan address. Wondering if putting in direct address like that might screw up your auto firewall rules?
A way you can check if the forward is working is to use canyouseeme.org – see my test to my slingbox port on 5001
-
I changed it
-
created wan rule (automaticly)
canyouseeme.org say's port 20000 blocked (timed out)
So i type http://82.73.xxx.xxx:20000 nothing happens (ofcourse)
-
Just a "friendly" advice, dont "put" your public ip address on a public forum, also, PLEASE change the default admin password of your pfSense
-
You could try connecting from a machine in the LAN of your router. This would prove your pfSense portforward and firewall rules.
You must have something right because I am able to connect to your pfSense box on https://redacted:18474/Steve
Edit: Yes change your Password! ::)
Though that did enable me to see your port forward in now on port 24000 and for me this returns: "invalid request" so perhaps your AP has a restriction on where you are allowed to connect to it's admin interface.
