Cannot access WAN IP from LAN
-
With those addresses so close, my first question would be what subnet masks are you using?
-
@jknott thanks for your reply. the subnet mask for both the 192.168.0.x and 192.168.1.x are 255.255.255.0 /24 bit.
Please tell me I'm doing something silly?
-
Your WAN is in the RFC1918 range. There are some rules that block those on the WAN side. For example, the first 2 rules in my firewall block private addresses and "bogon" networks. You could try turning off the private networks one.
-
You mean these :
This is my WAN :
pfSense has 192.168.10.3 and my ISP router's LAN IP is 192.168.10.1
Still, when I type 192.168.10.1 in a browser situated on LAN, I can access my ISP router's GUI just fine.
I didn't set any firewall or NAT rules for this to work.
-
Notice that first rule, that blocks RFC 1918? You shouldn't have that if your WAN is 192.168.anything. The purpose of that rule is to keep anything within the RFC 1918 addresses from entering. Try disabling it and see what happens.
-
@jknott : I do agree with you - that rule - this rule :
should not be checked in my case.
As my upstream router has 192.168.10.1/24 == very RFC198.I unchecked it, as per your words, and the description.
Still, nothing happens. No smoke, no sound.
I can still access my upstream ISP router (192.168.10.1) just fine :
This "Block private networks and loopback addresses" checkbox was like a no-op for me.
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
Next step is to try some packet capture to see what's actually happening.
-
BTW, is your modem in bridge or gateway mode? You should have it in bridge mode for pfsense.
-
@jknott
"bridge" is something of the past for me. I've been using it in the past.
These soHO 'livebox"boxes is also an access point, has two telephone lines, can accommodate the national TV channels and has even now a 4G+sim card backup card.
The VDSL lines - and the underlying protocol - that Orange used in France do not permit 'bridge (PPPOE) mode.
I"ve a typical router-after-router setup.The Wifi, TV and phone functionality has been shut down.
As a hotel we already have way more TV channels and TV sets (39) - 4 phone lines and a fax line (have to keep it for one more year, and then the fax will get shut down - telex died in 2010). The Wifi is based on my own AP's - 6 around the building.Not really a problem for me. I just have to implement double NAT, so my OpenVPN is reachable.
( and a rsync access - port 22 - to my LAN based Syno for backup reasons ) -
@gertjan said in Cannot access WAN IP from LAN:
Not really a problem for me. I just have to implement double NAT, so my OpenVPN is reachable.
Why would anyone want to do that? My modem also supports phone & TV but having it in bridge mode doesn't cause any problems. The only thing I lose is the built in WiFi. However, I have a separate AP that provides much better coverage. Also, gateway mode prevents pfsense from handling IPv6.
-
Thank you everyone. I removed the block traffic on ip addresses that are reserved for private networks per RFC and unique local addresses on the LAN and my VPN interface and it’s working! Yay, I’m so happy. Thanks to you all, this problem is resolved.
Best wishes and thanks again!
-
What you may want to do is create a rule to allow only the desired address(s) through followed by the block RFC1918 rule.
