Routing question WAN <<–>>LAN



  • I an having some issue with my setup, which may be is wrongly configured

    WAN side of pfSense is 10.64.5.1/255 with the pfSense WAN address 10.64.5.200 and LAN side is 172.23.1/255.1/255 with pfSense address 172.23.2.4.

    Firewall configured and giving access to pfSense webadmin GUI from WAN when entering its LAN address which is 172.23.2.4.

    on the LAN side I also got a wireless accesspoint with own IP 172.23.2.1. and web GUI port set to 2290

    My issues:
    1. I cannot access accesspoint @ 172.23.2.1 from 10.64.5.1/255 WAN addresses
    2. 10.64.5.200 is invisible, no ping no lookup and no web access
    3. If i change webadmin port of pfSense and ammend firewall in consequence I can no more access its web GUI.



  • I'm trying to figure out what you are saying.

    1. Are you trying to access a LAN ip from the WAN side or are you saying your port forward is not working?
    2. Did you allow ICMP packets in the Firewall for the ping and did you enable NAT reflection for the Web access?
    3. Did you change the NAT settings as well as the Firewall settings?



  • @tommyboy180:

    I'm trying to figure out what you are saying.

    1. Are you trying to access a LAN ip from the WAN side or are you saying your port forward is not working?
    2. Did you allow ICMP packets in the Firewall for the ping and did you enable NAT reflection for the Web access?
    3. Did you change the NAT settings as well as the Firewall settings?

    1. yes trying to access LAN from WAN and yes port  FWD  not working though working ok for router only
    but trying to access the router from WAN on the WAN IP 10.64.5.200:80 is impossible.
    2. ICMP No, now yes and reponding to ping. NAT reflection? please explain, im a novice.
    3. No NAT change, firewall only



  • 1. Did you make a NAT Port Forward entry as well as a Firewall entry (If you create a NAT port forward entry a FW entry will automatically be created)
    2. To enable NAT Reflection uncheck Advanced -> Disable NAT Reflection. You will be able to view publicly shared servers on your WAN that are hosted on your LAN
    3. Change your NAT Port Forward entry as well.



  • @tommyboy180:

    1. Did you make a NAT Port Forward entry as well as a Firewall entry (If you create a NAT port forward entry a FW entry will automatically be created)
    2. To enable NAT Reflection uncheck Advanced -> Disable NAT Reflection. You will be able to view publicly shared servers on your WAN that are hosted on your LAN
    3. Change your NAT Port Forward entry as well.

    1. Solved - Thx
    2. Done what you said but access to accesspoint still impossible from WAN
    3. not trying port change for webadmin of router for now, still fighting to solve point 2.



  • Just double check you NAT port forward settings, something is missconfigured.

    Interface should be WAN
    External Addr should be Interface Addr
    Protocol should be TCP
    External port range should be 80 or http
    NAT IP should be 172.23.2.1
    Local port should be http or 80

    Now check you Firewall rule:

    Action should be pass
    Interface should be WAN
    Protocol should be TCP
    Source should be any
    Destination should be Single Host or alias and 172.23.2.1
    Destination port range should be http or 80
    Gateway should be default

    By the way what is your DynDNS, I can check to see if your AP is in fact accessible from here.


Log in to reply