Need help to access OPT1 from a PC on the WAN subnet



  • Hello all,

    I searched the forum about this and I haven't found something helpfull.

    I'll describe my setup in brief.

    I have an ADSL modem-router with IP 192.168.1.1
    My pfsense WAN IP is static 192.168.1.7
    My LAN is on 172.16.20.1 serving office PC's
    My OPT1 is on 10.10.10.1 with 4 wireless access points connected.

    What I want is to access the 4 access points with IP's 10.10.10.10, 10.10.10.20, 10.10.10.30 and 10.10.10.40 from a PC with IP 192.168.1.10 connected to the WAN side (that is directly to the ADSL modem-router).

    I have tried to allow the firewall to pass all traffic from both the WAN and OPT1 interface but it doesn't work.

    The reason I want this, is because I have remote access to this specific PC (192.168.1.10) from anywhere in the world using remote desktop access with the well known LogMeIn service (free for 5 PC's).

    So I'm logging in from anywhere to that specific PC and I can access pfsense's webGUI (from the WAN side with appropriate rules and https) but i cannot access my wireless access points layed on OPT1.

    What rules do I need to configure for this specific setup and have access to the webGUI of the wireless access points on OPT1 ?

    Thank you in advance and sorry for the long post.

    Regards
    Fanis



  • I believe that pfSense is only going to "publish" things behind the firewall that are configured with NAT mappings. Try setting up a NAT rule where the external IP is the IP of your pfsense box, and the port is port 81. Set the internal IP as that of one of your access points, and set the port to 80 (or 443, whatever port that webGUI is running on). Then try accessing your pfsenseip:81, which should effectively be forwarding the traffic from port 81 to the webGUI port on the access point.

    If that works, then repeat the steps with additional unused ports on the pfsense NAT side. If you want to add a bunch of virtual IPs to the pfsense box, then you could do it all on the normal ports, rather than the way I have suggested. Let me know how it goes.



  • You could also add a static routes on the client or on the ADSL modem pointing to the pfSense for the 10.10.10.x subnet and then create firewall rules on the WAN allowing traffic from the WAN-subnet to the OPT1-subnet.



  • Good point. In either case, the issue is that pfsense isn't answering the requests for those IPs, because they're bound to a different interface. They're not "listening" on WAN. So either direct traffic locally that is for those IPs, to pfsense… or else configure pfsense to listen to something and forward that traffic (as in my example).


Locked