NetGear(s) in AP Mode will not communicate on different LANs (Resolved)
-
NetGear in Access Point Mode will not communicate on different LANs
My configuration:
WAN
LAN1 (Netgear R8500 configured in AP mode)
LAN2 (Netgear R7000 configugred in AP mode)
LAN3- If I'm on LAN1 I can't log into my R7000 on LAN 2 web browser ( I know IP address by going to DHCP leases)
- If I'm on LAN2 I can't not access R8500 using web browser ( I know IP address by going to DHCP leases)
I'm able to ping with reply back. I'm able to communicate with HP printer that's on LAN1 while I'm on LAN2.
I'm able to connect to the R7000 and R8500 if I'm on the same LAN?Any ideas?
-
Hi,
Saw your findings and firewall rules.
I have AP's on 'a LAN2' like you, living on 192.168.2.0/24 and can access them just fine form LAN(192.168.1.0/24).
If you can't solve it with some setting on these NetGear AP, I guess this mighty be true then :
@z71prix said in NetGear(s) in AP Mode will not communicate on different LANs:
NetGear in Access Point Mode will not communicate on different LANs
Btw : I presume your not using your AP's as a router. Just a simple AP, bridging Radio to LAN.
edit : You spotted the rule on each LAN1 and LAN2 interface that is useless ? :)
-
Hello,
Thank you very much for the reply back, I have two rules there due to me trying everything I could think of to correct the issue.
Yes, both are setup as APs and not routers. Strange I can only access them on the same LAN with the rules I have set up. I've removed the unnecessary rules. Still will not communicate, still pings ok.
So stumped on this?
These settings should be correct now.
-
You can't do any better.
For me, traffic passes, but if the NetGear doesn't want to talk to other devices except being present on it's own LAN, then that up to them.
Maybe you should disconnect it (them) and take them for a walk and a motivating discussion ?! ;) -
Thank you, very strange I cannot talk to the routers (AP Mode) from different LANs and it works fine for the LAN it's connected too?
Anyone else with any ideas or experiences?
-
@z71prix do the APs have correct gateway/default route set?
-
Yeah if the device doesn't have a gateway then no you wouldn't be able to talk to from another network... Without source natting the traffic to look like its on the same lan as the device without a gateway.
-
Both routers are setup in default AP mode. The gateways are in the pictures below, looks like gateway received from each LAN on pfsense.
-
Then it could be issue with the netgear just not wanting to allow remote access to its gui... Look to see if you can enable remote admin.
If not since you say it works when you access it from device on that network.. Source nat it so traffic from your remote IP looks like its on that vlan... This is done in the outbound nat tab picking the interface the AP is on, vs the WAN interface.
-
Hello John,
Remote on the routers are unavailable.
I went to NAT Outbound and changed below to LAN1 and LAN2 is this what you were referring too? If so still no communication to the router APs?
-
Dude your natting everything your VPN.. That is most likely where your problem is!!
Why would you not be in hybrid mode if your using a vpn?
And you would want to setup destination on when to source nat the traffic.
-
John,
I followed instructions from someone that setup NordVPN, based on that are where these settings came from. LOL
I want every device on LAN1 to go through VPN. LAN2 I want every device to go though WAN
Does this look correct now based on what I described above? If so still not working.
-
You would probably want to NAT source any or source from an alias with RFC1918. At a minimum you want to NAT from LAN1 sources outbound on LAN2 and LAN2 sources out of LAN1. You also probably want to limit the NAT to just the destination of the APs.
And, yes, you probably want to use Hybrid NAT mode and let it do the heavy lifting with you only adding the LAN1 and LAN2 rules. (Yeah, that's better in Hybrid mode.)
-
I cleaned up NAT and using Hybrid
No VPN internet now on LAN1?
LAN2 internet from WAN is ok.
LAN1 Rules
I'm not sure how to setup an alisas for RFC1918, can you provide guidance? I'm so confused now.
-
Navigate to Firewall > Aliases:
Create an alias for the RFC1918 network ranges. Call it private_networks and include the following ranges:- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
-Rico
-
Hello Rico,
Thank you for the instructions, I did make a small change due to my LANs IP addresses. correct?
Internet works on LAN2 however still not working on LAN1 VPN internet?
-
Got the VPN internet back on LAN1 by adding to NAT? Does this look correct?
-
Why did you check static port on the LAN1 and LAN2 NAT rules. Nobody told you to do that.
-
Hello Derelict,
pfsense defaulted to static. LOL now it's corrected.
-
And does it work? Sniff on lan2 interface when trying to talk to lan2 AP from lan 1... Is the source IP your Lan2 interface IP.. Does the AP answer?
If works really no reason to sniff - but if not working they validate that pfsense is sending with source IP changed..
And NO pfsense does not default to static
