WLAN web management from LAN single host

I have setup both the LAN (192.168.1.1) and WLAN (192.168.2.1) interfaces on my PCEngines build. I am trying to setup firewall rules so that a single host on my .1 subnet can access the WiFi router web management on my .2 subnet. Specifically, the web management is for my D-Link Wireless AC750 (DIR-816L) WiFi router.

The WiFi Router setup:

uplinks to the .WLAN interface via a LAN port on the router (not the WAN port)
only has the ability to define a gateway on the WAN port (unused)
has a LAN IP of 192.168.2.10 (to access web management)
has DHCP disabled.

I have set the WLAN interface rules to pass DNS. From the WLAN, I can browse Internet and access the WiFi router web management.

I have tried various rules that don't seem to have any affect. For instance:
pass on the LAN interface TCP from source 192.168.1.5:80 to destination 192.168.2.10:80
pass on the WLAN interface TCP from source 192.168.1.5:80 to destination 192.168.2.10:80

Any thoughts?

ptt

Src port = ANY Dst port = 80 (http)

https://doc.pfsense.org/index.php/Firewall_Rule_Basics

https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

Thank you for the links. I tried to see if my logs revealed anything and I am not seeing any blocks for that IP.

I'm still not able to access the web management for 192.168.2.10 from 192.168.1.5

Wouldn't the 'Default allow LAN to any rule' cover this automatically?

Is it an issue with my wireless router? With rules allowing traffic from LAN to any, I should be able to resolve the web admin, but no go.

Any thoughts?

johnpoz

Does your AP have a gateway, if no gateway then no you can not manage it from another network without doing a source nat.

biggsy

It could be the same problem I had here.

Adjust jimp's instructions for your subnets and see if that works for you.