Is this possible, how?



  • pfsense box = 192.168.1.1
    AP = 192.168.1.x

    AP is connected to the switch
    AP uses port 80

    pfsense box uses port 8xxx

    –------------------

    I want to access my AP outside my network

    e.g.

    http: / / mydns . dns which supposedly will redirect to my AP

    I can access my pfsense box outside my lan already, but I can't figure out how to do it to access my AP remotely.

    Is this possible, if yes.. please guide me how to do this.

    thanks in advance
    -cruzades



  • So create a NAT entry for the AP, make sure create firewall rule is checked.

    Please search the forums before posting, search documentation, or do google your question.



  • @tommyboy180:

    So create a NAT entry for the AP, make sure create firewall rule is checked.

    Please search the forums before posting, search documentation, or do google your question.

    which NAt specifically, IFAIR.. I did it already but still I can't get through to my AP.

    thanks for the reply.



  • @tommyboy180:

    Please search the forums before posting, search documentation, or do google your question.



  • ait

    before I proceed with your good suggestion, can you answer me directly.. "is it possible or not"?

    actually, if you had pointed me to the documentation you're referring, I would have something to start with.

    I'm lost in this.. what will I google? "how to break my AP"?

    "how to access my AP which is connected to switch using pfsense with 192.168.1.1"?

    this was suggested by your friend google..
    http://doc.pfsense.org/index.php/InstallationGuide

    and this from your other friend documentation..
    http://doc.pfsense.org/index.php?title=Special%3ASearch&search=how+to+access+AP+configurator+in+WAN&go=

    it helps me a lot, right?



  • I apologize,
    I understand a more direct answer is what you needed more than me wasting your time, although I think the answer you seek is easily found on this forum or the documentation.
    With that said,
    It is very possible and very easy.

    1. Create a NAT entry for your AP with port 80 and the AP IP address on its respective network. This will also create a FW entry for you. 2. Point your DynDNS to your public IP.
    3. You're done.
    When you browse your DynDNS record in a browser you will see your AP. NOTE: to browse this from within your network you will need to turn on NAT reflection.

    I do not recommend doing this however. Your AP will now be susceptible to outside attack. If the authentication were compromised an attacker could easily get into your network.

    My recommendation would be to utilize SSH to access your AP outside of your network. If you like I could go into more detail.



  • I don't think you are being specific enough about which NAT type to use.

    cruzades:  Specifically, he was talking about making a port forward under Firewall: NAT.



  • @Efonne:

    I don't think you are being specific enough about which NAT type to use.

    cruzades:  Specifically, he was talking about making a port forward under Firewall: NAT.

    Thank you. I left that out.



  • @efonne

    I have AP that is connected to switch with an IP of 192.168.1.XX, pfsense is connected to same switch where AP is connected.

    I've said at my first post.. I "can" access the web config of pfsense (192.168.1.1:<port>) outside my LAN, meaning I fully understand what tommy is saying about "port forwarding".

    @tommy

    thanks for the 3rd reply you made, I think I'm getting you confused about what I wanted to do, and my apology too.

    here is the situation:

    AP –--------
    pfsense ----| -- switch ---- pc1
                                    |----pc2
                                    |----pc3
                                    |--- .... etc..

    AP's ip is 192.168.1.xx with port 80
    pfsense's ip is 192.168.1.1 with port 8xxx

    accessing my pfsense's config "outside" my LAN is perfectly working, meaning I know something about 'port forwarding'
    accessing my AP "outside" my LAN is not working, inspite of portwarding.

    e.g.

    http://mydns.org:8XXX brought me to web configurator of pfsense.--- worked OK
    http://mydns.org never brought me to AP's configurator which is I wanted to achieve. -- never worked.

    note: I did the 'portwarding' that tommy is saying unlike with the pfsense ip, I use the AP's ip instead.

    thanks again.</port>



  • I wonder if NAT reflection is the issue. Is that feature on?



  • @tommyboy180:

    I wonder if NAT reflection is the issue. Is that feature on?

    yup, it is ON, should I turn it off?



  • Depending on how you are setting up access to the pfSense system, you may not even be using a port forward at all for that.  It only needs a firewall rule to allow it in, which is less than what is needed to access the AP from outside your network.

    Anyway, I wouldn't recommend exposing it to the internet either.  It would be better to tunnel it through SSH (as already suggested) or a VPN.


Log in to reply