Bridging different networks (LAN & WLAN)
-
Hi guys,
I'm trying to access a Wireless AP from a computer on another network so I can admin it… I tried a lot of things but can't get it to work:
Here are my firewall rules for the wlan interface:
I have a DHCP server running on both 192.168.2.0 and 192.168.3.0 and all clients are getting an ip.
I added a bridge between LAN and WLAN.
Also I don't want the wireless clients to access the lan at all but want an admin computer to be able to access the wireless ap
Any ideas?
-
Try this way ( it works for me, without bridge nothing ) maybe is not the "best / pro" solution but works
Go to "Firewall : NAT : Outbound" and enable: "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)"
then, create a NAT rule:
Interface: WLAN
Protocol: any
Source: Type: Network
Address: 192.168.2.0 / 24 ( if your lan is /24 )
Destination: any
Translation: Address: Interface address
Then save & test
Ps. Remove the bridge between LAN /WLAN
-
l . . . but want an admin computer to be able to access the wireless ap
Do you pfSense LAN interface firewall rules allow access to the AP?
Does you AP allow management access from the admin computer?
-
Hello!
-
Remove bridge, bridge is to make them on the same network.
-
No need to NAT, thats for WAN traffic
-
Just add firewall rules to allow and block the right access.
Look at my screenshots.
Rule 1 on LAN interface is to allow everything on my LAN to both WAN and DMZ(your WLAN)
If you want restrictions then you need to adjust this one or add rules before it.
Rule 2 on DMZ is to block all traffic from DMZ to LAN.
Rule 3 on DMZ is to allow all traffic to WAN.
If you need to allow some traffic from DMZ to LAN you need to add rules before no 2 like I did with rules 4.
Now you should bee able to access everything on the WLAN from your LAN.
-
-
Thanks guys I managed to make it work with all your comments.
-
Here's what I did:
The problem was on the AP. It was simply not able to get an ip from the pfsense DHCP so I had to set it static, disabled DHCP on it, used it's switch ports, etc.
and opened the right traffic on pfsense:
By the way, do you guys get the ICMP to pfsense being blocked in the logs? I did not get that before 2.0-RELEASE. I had to create the "Allow Ping" rule so it doesn't appear in the logs.
-
By the way, do you guys get the ICMP to pfsense being blocked in the logs? I did not get that before 2.0-RELEASE. I had to create the "Allow Ping" rule so it doesn't appear in the logs.
If I remember right then the default block rule is set to log.
So if you don´t want it to log every block then you need to create your own default block rule at the end without logging. -
yep, that's what I did.
but my question was about that icmp packet being new as I never got this with previous version (and same rules)