Problem accessing static IP on OPT interace
Greetings from Croatia :)
I'm new to pfSense (was using m0n0wall before).
I'm using latest 2.0 snapshot.
I have 3 ethernet NICs WAN(PPPoE) , LAN (192.168.1.1), OPT (192.168.2.1).
Currently, for testing purposes all traffic on all ports is allowed between LAN and OPT interface.
DHCP server is in use on both interfaces.
I have connected wireless AP to OPT interface and gave him static IP 192.168.2.2 (static because it can't use DHCP to get one).
I can ping all PC's and wireless AP from any interface(in every direction), but problem is that I can't access wireless AP web interface (port 80) via LAN interface.
I can access it only from OPT interface.
I have tried to configure one PC on OPT interface with static IP, and I can ping it from LAN interface but file sharing and all other services are not working.
Everything is working only when I try to access this PC from same (OPT) interface.
When I changed this PC IP address to DHCP, I can access all it's services from LAN interface.
So, obviously there is a problem with using static IP.
I have tried to disable DHCP, but same thing happens.
I don't think that's my mistake, is it a bug?
Thanks in advance
Problem on your AP, probably missing/wrong default gateway. PC issue may be local firewall or the same. May be rules related if you aren't actually allowing what you think you are, check firewall log for blocks.
Well, I have checked logs, and yes they are passing, ping is ok , but when trying to open web interface log says it has passed TCP:S (syn) , after that nothing, is that normal?
Regarding PCs, when I set their NICs to DHCP, everything is fine, so why wouldn't be with static ip (gateway,ip and subnet mask are property configured)?
No other firewall's are running on any system..
If they work on DHCP and not static, you didn't have them correctly configured when they were static.
Get a packet capture on OPT1, I'm sure you'll see the TCP SYN there too as you're seeing in the firewall logs, it gets no response because the device doesn't respond to it.
Ok, will check.
I have checked all configurations and seems that there are no any mistakes.
Still not working..
Here is packet capture on OPT1 interface when trying to access web interface of AP which is on OPT1 from LAN.
22:25:09.475325 ARP, Request who-has 192.168.2.2 tell 192.168.2.1, length 46 22:25:09.475838 ARP, Reply 192.168.2.2 is-at 00:1c:f0:7e:aa:d8, length 46 22:25:09.475876 IP 192.168.1.2.52019 > 192.168.2.2.80: tcp 0 22:25:09.476468 ARP, Request who-has 192.168.1.2 (00:30:f1:09:0f:0c) tell 192.168.2.2, length 46 22:25:12.478514 IP 192.168.1.2.52019 > 192.168.2.2.80: tcp 0
Looks as I described previously, you're passing it out to the AP, and it's not responding. Either because it doesn't have the correct default gateway, or because it has some kind of IP-based access control blocking it. That confirms your firewall is fine, look at the AP.
Don't know what to test anymore.
I am using old D-link Di-524 wireless g AP, and I can change only IP address and subnet mask, there is no field for gateway.
Strange thing is that when I'm connected to same interface (OPT1) as AP, I can access his web management, but from other interfaces I can only ping it.
btw. AP is at 192.168.2.2 and subnet mask is 255.255.255.0 , which seems ok.
if your AP doesn't have a gateway, you can't talk to it from any other subnet. You can use outbound NAT so when communicating with the AP it sees the source IP of that OPT interface rather than the real source IP.
Ok will try with NAT outbound, but first I need to read some manual's how to setup it :)