Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Router-Router users not allowed through

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 638 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DeanoEvans
      last edited by

      Hi all

      At my work place, we use an Ubiquiti Nanostation to transmit a wifi signal across our camp (we're in the Antarctic so cabling is next to impossible). Any one connecting to this can access the Netgate SG-3100 firewall, through the gateway (Either a BGAN or Openport - set up with failover) and then are allowed through to the very limited internet.

      We have a few harder structures where we use other Nanostations to receive the same camp-wifi signal directly connected to Ubiquiti Picostations internally with another wifi on a different channel rebroadcasted a local wifi internally - essentially acting as relays/boosters. The Nanostations act as Stations, and the Picostations act as Access Points - with no DHCP enabled (all IPs are handled by the SG-3100). It all works well, except when someone connects to one of these internal wifis, they cant directly access the firewall. They cant ping the IP, or load the web interface, and they cant get to the gateway but they do get an IP from the firewall... They can ping everything else on the network just fine, and the Nanostations and Picostations can ping the firewall and gateways just fine.

      Those users have firewall rules allowing unlimited internet access through the primary gateway, but they still cant get to the firewall. If they jump onto the camp wifi they have no problems at all. I've tried creating firewall rules to allow everyone on the network to have access to the firewall, but it still doesnt work (and I shouldnt have to anyways). I've added the IP of the Nanostations and Picostations with access also

      Is this a pfsense/firewall problem or a Ubiquit problem?

      GertjanG 1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Maybe it's only me, but I don't really get what you are doing there.
        Can you draw a picture of this setup?

        -Rico

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @DeanoEvans
          last edited by

          @deanoevans said in Router-Router users not allowed through:

          but they do get an IP from the firewall

          That's only one third of most essential luggage. What about a DNS and a gateway ? (and check LAN "mask")

          If not, as @Rico : for you, your network setup is clear as water (well : ici here) but I can't "see" the global picture.
          A drawing ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • D
            DeanoEvans
            last edited by

            0_1543602762595_ug.png

            Apologies for the crude drawing. I can use my phone in Situation A and have full access to the firewall, web interface, gateways and the internet. If I go inside and jump on the MainTent SSID, I cant access the Firewall or anything behind it, but I still get an IP from the DHCP on the firewall.

            1 Reply Last reply Reply Quote 0
            • D
              DeanoEvans
              last edited by

              Figured it out!

              Under DHCP, I had ARP Table Static Entry ticket when assigning a static IP. I disabled that and now it works.

              Thanks for the help

              1 Reply Last reply Reply Quote 1
              • C
                Conalduggan
                last edited by

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.