Problems accessing certain hosts on lan interface

PfSenseTimeout

I recently set up some VLANs on my pfsense router and have problems accessing certain hosts on lan interface. Do you have any suggestions for me?

Firewall/Rules/ACCESS_VLAN
Protocol Source Port Destination  Port Gateway Queue Schedule Description
IPv4* * * * * * none Default allow ACCESS_VLAN to any rule

Internet access works
PING pfsense.org (208.123.73.69) from 192.168.188.1 [ACCESS_VLAN]: 56 data bytes
64 bytes from 208.123.73.69: icmp_seq=0 ttl=42 time=120.707 ms
64 bytes from 208.123.73.69: icmp_seq=1 ttl=42 time=120.226 ms
64 bytes from 208.123.73.69: icmp_seq=2 ttl=42 time=120.164 ms

–- pfsense.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 120.164/120.366/120.707/0.243 ms

Pfsense web interface access works, too
PING 192.168.178.1 (192.168.178.1) from 192.168.188.1 [ACCESS_VLAN]: 56 data bytes
64 bytes from 192.168.178.1: icmp_seq=0 ttl=64 time=0.086 ms
64 bytes from 192.168.178.1: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from 192.168.178.1: icmp_seq=2 ttl=64 time=0.038 ms

–- 192.168.178.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.038/0.054/0.086/0.023 ms

AP is inaccessible from VLAN
PING 192.168.178.22 (192.168.178.22) from 192.168.188.1 [ACCESS_VLAN]: 56 data bytes

–- 192.168.178.22 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

PING 192.168.178.22 (192.168.178.22) from 192.168.178.1 [LAN]: 56 data bytes
64 bytes from 192.168.178.22: icmp_seq=0 ttl=64 time=0.293 ms
64 bytes from 192.168.178.22: icmp_seq=1 ttl=64 time=0.231 ms
64 bytes from 192.168.178.22: icmp_seq=2 ttl=64 time=0.216 ms

–- 192.168.178.22 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.216/0.247/0.293/0.033 ms

muswellhillbilly

Post screen-shots of your firewall rules (external, internal including any/all DMZs and VLANs). A diagram of your network setup would help too - including all netmasks and gateway info. It may be age-related, but my mind-reading capabilities aren't what they used to be.

Derelict

Is it actually an AP or is it some repurposed consumer wireless router?

Does that AP have the concept of a default gateway on it's LAN interface?

PfSenseTimeout

It is a repurposed TP-Link consumer router. Interestingly accessing an enterprise-grade AP works well.

Derelict

See if has the ability to set static routes. You might be able to set a route for 0.0.0.0 to pfsense or something.

Else you can set outbound NAT on LAN so that device sees connections to it coming from the same subnet so reply traffic doesn't need to be routed.

PfSenseTimeout

The problem doesn't seem to be related to a missing default gateway. I'm unable to access the enterprise-grade AP via SSH, unlike HTTPS.

Derelict

SSH from where?

Do a packet capture and see what's going on.

PfSenseTimeout

From my new VLAN.

30 33.040356821 192.168.188.1 [ACCESS_VLAN] 192.168.178.33 TCP 74 48530 → 22 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294959130 TSecr=0 WS=128
31 34.037486469 192.168.188.1 [ACCESS_VLAN] 192.168.178.33 TCP 74 [TCP Retransmission] 48530 → 22 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294959380 TSecr=0 WS=128
34 36.041733916 192.168.188.1 [ACCESS_VLAN] 192.168.178.33 TCP 74 [TCP Retransmission] 48530 → 22 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294959881 TSecr=0 WS=128
37 40.053825119 192.168.188.1 [ACCESS_VLAN] 192.168.178.33 TCP 74 [TCP Retransmission] 48530 → 22 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=4294960884 TSecr=0 WS=128

Derelict

SYN going out and and no response. Check the layer 2 and the host.

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting