Routing OPT1 to WAN/LAN
-
Hi
My pfSense LAN is 192.168.1.1
I've setup OPT1 as IPv4 with static IP Address 10.10.10.1, connected to this is a wireless access point 10.10.10.254
OPT1 is configured with a DHCP Range of 10.10.10.150 - 10.10.10.175 and I have a static assignment for my mobile of 10.10.10.100From an SSH session on my pfSense box I can ping 192.168.1.1 and 10.10.10.1
From a PC connected to the 192.168.1.x LAN I can't access the wireless access point.
When my mobile connects to the wireless I get IP Address 10.10.10.100 which is correct, but I can't access anything on the 192.168.1.x range.As yet I've added no new rules to either LAN or OPT1
LAN is configured as the attached image and there is nothing configured on OPT1.
Can someone advise what I need to configure.I'm looking to have wifi devices connecting to OPT1 have WAN Access and some have LAN access as well.
and devices on the LAN to be able to access OPT1.Thanks
-
It's already routed. Allow the traffic on OPT1 as needed and that's all.
-
Thanks for the fast reply.
I've updated OPT1 rules as per the attached (I've also added a screenshot of the interface configuration)
From my mobile 10.10.10.100 I can access:
10.10.10.254 (Wireless Access point)
10.10.10.1 pfSense OPT 1
192.168.1.1 pfSense LANHowever from my PC 192.168.1.100 I can only access pfSense on either 192.168.1.1 or 10.10.10.1, but NOT 10.10.10.254
Can you help get that working ?
Thanks
-
So what are you using as AP? Did you set a gateway on the AP? While pfsense routes your traffic to the AP.. If the AP has no gateway how does it know to this 192.168.1 network?? By talking to pfsense IP at 10.10.10.1 ???
-
Thanks for the reply.
I think this is the issue.The AP (BT HH5) doesn't have any option for configuring a default gateway or static route.
-
Well I wouldn't really call that a AP, its a wifi router your trying to use as just an AP.. Yeah native firmware on these things is normally pretty freaking crappy.
So I think you have 2 choices, I doubt those home hubs allow for 3rd party that would allow you to add a gateway.
1 get a real AP.. That would be my suggetion.
2 source nat your connections from your lan to the opt network so that your BT HH5 thinks its just talking to something on its own network. -
Thanks for the advise.
I'm, looking into an AP (although I could use my Asus RT68U as an AP)
For now if I decided to go for option 2. "2 source nat your connections from your lan to the opt network so that your BT HH5 thinks its just talking to something on its own network."
How would I do this ?
Thanks
-
So go to your outbound nat tab.. Change over to hybrid mode so you have automatic and any special outbounds you create..
Vs selecting the wan, you select the opt interface that your AP is on.. Mine is called wlan, and create you nat with the source you want, and the destination you want if you want to limit what can talk to your AP.
So you see pinging from my workstation on my lan at 192.168.9.100 to box on my wlan network.. I sniffed on the pfsense wlan interface any see it shows 192.168.9.100 ping 192.168.2.11
I then created my outbound nat using the wlan interface and source of my 192.168.9.100 and dest of 192.168.2.11 with wlan address as the nat. Now when I sniff and ping it shows that the pfsense interface on wlan 192.168.2.253 is pinging 192.168.2.11
Hope that helps
-
Thanks for the detailed reply.
It didn't seem to work for me.For now I'll add the wireless device I have to the LAN so it will work.
I'll also look at setting the Asus to be an Access Point, hopefully it will allow me to set routes correctly.
Thanks again.
-
Hi
Quick follow-up advice needed!
I plan to try my Asus in AP mode.
OPT1 has the address 10.10.10.1, I plan to set the Asus with 10.10.10.254/24 and the default gateway as 10.10.10.1So daft question time..
Should that allow any device connecting on a 10.10.10.x address via wireless access out via my pfsense box ? Or will other routing be needed on the Asus ?
And do I set the WiFi devices to use .254 as there default gateway or .1 ?
Thanks -
I've set this up and it appears to be working for the wireless clients :)
Thanks for the help
-
"Should that allow any device connecting on a 10.10.10.x address via wireless access out via my pfsense box ? Or will other routing be needed on the Asus ?"
I think your not getting what an AP is…
"It didn't seem to work for me."
Well then you did it wrong ;) hehehe That is how you source nat.. If done correctly then it would be no different then if you were on that opt network..
But if you got your wifi router to be able to setup a gateway, so you can manage it remotely from another network then you don't need to source nat. Source natting like that is work around, not the correct setup.
-
The ASUS can be setup and configured as a Wireless Access Point.
This is now in and connected to OPT1.The ASUS is doing MAC filtering and is configured to use the 10.10.10.1 as it's default gateway.
All devices are being given DHCP addresses and network config from the OPT1 interface.This all appears to be working fine. By default I've blocked all devices from the AP/OPT1 to the LAN but have allowed a small 'approved list'
So far so good. Thanks for the help and advice.
