Make it possible for computers to connect between LAN and WIFI?
-
I have three network interfaces in my pfsense, WAN (em1 - DHCP from my ISP), LAN (em0 - 192.168.0.0) and WIFI (vr0 - 192.168.1.0) and as it is now computers on LAN can't connect to computers on WIFI and the same for WIFI to LAN.
I now want to connect computer "PC1" on LAN to mobile "Android1" on my WIFI so these computers can talk with each other.
I also want to make "Android2" on my WIFI only use port 80 to communicate with "PC2" on my LAN.
Both LAN and WIFI can use WAN, so that is not my problem. The problem is the block between LAN and WIFI.
Could someone tell me how i should do? I have not be able to find anything on how i should do this and i'm not an expert either :(
I'm running pfsense 2.3.4-RELEASE-p1.
-
Why do you have a separate network for WiFi? I used to do that back in the days of 802.11b and WEP encryption. WEP was not very secure. However, these days WPA2 is normally used and quite secure. So, I just have my WiFi on the same subnet as my main LAN and it just works.
-
Having LAN and WLAN on different subnets is totally fine. Don't worry, Sopor.
Do you already have rules on LAN and WIFI? Remember that the order of the rules is important!
Create a pass rule on the LAN tab with source: PC1, any port, destination: Android1, no gateway.
That should give you access from PC1 to Android1.Similar an WIFI tab with Android2 as source, any port, PC2 as destination and port 80.
-
Having LAN and WLAN on different subnets is totally fine. Don't worry, Sopor.
Sure, it can work and I used to do the same back in the WEP days, but now it just adds complexity.
-
Why do you have a separate network for WiFi? I used to do that back in the days of 802.11b and WEP encryption. WEP was not very secure. However, these days WPA2 is normally used and quite secure. So, I just have my WiFi on the same subnet as my main LAN and it just works.
I will quote you "…quite secure" yes, but it is still more less secure than a cable connected to my LAN. So i want to have them separated. It will also letting me set different rules for LAN and WIFI much easier. There are always advantages and disadvantages with everything...
-
Having LAN and WLAN on different subnets is totally fine. Don't worry, Sopor.
Do you already have rules on LAN and WIFI? Remember that the order of the rules is important!
Create a pass rule on the LAN tab with source: PC1, any port, destination: Android1, no gateway.
That should give you access from PC1 to Android1.Similar an WIFI tab with Android2 as source, any port, PC2 as destination and port 80.
I have already tried that, but i still can't get it to communicate. I wanted to know if this was possible to do before i spend more time on it? It feels like i have tried everything already, but obvious not. The way you discribes it it sounds very easy. I have to give it a new chans then :)
Yes, i already have other rules and it was quite easy to add and yes, i know the order is important.
-
I need to take a moment to giggle at this reply:
"Why do you have a separate network for WiFi? I used to do that back in the days of 802.11b and WEP encryption. WEP was not very secure. However, these days WPA2 is normally used and quite secure. So, I just have my WiFi on the same subnet as my main LAN and it just works."
Ohhhh the irony! Gotta add wpa2 to the list.
BTW - Check to make sure ap isolation or wifi isolation is off. If your wireless AP is dd-wrt based, you may have a big problem.
I switch off that filter and the firewall and 100% of the time it still rejects packets. -
Having LAN and WLAN on different subnets is totally fine. Don't worry, Sopor.
Do you already have rules on LAN and WIFI? Remember that the order of the rules is important!
Create a pass rule on the LAN tab with source: PC1, any port, destination: Android1, no gateway.
That should give you access from PC1 to Android1.Similar an WIFI tab with Android2 as source, any port, PC2 as destination and port 80.
I have already tried that, but i still can't get it to communicate. I wanted to know if this was possible to do before i spend more time on it? It feels like i have tried everything already, but obvious not. The way you discribes it it sounds very easy. I have to give it a new chans then :)
Yes, i already have other rules and it was quite easy to add and yes, i know the order is important.
Yes this is all possible….
Does your setup looks like the drawing?
-
Does your setup looks like the drawing?
Yes, that seems to be correct.
