Access wireless AP on the Lan side from internet
-
my Wlan AP
webport set
Network settings
-
I can can get back in and fix it for you.. But now that you know what the problem is - you can fix it yourself I think ;)
-
Nice spot. ;)
I totally missed that.Steve
-
Also while I was on your router "TL-WR1043ND" And yup public on its wan – so why do you have that router in front of your pfsense box?? At a loss to why you want to double nat like your doing?
-
It doesn't explain why it didn't work at port 24000 though. Or that I could see in the logs traffic being correctly forwarded in pfSense. :-\
Steve
-
Upnp disabled but still can't loggin.
-
I don't know why it wouldn't of worked on 24000, unless he didn't change his AP to that port? He had some bad state on his pfsense for that port? Or his router in front of his pfsense - with ports above 1024 on a nat box handling multiple machines it looks like - its quite possible there was a state already for 24000.
From his UPnP he is running torrents, so those are going to create lots and lots of connections.. So you have no idea how many states are already in play. So say his router had a state where 24000 source on its wan. And then some other connection came in for that - what would it do? Would it not allow the connection because not same IP as the state, or would it forward to send it on through - depends on what type of nat that router was set for.
Double NAT not good idea - you can have all kinds of weird shit happen ;)
-
Read my above posts about states! And nats!
-
What about my Wlan AP Network settings(see picture in previous post)?
-
Dude you got some really funked up settings.. Why are you cloning to this mac on your wan of that router 00-21-00-0E-E1-55, and what does that match up with?
Why do you have target settings? for something? From the dhcp log – you have pfsense wan on dhcp, and there are other devices on this 192.168.11 network as well..
I did not see anywhere a place to clear the states on your router -- I would reboot it. This will make sure your states are clear on it, and then we can try and access and verify that the 20000 port hits the pfsense even if not working, etc.
-
i did mac binding so my pfsense box always gets the same ip
and i will reboot my router now
-
It looks like it's definitely getting through pfSense but not back again to me.
For example look at the attched state table. You can see myself connected to the pfSense webgui and trying to connect to the AP.
It's clearly opening states to do it.Steve
-
mac binding?? That is not cloning which is what I saw you had - that has nothing to do with getting the same IP from a dhcp reservation.
Also – you clearly had looks like utorrent traffic going to both ports 24000 and 20000
Jun 22 22:58:46 WAN 79.112.184.127:59451 192.168.11.17:20000 UDP
block
Jun 22 22:58:53 WAN 178.75.95.24:24780 192.168.11.17:20000 UDP
block
Jun 22 22:58:53 WAN 95.65.56.78:42209 192.168.11.17:24000 UDP
block
Jun 22 22:58:55 WAN 114.203.243.49:32177 192.168.11.17:24000 UDP
block
Jun 22 22:58:56 WAN 177.9.61.145:19731 192.168.11.17:24000 UDP
block
Jun 22 22:58:56 WAN 202.161.233.70:12395 192.168.11.17:24000 UDP
block
Jun 22 22:58:56 WAN 62.43.135.1:15937 192.168.11.17:24000 UDP
block
Jun 22 22:58:58 WAN 194.144.80.242:39754 192.168.11.17:24000 UDP
block
Jun 22 22:58:59 WAN 82.159.1.187:42846 192.168.11.17:24000 UDP
block
Jun 22 22:58:59 WAN 178.75.95.24:24780 192.168.11.17:20000 UDP
block
Jun 22 22:59:00 WAN 194.144.80.242:39754 192.168.11.17:24000 UDP -
What I would suggest you do is take this router out of the picture all together?
Why do you have it in front of pfsense - which I can assure you is a much more feature rich/robust router/firewall that that tp-link soho box.
If you want to use the tp for ports, sure it can be a dump switch/ap just fine - there is little reason to have it NATing your public internet connection to private, just to do it again with pfsense.
At a loss to why anyone does this??
-
You can change everything you want in my router and my pfsense to get this working.
Please make sure who tries it first.
I'm going to sleep know and hope when i wake up everthing is working fine.
Thx both of you for your help
-
You can change everything you want in my router and my pfsense to get this working.
Please make sure who tries it first.
I'm going to sleep know and hope when i wake up everthing is working fine.
Thx both of you for your help
If they change your router settings it might be the case they can't finish up the change and you're out of connection without help
-
why i use this setup????
It's for a hotspot setup for a friend.
The easiest way is to put a utp cable from his router to a pfsensePC and leave his own network the way it is (so we won't mess things up)
And i will be able to login from my home if it's needed (my friend lives 300 Km from my place).
For example: Create vouchers, how many clients are connected to the WLAN AP, etc -
Hi Metu,
I'm not a noob on routers. (only routing,Nat,etc)
So if they mess things up i can fix this, no problem.So please try and if they mess things up it's not a problem.
-
A very useful test here would be to try to connect to the AP from the routers LAN network.
You should be able to connect to it on 192.168.11.17:20000 is portforwarding is working correctly.There is some strange behaviour here that doesn't make much sense. It could be a double NAT problem.
Steve
-
That is not working but:
https://192.168.11.17:18474 gets me to pfsense login page
