Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    All devices have internet access/pfSense not capturing device traffic and FW rules not effecting devices

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 5 Posters 864 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 4
      4estfire
      last edited by

      AT&T modem/router in ip passthrough. Have its public ip going into pfSense WAN (107.140.#.#).

      Tp-Link wireless router on LAN side with address of 192.168.0.1 (192.168.0.0/24)

      pfSense interfaces:
      WAN: v4/DHCP4: 107.140.#.#/22
      LAN: v4: 192.168.1.1/24

      So no devices (wired or wireless) traffic on the LAN is being captured during packet captures and FW rules don't effect them either. Any help would be appreciated.

      GertjanG JKnottJ 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @4estfire
        last edited by

        @4estfire said in All devices have internet access/pfSense not capturing device traffic and FW rules not effecting devices:

        Any help would be appreciated

        Bad start.
        Right now, the only possible answer is : your LAN rules are wrong.
        And when you talk about packer capturing : the one we can find under Diagnostics => Packet Capture ?
        That one works of course.
        We don't know how you used it. Pretty sure the wrong way.

        Your tp-link wireless router has NAT/router mode enabled ? Why ?

        @4estfire said in All devices have internet access/pfSense not capturing device traffic and FW rules not effecting devices:

        WAN: v4/DHCP4: 107.140.#.#/22

        Are you sure about the /22 ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          The only way you would not see that in a pcap is if somehow the traffic is not going through pfSense.

          So maybe your clients are not connected to the correct AP for example.

          Steve

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @4estfire
            last edited by

            @4estfire said in All devices have internet access/pfSense not capturing device traffic and FW rules not effecting devices:

            So no devices (wired or wireless) traffic on the LAN is being captured during packet captures and FW rules don't effect them either.

            Where is that traffic going to/from? If only on the LAN, then pfSense has nothing to do with it. It only affects traffic between the LAN and Internet.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • T
              tim.mcmanus
              last edited by

              Why is your wireless AP on 192.168.0.1/24 and your LAN on pfSense is 192.168.1.1/24?

              How are you routing between these two subsets?

              4 1 Reply Last reply Reply Quote 0
              • 4
                4estfire @tim.mcmanus
                last edited by

                @tim-mcmanus Thinking you are the closest to ID'ing my issue I think. I'm of course learning, and my training scenarios have not been anything like my home setup. My pfSense LAN IP is like you said .1.1 and the AP/router everything connects to is .0.1/24. Should they be the same? Who is or should be handing out the IPs? I appreciate you patience boss.

                1 Reply Last reply Reply Quote 0
                • T
                  tim.mcmanus
                  last edited by

                  I am going to assume you're not a networking expert. :)

                  I also assume your network looks something like this:

                  [ISP Gear]----[pfSense]---[Wireless AP]

                  Or

                  WAN--Router--LAN

                  If the LAN address of your pfSense NIC is 192.168.0.0/24, then all devices on your LAN must have IP addresses within that same range of 192.168.0.0/24. If you have a device that has the IP address 192.168.1.0/24, that is on a separate subnet. It would not be able to communicate with your LAN.

                  I think that might be your root cause here. Since your AP is on a different subnet than pfSense's LAN, none of the traffic will reach pfSense. You need to change the AP address to a LAN address in order for data to be passed.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    You are using a wireless router as an access point so this should still work if it is still routing (and NATing).

                    But it would be much better to configure it as an access point only and put everything in the same subnet.

                    https://docs.netgate.com/pfsense/en/latest/wireless/use-an-existing-wireless-router-with-pfsense.html

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.