Routing question WAN <<–>>LAN

upstairs · Aug 21, 2010, 5:22 AM

I an having some issue with my setup, which may be is wrongly configured

WAN side of pfSense is 10.64.5.1/255 with the pfSense WAN address 10.64.5.200 and LAN side is 172.23.1/255.1/255 with pfSense address 172.23.2.4.

Firewall configured and giving access to pfSense webadmin GUI from WAN when entering its LAN address which is 172.23.2.4.

on the LAN side I also got a wireless accesspoint with own IP 172.23.2.1. and web GUI port set to 2290

My issues:
1. I cannot access accesspoint @ 172.23.2.1 from 10.64.5.1/255 WAN addresses
2. 10.64.5.200 is invisible, no ping no lookup and no web access
3. If i change webadmin port of pfSense and ammend firewall in consequence I can no more access its web GUI.

tommyboy180 · Aug 21, 2010, 8:22 AM

I'm trying to figure out what you are saying.

1. Are you trying to access a LAN ip from the WAN side or are you saying your port forward is not working?
2. Did you allow ICMP packets in the Firewall for the ping and did you enable NAT reflection for the Web access?
3. Did you change the NAT settings as well as the Firewall settings?

upstairs · Aug 21, 2010, 4:40 PM

@tommyboy180:

I'm trying to figure out what you are saying.

1. Are you trying to access a LAN ip from the WAN side or are you saying your port forward is not working?
2. Did you allow ICMP packets in the Firewall for the ping and did you enable NAT reflection for the Web access?
3. Did you change the NAT settings as well as the Firewall settings?

1. yes trying to access LAN from WAN and yes port FWD not working though working ok for router only
but trying to access the router from WAN on the WAN IP 10.64.5.200:80 is impossible.
2. ICMP No, now yes and reponding to ping. NAT reflection? please explain, im a novice.
3. No NAT change, firewall only

tommyboy180 · Aug 21, 2010, 4:52 PM

1. Did you make a NAT Port Forward entry as well as a Firewall entry (If you create a NAT port forward entry a FW entry will automatically be created)
2. To enable NAT Reflection uncheck Advanced -> Disable NAT Reflection. You will be able to view publicly shared servers on your WAN that are hosted on your LAN
3. Change your NAT Port Forward entry as well.

upstairs · Aug 21, 2010, 5:58 PM

@tommyboy180:

1. Did you make a NAT Port Forward entry as well as a Firewall entry (If you create a NAT port forward entry a FW entry will automatically be created)
2. To enable NAT Reflection uncheck Advanced -> Disable NAT Reflection. You will be able to view publicly shared servers on your WAN that are hosted on your LAN
3. Change your NAT Port Forward entry as well.

1. Solved - Thx
2. Done what you said but access to accesspoint still impossible from WAN
3. not trying port change for webadmin of router for now, still fighting to solve point 2.

tommyboy180 · Aug 21, 2010, 10:30 PM

Just double check you NAT port forward settings, something is missconfigured.

Interface should be WAN
External Addr should be Interface Addr
Protocol should be TCP
External port range should be 80 or http
NAT IP should be 172.23.2.1
Local port should be http or 80

Now check you Firewall rule:

Action should be pass
Interface should be WAN
Protocol should be TCP
Source should be any
Destination should be Single Host or alias and 172.23.2.1
Destination port range should be http or 80
Gateway should be default

By the way what is your DynDNS, I can check to see if your AP is in fact accessible from here.