Access wireless AP on the Lan side from internet
-
What I would suggest you do is take this router out of the picture all together?
Why do you have it in front of pfsense - which I can assure you is a much more feature rich/robust router/firewall that that tp-link soho box.
If you want to use the tp for ports, sure it can be a dump switch/ap just fine - there is little reason to have it NATing your public internet connection to private, just to do it again with pfsense.
At a loss to why anyone does this??
-
You can change everything you want in my router and my pfsense to get this working.
Please make sure who tries it first.
I'm going to sleep know and hope when i wake up everthing is working fine.
Thx both of you for your help
-
You can change everything you want in my router and my pfsense to get this working.
Please make sure who tries it first.
I'm going to sleep know and hope when i wake up everthing is working fine.
Thx both of you for your help
If they change your router settings it might be the case they can't finish up the change and you're out of connection without help
-
why i use this setup????
It's for a hotspot setup for a friend.
The easiest way is to put a utp cable from his router to a pfsensePC and leave his own network the way it is (so we won't mess things up)
And i will be able to login from my home if it's needed (my friend lives 300 Km from my place).
For example: Create vouchers, how many clients are connected to the WLAN AP, etc -
Hi Metu,
I'm not a noob on routers. (only routing,Nat,etc)
So if they mess things up i can fix this, no problem.So please try and if they mess things up it's not a problem.
-
A very useful test here would be to try to connect to the AP from the routers LAN network.
You should be able to connect to it on 192.168.11.17:20000 is portforwarding is working correctly.There is some strange behaviour here that doesn't make much sense. It could be a double NAT problem.
Steve
-
That is not working but:
https://192.168.11.17:18474 gets me to pfsense login page
-
"It's for a hotspot setup for a friend."
"The easiest way is to put a utp cable from his router to a pfsensePC "
No I would not say that at all – the EASIEST way is to set it up correctly, and sorry a double nat is never correctly ;)
Use pfsense as the nat/gateway/firewall and then setup a segment for whatever you want to do with his hotspot, and then a segment for his network. This is completely isolated and you get the power and feature set of pfsense to control everything.
This is much easier than dicking with soho hardware like a tp-link home router as your gateway doing NAT, and then running through pfsense as another NAT, etc..
edit: btw either you changed IPs, change ports for your interfaces or someone crashed it? But I show both router and pfsense do not answer on the info you sent me before that i had gotten in with.
-
OK - FIXED!
Your CAPTIVE PORTAL is what was blocking the access!!! So I disabled it
Again what your trying to do is NOT!!! The best way to go about it!!
edit: Ok I setup Mac address of your AP to be bypassed from captive portal, so this gets it working with the captive portal enabled.
Again – how your trying to go about this is NOT the right way! Get rid of the double nat, and use pfsense as your gateway and then segment your friends network from whatever you want to do with that AP, etc..
edit2: btw I disabled your one lan rule you had setup to do some sort of limiting? Before the captive portal dawned on me, I thought maybe that might of been causing some problems.
-
Hmm Captive portal you say.
Nice catch. :)
That hadn't occurred to me.Case solved then. At last. ::)
You can remove logging from the firewall rule if you wish.
The take away message from this, as is almost always the case, is always do things one step at a time.
Steve
-
yeah he mentioned setting up a hotspot a couple of times - but still hadn't clicked in.
So woke in the middle of the night last night, was just reading some reddit/email/etc cuz couldn't sleep and noticed he PM'd his new IP. So was taking a look see, thought shoot will setup a vpn connection and try that. I was seeing my hits in the log, even did a capture on his pfsense lan interface and yup saw the syn and the syn/ack back.
So why wasn't my box seeing it? I didn't see it blocked in the lan rules - then "hotspot" clicked and noticed the captive portal widget with nobody authed/allowed/etc.
-
I want to thank John an Steve for all there time they spent on my question/problem.
And most important "THE PROBLEM IS SOLVED" ;D ;D ;D ;D
Thanks guy's
