Access wireless AP on the Lan side from internet
-
i'm playing with the portnumbers but i've set them back to 20000
can you please login again and see whats wrong? -
I've enabled logging on the firewall rule associated with the port forward and I can see my requests being allowed but nothing is being returned.
Have you set the AP web interface to port 20000?
Another possibility is that there is no return route. Though that seems unlikely.Steve
-
port 3475 access router is open (canyouseeme.org)
port 18474 access pfsense is open (canyouseemee.org)port 20000 is closed
according to the nat rule it must be open or i'm i wrong -
And again!!! Can you connect from your lan machine to http:\192.168.1.2:20000
Not sure if you just making these ports up or what?
You can do a nat all day long - if thats not the port its listening on its not going to work. Nor if you have the firewall wan rule that allows the traffic its not going to work either.
I find it unlikely that your isp is blocking that port but allowing your other 18k port something.
Other issue you can run into is if your router in front of your pfsense is blocking that port specific, or is forwarding it to something else that doesn't work then it would show closed, etc.
We are at three pages on something that takes literally 3.2 seconds to do.
edit - also as mentioned already its possible your AP blocks access to this gui from network other than its local network, etc.
-
i can acces my Wlan AP by http://192.168.1.2:20000
-
look at my picture.
It's working from my lan..
-
What specific device is this so we can look up the manual to see if it blocks access to its gui, etc.
edit: this has really gone on way too long. If you PM me your ip and login info I will get in and take a look.
-
Ok, looking at your pfSense config I see you are using a static IP on your AP. Have you set a gateway and DNS servers?
If you haven't then it will not have a return route for web requests except that from inside it's own subnet.
That is what we are seeing.Steve
-
Thanks for letting me to your router as well as the pfsense - that was the key. I would highly suggest you make harder passwords. And even think hard and long to why you would want to allow remote access into your router in the first place. Better option is VPN into your network, and then access your stuff via the vpn connection. This is going to be way more secure than just web gui open to the public.
here is your problem - you have UPnP forwarding that 20000 port to a different IP.
I would really suggest you TURN OFF UPnP!!
This over rides your DMZ host for those ports, I mentioned that as possible problem a few posts back ;)
-
my Wlan AP
webport set
Network settings
-
I can can get back in and fix it for you.. But now that you know what the problem is - you can fix it yourself I think ;)
-
Nice spot. ;)
I totally missed that.Steve
-
Also while I was on your router "TL-WR1043ND" And yup public on its wan – so why do you have that router in front of your pfsense box?? At a loss to why you want to double nat like your doing?
-
It doesn't explain why it didn't work at port 24000 though. Or that I could see in the logs traffic being correctly forwarded in pfSense. :-\
Steve
-
Upnp disabled but still can't loggin.
-
I don't know why it wouldn't of worked on 24000, unless he didn't change his AP to that port? He had some bad state on his pfsense for that port? Or his router in front of his pfsense - with ports above 1024 on a nat box handling multiple machines it looks like - its quite possible there was a state already for 24000.
From his UPnP he is running torrents, so those are going to create lots and lots of connections.. So you have no idea how many states are already in play. So say his router had a state where 24000 source on its wan. And then some other connection came in for that - what would it do? Would it not allow the connection because not same IP as the state, or would it forward to send it on through - depends on what type of nat that router was set for.
Double NAT not good idea - you can have all kinds of weird shit happen ;)
-
Read my above posts about states! And nats!
-
What about my Wlan AP Network settings(see picture in previous post)?
-
Dude you got some really funked up settings.. Why are you cloning to this mac on your wan of that router 00-21-00-0E-E1-55, and what does that match up with?
Why do you have target settings? for something? From the dhcp log – you have pfsense wan on dhcp, and there are other devices on this 192.168.11 network as well..
I did not see anywhere a place to clear the states on your router -- I would reboot it. This will make sure your states are clear on it, and then we can try and access and verify that the 20000 port hits the pfsense even if not working, etc.
-
i did mac binding so my pfsense box always gets the same ip
and i will reboot my router now
