Can't ping or access router on OPT1 interface
-
I'm new to Pfsense and have basic knowledge of networking. My topology is as follows:
WAN -> pfsense box
3 NICs - WAN, LAN, OPT1WAN - ISP DHCP
LAN 192.168.1.1 to switch -> Netgear Nighthawk R8500 in AP mode
OPT1 192.168.4.1 Static -> LAN Port on Netgear WNDR3800 DHCP dissabled
LAN on WNDR3800 192.168.4.2The problem I'm having is I can't access the GUI on the Netgear router, internally or remotely. I can ping 192.168.4.1 from LAN but can't ping Netgear LAN192.168.4.2 or computer on LAN 192.168.4.55. I have dynamic address through No-ip and have setup Rules and port forewarding the best I can. Please check out my screen shots and advise as to what changes i should make.
Thanks.
 -
Your rules need some cleaning, when you're on the LAN tab, your source should almost always be LAN net (unless you're double NATting), it's only going to filter traffic coming "in" to the interface. That same rule goes for the OPT1 interface. Your rules, how they are, currently allow internal routing between LAN and OPT1, so don't change anything just yet.
Now for your problem, you're unable to access the GUI on the Netgear at 192.168.4.2? Is the computer at 192.168.4.55 behind that Netgear router (OPT1 > LAN port on WNDR3800 > computer plugged into a separate LAN port on WNDR3800)?
If so, pfSense wouldn't even be coming into play here. Troubleshooting internal access first would be smart before troubleshooting the remote access.
Can the computer 192.168.4.55 ping or access the Netgear GUI at 192.168.4.2? Can anything on the 192.168.4.x subnet ping or access (GUI) that IP?
-
Thank you bjaffe for the input, yes the computer at 192.168.4.55 is behind the WNDR3800 plugged into a separate LAN port. That computer can access the GUI and it's the only computer on the WNDR3800. I also have a Insteon hub connected.
-
Your router at 192.168.4.2 can be accessed from inside the subnet, but not outside. Does it have a default gateway set? If it has the option, it needs to be set to 192.168.4.1 (OPT1 address of pfSense). If not, the requests will make it to the router but it'll send the replies to a black hole.
-
is the default gateway setting on the WNDR3800? I have WAN\internet set to DHCP(wired) right now and there is no option for Gateway. If i set it to Static (Wired) I get the option for GATEWAY. that is the way I used to have it set but, decided to change it because OPT1 is set to static 192.168.4.1.
-
Consumer routers generally do not have the facility for a default gateway on the LAN side.
You might be able to create a static route for 0.0.0.0/0 with a destination of the firewall interface.
-
do I setup the static route on the Netgear router. If so, how?
-
Don't know, man. This is not a netgear forum.
-
Derelict, Thank you for reply.
I set it up like this: Destination-192.168.4.0/24 Interface-WAN Gateway-192.168.4.1 Is this correct? -
No. 0.0.0.0/0 dest 192.168.4.1
If probably does not support a default route - you're trying to use gear for something it is not designed to do - but it's worth a try.
-
Your other option when dealing with a device that does not allow routes, default route/gateway on its interface is to source nat it.. So now your traffic coming from your lan, pfsense would nat that to look like it came from pfsense IP In opt network, just like when you nat to the public internet. So in that case your netgear just sees someone talking to it from its own network..
While this works, to be honest just get a real AP ;) hehe Can you put 3rd party firmware on that wifi router.. Something like dd-wrt, openwrt, tomato all allow putting a default gateway on the lan interface so you can access the gui from another network.
-
The router is flashed with Gargoyle which I think is Openwrt. I did setup the static route on the netgear like derelict suggested but, that didn't help. I still can't access the router from LAN on 1.1 iP range. I would also like to access folders on the computer connected to the router.
I'll try source nating. Can you provide a quick how-to?
Thanks johnpoz
-
please check out the attached pics. is this where i setup routing and are those entries okay?
 -
your not using it as a gateway any more, change it to a wireless bridge/repeater mode - now it might allow you to set default route on your lan interface..
-
Yes, that thing should be set up as a dumb bridge, certainly not router/gateway.
-
Ok, I set the router to wireless bridge/repeater and now I can ping the bridge IP (192.168.4.2), the Gateway IP (192.168.4.1),
and Insteon hub at 192.168.4.51 all from the LAN but, i can't ping the computer. is this a pfsense issue or window/antivirus?Thank you all for the help.
-
Out of box windows firewall will block pings from anything other its lock network u can change it to allow
-
Got it, Thanks. Am I bridging to the OPT1 (192.168.4.1) interface? also is OPT1 handing out DHCP?
-
Your running your wifi router as ap yes that is bride ypur opt1 could be dhcp unless u have other dhcp on that network typical would be dhcp on pfsense
-
you're right again, OPT1 is setup as DHCP server.