• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Access to all routers on my Network

Scheduled Pinned Locked Moved General pfSense Questions
15 Posts 4 Posters 1.3k Views 4 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J Offline
    johnpoz LAYER 8 Global Moderator
    last edited by Aug 10, 2019, 9:58 AM

    So you are providing all your clients with something running pfsense as their edge router?

    An intelligent man is sometimes forced to be drunk to spend time with his fools
    If you get confused: Listen to the Music Play
    Please don't Chat/PM me for help, unless mod related
    SG-4860 25.07 | Lab VMs 2.8, 25.07

    O 1 Reply Last reply Aug 10, 2019, 10:41 AM Reply Quote 0
    • O Offline
      OpenWifi @johnpoz
      last edited by Aug 10, 2019, 10:41 AM

      @johnpoz No. They all have Tp-Link routers but i have a pfsense box that gives static dhcp leases to all the routers on the network. Kindly note i am a wireless internet service provider

      1 Reply Last reply Reply Quote 0
      • J Offline
        johnpoz LAYER 8 Global Moderator
        last edited by Aug 10, 2019, 10:44 AM

        Well if not your equipment - they would have to configure them to allow you remote access. Which has zero to do with pfsense.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07 | Lab VMs 2.8, 25.07

        O 1 Reply Last reply Aug 10, 2019, 11:02 AM Reply Quote 0
        • O Offline
          OpenWifi @johnpoz
          last edited by Aug 10, 2019, 11:02 AM

          @johnpoz do you know of VNC ? It does exactly that but it is not a package in pfsense

          1 Reply Last reply Reply Quote 0
          • J Offline
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz Aug 10, 2019, 11:09 AM Aug 10, 2019, 11:05 AM

            VNC does not open the ports on their router to allow you remote access ;)

            There are plenty of ways you "could" get remote access their router or network - all of which require them to do something..

            Do you go and setup their routers for them? If so allow remote gui access to it from your IP. Or give them instructions on how to allow it if they desire.

            Again none of which has anything to do with pfsense at all..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07 | Lab VMs 2.8, 25.07

            1 Reply Last reply Reply Quote 0
            • S Offline
              stephenw10 Netgate Administrator
              last edited by stephenw10 Aug 11, 2019, 10:47 AM Aug 10, 2019, 2:41 PM

              If you control those routers then just open a port or setup some port forward on them and lock them down to prevent your customers changing that.

              Most regular ISPs use TR-069 for that sort of stuff. pfSense can't help you with that.

              Probably better to ask this on a WISP forum I'm sure you are not the first to want to do this!

              Steve

              O 1 Reply Last reply Aug 10, 2019, 3:35 PM Reply Quote 0
              • O Offline
                OpenWifi @stephenw10
                last edited by Aug 10, 2019, 3:35 PM

                @stephenw10 Thank you

                1 Reply Last reply Reply Quote 0
                • J Offline
                  johnpoz LAYER 8 Global Moderator
                  last edited by Aug 10, 2019, 4:11 PM

                  Exactly what I have been saying since the beginning ;)

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07 | Lab VMs 2.8, 25.07

                  1 Reply Last reply Reply Quote 0
                  • B Offline
                    BogusException @OpenWifi
                    last edited by BogusException Aug 10, 2019, 7:03 PM Aug 10, 2019, 7:02 PM

                    @OpenWifi I see. Others may have answered your question, but as a courtesy I want to address your reply.
                    As I understand, your network layout is such that you have WiFi APs for customers, like in a hotel or big store. These devices are on a LAN that sits on a router port on site. This router is maintained remotely, and likely is what plugs directly into their modem, or other device providing Eth to site from upstream/Internet. Sound about right?

                    Enter the firewall. You put it between modem and router(s), but where before the router's WAN interface was available directly, there is this firewall getting in the way. Can't connect because FW WAN address is the old address of router, which is now on LAN sitting on FW inside/LAN port.

                    Is this how it went?

                    So now, vendors hit the same IP they used to, but FW is not the router, so nothing. If so, what you seek is a way for internet clients to see the router on the old address. This is mostly done with port forwarding, where you know:

                    Incoming port(s)
                    Incoming IP source address/range (sometimes)
                    IP address on LAN of device to direct that traffic to.

                    Port forwarding is just what it sounds like. Since you don't want ALL traffic inbound to go to this one router, you decide which inbound ports will be valid to pass to router, like 22 if they are using SSH.

                    So you tell FW that if anything comes in for the FW's WAN Address ( the one the switch used to have), direct that traffic to the new up address it got. To the outside, there is no difference. As long as there is only one managed device behind the firewall, it's easy.

                    Hope this helps, but I had to make a ton of assumptions.

                    1 Reply Last reply Reply Quote 0
                    • S Offline
                      stephenw10 Netgate Administrator
                      last edited by Aug 11, 2019, 10:55 AM

                      @BogusException said in Access to all routers on my Network:

                      but I had to make a ton of assumptions

                      And some were incorrect I think. 😉

                      OpenWifi is a WISP of sorts. Their network, therefore, is a series of wireless access points connected to pfSense.

                      The routers they need to access are the TP-Link devices at each customer site that connect via wifi back to the access points.

                      Thus to access those routers they simply need to have a port open to allow it in the router itself. I would choose to use a port forward to 443 from some other port rather than open 443 directly if that's an option.

                      Steve

                      B 1 Reply Last reply Aug 11, 2019, 2:57 PM Reply Quote 0
                      • J Offline
                        johnpoz LAYER 8 Global Moderator
                        last edited by Aug 11, 2019, 11:33 AM

                        You can port forward all day long, why should he have to port forward on his devices? He is the WAN for the routers, he is not going through a nat..

                        The problem his why would the customers routers admin be open... Is not, and that is not his device.. Its customers - for him to admin min.. They would have to open up the port to their web gui, ssh, etc.

                        Which maybe they do or do not want to do, etc..

                        All which has ZERO to do with pfsense..

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 25.07 | Lab VMs 2.8, 25.07

                        1 Reply Last reply Reply Quote 0
                        • B Offline
                          BogusException @stephenw10
                          last edited by BogusException Aug 11, 2019, 2:57 PM Aug 11, 2019, 2:57 PM

                          @stephenw10 True dat. Thanks!

                          1 Reply Last reply Reply Quote 0
                          15 out of 15
                          • First post
                            15/15
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received