LAN –> OPT1 won't work

  • I cannot get something that I thought I had my head around to work, and I have it working at work where I have set up something similar, but not here at home for some reason.


    pfSense 1.2.3-RELEASE
    3 network cards, WAN, LAN, and OPT1

    LAN is connected to gigE switch, Ip of,  everything works fine, and has for over a year
    OPT1 I have enabled with an IP of
    DLink DI-624 set with static IP of, with cable going from one of the LAN ports on the DLink to the OPT1 interface


    I am trying to access the web setup of the DLink, from the LAN side.  I can ping from Diagnostics –>Ping, and it comes back fine.

    When I try to ping the DLink from my PC, I get nothing.  I have tried adding rules to the OPT1 and LAN firewall pages allowing all to all, but that does not help.

    I am completely stumped, and am sure it's something simple.  Any ideas?  At this point, I am not even trying to allow access by wireless clients to the WAN, because once I have the DLink set up so that I can access the web interface, I am going to turn on encryption in it, and then setup the Captive Portal on the OPT1 interface

    Thanks for all your help

  • your DI-624 most likely doesn't have a way to specify a default gateway or you failed to specify one.


  • Ok - couple of changes to the above setup:

    OPT1 is now WLAN
    WLAN is
    DLink is

    I have followed these instructions:

    Note that when I have the DLink connected to the second ethernet port of my PC, and that ort configured in Windows as, I can access the web interface.  It is when it has to go across the pfSensere box that it becomes inaccesible

    I ran a Packet Capture, and it looks like this:

    01:05:12.077624 IP > tcp 0
    01:05:15.041397 IP > tcp 0
    01:05:21.080069 IP > tcp 0
    01:05:22.077255 IP > UDP, length 254
    01:05:22.077464 IP > UDP, length 272
    01:05:22.077668 IP > UDP, length 326
    01:05:22.078204 IP > UDP, length 318
    01:05:22.078873 IP > UDP, length 248
    01:05:22.079083 IP > UDP, length 290
    01:05:22.079633 IP > UDP, length 322
    01:05:22.080337 IP > UDP, length 268
    01:05:22.080556 IP > UDP, length 320
    01:05:22.081142 IP > UDP, length 314
    01:05:22.081834 IP > UDP, length 246
    01:05:22.082057 IP > UDP, length 289
    01:05:22.082601 IP > UDP, length 319

    I started the packet capture, went to another tab in Firefox, and the tried to aces the web interface address, which timed out, as it always has.  I have all default rules in place, and have added one on the WLAN tab, allowing any protocol,from the WLAN interface.

  • There is a FAQ that explains the best way to setup wifi AP.
    That is the best solution.

    Now if you are trying to access a single device from one network to the other network then you should create an alias for that device, ie 'dlink', and then firewall pass rule to pass LAN traffic to OPT1: [ * | LAN net | * | dlink | ] and vice verses on OPT1: . This should give any PC on the LAN side access to your dlink. Basic MANY to ONE.

    Now for MANY to MANY you wont need to set up any aliases just striaght firewall rules pointing LAN subnet to OPT1 subnet. LAN: [*|LAN net|*|OPT1 net|*], OPT1: [*|OPT1 net|*|LAN net|*]. This should allow all traffic in both directions.
    and last the ONE to ONE. whereby you would create two aliases one for a 'PC' and one for 'dlink' and then create firewall pass rule to pass PC traffic to dlink: [ * | PC | * | dlink | *] and vice verses on OPT1:*   . This should allow access from your PC to your dlink ONLY and should not pass anyother traffic from LAN to OPT1.

Log in to reply