Problem with two lan networks and access to ap
-
My money is on Snort. Do the Snort get correctly copied across the update? Check the logs, what is being blocked?
I currently browses through the live cd
No packageStill no access
-
Lost that bet then! ::)
Check the firewall logs anything blocked? You've unchecked 'block private networks'?
Forget accessing the webgui of the AP. Try some basic pinging. Try to ping everything from everything else! Check the logs again.
Steve
-
There Pings
Both to ap
Well as computer connected wirelessly to ap -
Sorry I'm not sure quite what you mean there. What can ping what? :-\
Steve
-
i can ping from a computer that Connected to the Wired network
to the AP
to a computer connected to the Wireless NetworkAnd Reverse
i can ping from a computer that Connected to the Wireless Network
to a computer connected to the wired Network -
Ok.
Can you ping from the pfSense box to the AP? to a wireless client?
Can you ping from the AP to the pfSense box or a wired client?I have a router I use as an access point that behaves exactly as yours is doing and the reason is that it has no route to get packets back to clients on the other subnet. The AP/router usually uses it's WAN port for anything that isn't in its LAN subnet but in this scenario it has no WAN so it has no route. I have successfully worked around this by setting a subnet mask on the AP that contains all the local subnets, i.e. /16 However I have an AP this doesn't work for.
That doesn't explain why it worked fine under 2.0.3 though. :-\Steve
-
from pfsense to AP - There is Ping
from pfsense to wireless client - no ping
from AP to pfsense - no ping
from AP to wired client - no ping -
from pfsense to AP - There is Ping
That would go out from 192.168.2.1 on pfSense directly to the AP. So pfSense OPT1 and the AP have compatible (hopefully the same) subnets.
from AP to pfsense - no ping
I guess that was from AP, ping 192.168.1.1 - the pfSense LAN IP. In that case the AP probably does not know how to route to that. If you tried to ping 192.168.2.1 then that is good, but you will need to have added a pass rule on OPT1 after booting the LiveCD version.
I can't understand what has happened here - the symptoms look a lot like an AP subnet/mask/default gateway problem. But it is pfSense that has been upgraded - so what is the real cause of the problem???
Can you post the actual AP:
- IP address
- network mask
- default gateway for LAN (or tell us that there is no setting for that)
and confirm that OPT1 is 192.168.2.1/24 and has a pass rule with source any (or OPT1 net).
-
Few answers
Interfaces configured so
Wired network 192.168.0.1/24 –----> go to Switch dhcp on pfsense 192.168.0.30 -- 100
Wireless Network 192.168.2.1/24 ------> go to AP dhcp on pfsense 192.168.2.30 -- 100
AP Fixed address 192.168.2.101
ping from pfsense 192.168.0.1 to AP 192.168.2.1 There is Ping
ping from AP 192.168.2.1 to pfsense 192.168.0.1 no ping
OPT1 = WIFI = 192.168.2.1/24
Here are screen shots of the management interface of the AP
-
MORE
-
Afraid your WAN should be set to Disabled, not Dynamic IP Address.
-
Totally not a pfsense problem. Did you get it working yet?
-
I can't see where it lets you specify
- the LAN netmask (/24 or 255.255.255.0)
- a LAN gateway
Probably (1) is on a screen somewhere - maybe I missed it.
I suspect it won't have a place to enter (2), because it thinks it is already a router (gateway). -
Totally not a pfsense problem. Did you get it working yet?
not yet
Afraid your WAN should be set to Disabled, not Dynamic IP Address.
Selecting other options
And there is no communicationI can't see where it lets you specify
- the LAN netmask (/24 or 255.255.255.0)
- a LAN gateway
Probably (1) is on a screen somewhere - maybe I missed it.
I suspect it won't have a place to enter (2), because it thinks it is already a router (gateway).As soon as I turn off the dhcp
And gave him a fixed network address
the LAN netmask
and LAN gateway
are from the pfsenseI will try to run pfsense live cd 2.0.3
-
-
Selecting other options
And there is no communicationHuh, whut?
If I choose another option
I will not have internet accessAs soon as I turn off the dhcp
And gave him a fixed network address
the LAN netmask
and LAN gateway
are from the pfsenseEh? There is no netmask and gateway visible anywhere…
there is on pfsense
-
ping from pfsense 192.168.0.1 to AP 192.168.2.1 There is Ping
ping from AP 192.168.2.1 to pfsense 192.168.0.1 no ping
I assume this must be a typo and the ping was to the AP at 192.168.2.101?
You need to try pinging from the AP to the pfSense OPT1 address, 192.168.2.1. That should work fine.
from pfsense to wireless client - no ping
That's odd. The problems with the AP should not cause this. Presumably AP to wireless client is OK?
Steve
-
Reading the manual for that router (wbr-3406tx) it appears there's no way to set a subnet mask or gateway for the LAN interface but it's not a problem because you can add a route manually. Adding a route is the correct way to do this, fudging the subnet is a workaround.
In Advanced Setting: Routing: add this:
Destination: 192.168.0.1
Subnet mask: 255.255.255.0
Gateway: 192.168.2.1
Hop: 1Enable that and hit save. Your AP will now have a route back to the pfSense LAN subnet.
Steve
-
If I choose another option
I will not have internet accessThe only correct option is Disable/None/whatever matching this… Not any random other option.
there is on pfsense
That is NOT what we are talking about at all. We are talking about netmask/GW on the AP. And on that note, there should be no gateway set for LAN interfaces on pfSense!
Reading the manual for that router (wbr-3406tx) it appears there's no way to set a subnet mask or gateway for the LAN interface but it's not a problem because you can add a route manually
Apparently this piece of garbage HW would best be utilized in a dumpster.
-
I'm withholding judgement on the usefullness of this device as an AP until stephenw10 suggestion is tried.
Even if the router/AP doesn't end up being as slick as some other APs, I do see some usefullnes in it.
It is currently isolated from the LAN, so for sharing internet to visitors, it might be cool and secure (-: