Strange issue - can't ping AP from LAN pc (but can ping client on AP?)
-
Is there some reason to hide rfc1918 space - or are you running public IPs?
What are your rules on your interfaces?
-
No public IP's. No fancy rules, just allow outbound ALL from the internal subnets. I do have block bogon set on all interfaces.
EDIT/Update: I did add LAN <-> AP subnet any/all IPV4 for the AP interface/subnet, but that didn't affect being able to ping or bring up the HTTP AP web page from the LAN. *I don't think that rule was required to be able to ping the phone on the AP subnet.
I went ahead and move the AP back to the LAN subnet for testing -> unmanaged switch, and HTTP + ICMP work fine.
I'd like to get it back on the other subnet/interface though for long term.
-
" I do have block bogon set on all interfaces. "
For what possible reason - how could there be bogons in your own local networks?
Why are you hiding your rfc1918 space - just makes harder to understand your network. What are the rules on the interface connected to your AP network? Is this a tagged or untagged vlan on your switch?
-
I think block bogon was set by default?
Updated image with private IP info. No vlan's.
I setup a LAN (source) -> AP (dest) any/all IPV4 rule for the AP interface/subnet, but that doesn't affect being able to ping the AP or bring up the HTTP AP web page (from the LAN).
*This rule doesn't seem to be required to be able to ping the phone on the AP subnet? Traffic is permitted between these subnets by default?
The only rules right now on the are allow any/all from each subnet to any/all.
-
"I think block bogon was set by default? "
Only on your WAN interfaces… Did you happen to set some gateway on an interface on your local side so pfsense thought it was a wan connection?
Does your AP have the ability to have a GW set... It needs to point to pfsense as its gateway 10.8.3.1
-
"Does your AP have the ability to have a GW set… It needs to point to pfsense as its gateway 10.8.3.1"
-It does not. A GW can only be set to regarding the WAN (unused). It does allow static routes to be set; IDK if that'd help?
*Does not seem to be any trouble for devices on the AP subnet to ping my PC for example, on a different subnet."Did you happen to set some gateway on an interface on your local side so pfsense thought it was a wan connection?"
-Possibly? Do you mean... maybe confused it with a legit public IP, which I used for a LAN IP?
EDIT: I'm not using x-over cable for anything; pfsense to unmanaged sw or pfsense to the AP. Other traffic seems to be fine, but could this be a problem?
-
What are u using for ap 3rd party might let u set gateway or if u can set route to your lan network. Other option would be to source nat so traffic from lan looks like pfsense ip in ap net so ap can answer.
Best option get real ap ;)
-
I might put it on the LAN again or get a real AP like you said if accessing it from the LAN becomes annoying. It's just a test setup really, not critical. Also the router/"AP" is pretty outdated, so not worth a lot of trouble. Just wanted to get some input to see if I was missing anything. Thanks!
Here's a thread with a similar issue. OP doesn't say if it's a router as AP or real AP:
https://forum.pfsense.org/index.php?topic=46408.0 -
Dude without a gateway on the device there is no way to talk to from another network
-
Hehe. I popped in a static route on the wifi router/AP and now can hit the web page and ping from the LAN, but it it says:
"You have no authority to access this device!" Doesn't allow alt-networks access to the web config page.
So I thought, hmm… maybe if I add my pc IP to the remote management access (one IP only, boo!) ...and yep, I can reach it now.
This wouldn't be a good option if any other computer needed to get to it though. Back to the LAN or real IP again if this isn't satisfactory.
Thanks again.
-
U should be able add your whole lan net to allow remote admin but why?