Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    subnet routing

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 2 Posters 786 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cjmdk
      last edited by

      Routing between two subnets in pfSense causes me issues. I have searched to the moon and back - still having the issue.

      My setup:

      pfSense is reset to factory default
      igb0, WAN interface: IP is not within the public range
      igb1, LAN interface: 192.168.1.1/24
      igb2, WIFI interface: 10.10.100.1/30
      

      The wireless access point has IP 10.10.100.2

      How do I access the AP from my pc sitting on the LAN interface?

      These are the configured rules.
      37a61c31-7cb9-4e8a-8d0a-1e0b2c760244-image.png

      kiokomanK 1 Reply Last reply Reply Quote 0
      • kiokomanK Offline
        kiokoman LAYER 8 @cjmdk
        last edited by kiokoman

        @cjmdk
        firewall rules are wrong,

        "WIFI_AP net" would never be a valid source for the LAN interface, it's "LAN net" that need to go to "WIFI_AP net"
        "LAN net" would never be a valid source for the WIFI_AP interface, it's "WIFI_AP net" that need to go to "LAN net"
        you need to think the other way around

        if it's only an Access point is wrong but it's not wrong if your AP is a router.. why /30 ?
        are you able to ping that 10.10.100.2 from lan?

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        C 1 Reply Last reply Reply Quote 0
        • C Offline
          cjmdk @kiokoman
          last edited by cjmdk

          @kiokoman
          Thanks for replying.
          My AP is a tp-link eap225v3

          LAN + WIFI_AP rules are all updated to any. No changes.
          I'm successfully able to ping 10.10.100.2 from my pc. But cannot browse to the AP configuration page.

          10.10.100.1/30 because I do not need more than 1 IP for the AP. Additional VLANs have the WIFI_AP as a parent interface.

          kiokomanK 1 Reply Last reply Reply Quote 0
          • kiokomanK Offline
            kiokoman LAYER 8 @cjmdk
            last edited by kiokoman

            @cjmdk
            try to sniff the traffic with packet capture when you connect to the AP gui,
            possible reasons: maybe the ap have a wrong gateway / wrong netmask

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            C 1 Reply Last reply Reply Quote 0
            • C Offline
              cjmdk @kiokoman
              last edited by

              @kiokoman

              Good idea 👍 Though, I'm not strong in making packet captures. Let you know once I have figured that out.

              I have tried to remove the power from the AP for it to reboot. No change.

              kiokomanK 1 Reply Last reply Reply Quote 0
              • kiokomanK Offline
                kiokoman LAYER 8 @cjmdk
                last edited by kiokoman

                @cjmdk
                are you assigning that ip via dhcp server?
                are you using that ip range somewhere else?
                just to exclude it from possible causes can you try to set the interface to /24 instead?
                there is nothing on the firewall logs ? maybe something blocked from/to 10.10.100.2 ?

                ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                Please do not use chat/PM to ask for help
                we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                C 1 Reply Last reply Reply Quote 0
                • C Offline
                  cjmdk @kiokoman
                  last edited by

                  @kiokoman said in subnet routing:

                  are you assigning that ip via dhcp server? Yes
                  are you using that ip range somewhere else? No
                  just to exclude it from possible causes can you try to set the interface to /24 instead? Sure

                  I just tried to assign an Interface for my NAS the same way (different subnet as well). No issues connecting to my NAS.
                  It might be the AP still has its old configuration from the previous setup. I'll try a hard reset and then a reconfiguration.

                  Can I exclude all the pfsense configuration with regard to NAT? (all settings are factory defaults)
                  I am not any NAT superhero. Unfortunately.

                  98e977c6-0d68-4c51-babe-64fb35f5e521-image.png

                  kiokomanK 1 Reply Last reply Reply Quote 0
                  • kiokomanK Offline
                    kiokoman LAYER 8 @cjmdk
                    last edited by kiokoman

                    @cjmdk
                    nope, nat have nothing to do with lan to wifi_ap
                    if the network is ok only a firewall rule is needed so you can exclude any other settings

                    ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                    Please do not use chat/PM to ask for help
                    we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                    Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                    C 1 Reply Last reply Reply Quote 0
                    • C Offline
                      cjmdk @kiokoman
                      last edited by

                      @kiokoman said in subnet routing:

                      if the network is ok only a firewall rule is needed so you can exclude any other settings? > Perfect, good to know. Thanks.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.