Can't access networks from LAN to OPT1

NogBadTheBad

@beppo said in Can't access networks from LAN to OPT1:

accesspoint

Is it a router with Wi-Fi or an actual access-point ?

beppo

It is an accesspoint. The webinterface is accessible from WLAN network, wired or via radio.

NogBadTheBad

@beppo

I only asked as some people use a home router with Wi-Fi and connect it via the WAN port.

It should route as the networks are directly attached, are there any other devices or could you pop a laptop where the access-point is connected and try that.

It sort of smacks of the access-point not having a default route.

beppo

If I connect a laptop to the switch, where the accespoint is connected, I can connect to the webinterface. But the problem cannot be the accesspoint.

As I did write, I have a small server running. If I connect the server to the switch with the access point, the server is not accessible anymore from LAN network.

I totally agree with you, pfsense should route as the networks are directly connected.

All devices are configured via the dhcp server of the LAN and WLAN interfaces.

I don't know why icmp is working and the rest is not.

NogBadTheBad

Diagnostics -> Test Port

Tried the above from the router using the WLAN as a source ?

beppo

Is working from WLAN and also from LAN.

Did you have a look at the firewall log? It seams like the tcp connection cannot be establish for whatever reasons.

beppo

Update:

Changed both switches, problem still persists.

Scenario 1: Server is connected to LAN network
Ping and TCP/UDP connection (e. g. http, https or ssh) from WAN network to server on LAN network is possible

Scenario 2: Server is connected to OPT1 network
Ping from LAN network to OPT1 is working, TCP/UDP connection (e. g. http, https or ssh) is not working

I really don't know why. The firewall rules are equivalent on both interfaces and allow each interface to any with protocol any.

I would really appreciate if anyone could give me some hints.

Thanks and regards
Alex

johnpoz

@beppo said in Can't access networks from LAN to OPT1:

13:44:59.746014 IP 10.0.1.200.37296 > 10.0.2.2.80: tcp 0
13:44:59.746320 IP 10.0.2.2.80 > 10.0.1.200.37296: tcp 0

That sure looks like your AP aswered.. But maybe it answered back with RST.. Ie F off sort of thing because a remote network is not allowed to access its web gui..

Open that sniff up on wireshark... What does it tell you?

beppo

@johnpoz I think you are correct. I tried ssh to a server connected to OPT1 from LAN network once again and it worked. I seemed to have made a mistake on the ssh try in the first run.

Seams to be some ACL of the access point, although I did not find something in the webinterface.

So it's not a pfsense issue. Thx for your help @NogBadTheBad and @johnpoz .

johnpoz

Many an accesspoint/wifirouter will not allow remote admin. When your not from the local network you would be "remote" so you would have to enable remote admin.

What is the make and model of this AP?