subnet routing

cjmdk

Routing between two subnets in pfSense causes me issues. I have searched to the moon and back - still having the issue.

My setup:

pfSense is reset to factory default
igb0, WAN interface: IP is not within the public range
igb1, LAN interface: 192.168.1.1/24
igb2, WIFI interface: 10.10.100.1/30

The wireless access point has IP 10.10.100.2

How do I access the AP from my pc sitting on the LAN interface?

These are the configured rules.

kiokoman

@cjmdk
firewall rules are wrong,

"WIFI_AP net" would never be a valid source for the LAN interface, it's "LAN net" that need to go to "WIFI_AP net"
"LAN net" would never be a valid source for the WIFI_AP interface, it's "WIFI_AP net" that need to go to "LAN net"
you need to think the other way around

if it's only an Access point is wrong but it's not wrong if your AP is a router.. why /30 ?
are you able to ping that 10.10.100.2 from lan?

cjmdk

@kiokoman
Thanks for replying.
My AP is a tp-link eap225v3

LAN + WIFI_AP rules are all updated to any. No changes.
I'm successfully able to ping 10.10.100.2 from my pc. But cannot browse to the AP configuration page.

10.10.100.1/30 because I do not need more than 1 IP for the AP. Additional VLANs have the WIFI_AP as a parent interface.

kiokoman

@cjmdk
try to sniff the traffic with packet capture when you connect to the AP gui,
possible reasons: maybe the ap have a wrong gateway / wrong netmask

cjmdk

@kiokoman

Good idea Though, I'm not strong in making packet captures. Let you know once I have figured that out.

I have tried to remove the power from the AP for it to reboot. No change.

kiokoman

@cjmdk
are you assigning that ip via dhcp server?
are you using that ip range somewhere else?
just to exclude it from possible causes can you try to set the interface to /24 instead?
there is nothing on the firewall logs ? maybe something blocked from/to 10.10.100.2 ?

cjmdk

@kiokoman said in subnet routing:

are you assigning that ip via dhcp server? Yes
are you using that ip range somewhere else? No
just to exclude it from possible causes can you try to set the interface to /24 instead? Sure

I just tried to assign an Interface for my NAS the same way (different subnet as well). No issues connecting to my NAS.
It might be the AP still has its old configuration from the previous setup. I'll try a hard reset and then a reconfiguration.

Can I exclude all the pfsense configuration with regard to NAT? (all settings are factory defaults)
I am not any NAT superhero. Unfortunately.

kiokoman

@cjmdk
nope, nat have nothing to do with lan to wifi_ap
if the network is ok only a firewall rule is needed so you can exclude any other settings

cjmdk

@kiokoman said in subnet routing:

if the network is ok only a firewall rule is needed so you can exclude any other settings? > Perfect, good to know. Thanks.