Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    WiFiOPT1 interface cant reach internet

    Firewalling
    4
    8
    3141
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sloan last edited by

      I want to allow a wireless AP net access from OPT1

      This is the rule for the WiFiOPT1 interface I want this to go straight to the internet not to the LAN

      What am i doing wrong?

      FIREWALL RULES fir WiFiOPT1
      TCP  WiFiOPT1 net  *  ! LAN net  *  *

      WAN

      *  RFC 1918 networks  *  *  *  *  Block private networks

      TCP  *  *  192.168.1.1  80 (HTTP)  *  NAT Opening Remote GUI access for PFS

      TCP  *  *  192.168.2.1  25 (SMTP)  *  NAT NAT allow smtp to mail server

      TCP  *  *  192.168.2.1  80 (HTTP)  *  NAT NAT allow http to GEARNET

      TCP  *  *  192.168.2.5  80 (HTTP)  *  NAT Forwarded to SugarCRM

      LAN
      *  LAN net  *  *  *  *

      Firewall: NAT: Port Forward

      WAN  TCP  22 (SSH)  192.168.2.239
      (ext.: 66.74.666.999) 22 (SSH) NAT allow SSH to NSLU server

      WAN TCP 80 (HTTP) 192.168.2.239
      (ext.: 66.74.666.999) 80 (HTTP) NAT allow http to NSLU  server

      WAN TCP 8080  192.168.2.5
      (ext.: 66.74.999.999) 80 (HTTP) Forwarded to SugarCRM

      PFS 2.0 ALPHA-ALPHA on x86 :FreeSWITCH

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        Are you sure you only want to allow tcp but not icmp, udp and so on? Change the protocol to any in your optwifi rule. Guess you just have issues pinging as you don't allow icmp and with nameresolution as you not allow udp.

        1 Reply Last reply Reply Quote 0
        • S
          sloan last edited by

          oops  that was really set to any, as it is now.  I copied it when I was testing switching it around, testing other options etc..

          I can ping VIA pfsense ssh to the server in the DMZ.  so I know the NIC  works.  But some other config is messed up.

          I read the monowall tutorial on DMZ'S that is where I got that firewall rule from.

          Do you have any other suggestions?

          PFS 2.0 ALPHA-ALPHA on x86 :FreeSWITCH

          1 Reply Last reply Reply Quote 0
          • S
            sai last edited by

            you haven't stated what the problem is.

            1 Reply Last reply Reply Quote 0
            • S
              sloan last edited by

              I could be more clear, so here goes.    Here is what i stated above      "I want to allow a wireless AP net access from OPT1"

              I can't ping out of the OPT1 interface to the internet.  I can ping from pf through the OPT1 interface to the DMZ server.  So the nic works.

              I read the monowall tutrorial for DMZ's and implemented the firewall rules to allow access to the DMZ to the net.  But they are not working in my implementation.

              Thanks in advance for any help and for the above replies.

              PFS 2.0 ALPHA-ALPHA on x86 :FreeSWITCH

              1 Reply Last reply Reply Quote 0
              • S
                sloan last edited by

                Here is what I did to fix this.  I reinstalled pf in a live production environment.  I had live hosts attached to all 4 NIC ports.  When I tried to implement the firewall rule as listed in the monowall DMZ tutorial without live hosts attached the NIC would not allow any traffic to the NET.  the NIC's would allow traffic from the pf ssh console to the LAN'S not the other way.  I would normally say pf would not need a live host but this is the third time I tried I fresh install.  The third was a charm.  And only on the third time did i have a live host attached,  so who knows?
                I started with allowing all to all on the LAN2 and LAN3  NIC'S.  Once I knew they were allowing traffic to the net and each other I tightened them down with allow any traffic to the NET and not the other LAN'S.  Similar to a DMZ.

                Right before the new install I was getting some strange firewall errors in the log.  I tried to correct and then went for a fresh install.

                Now I can have WiFi on its own LAN straight to the net,  no access to the other LAN'S.  ;D 8)

                PFS 2.0 ALPHA-ALPHA on x86 :FreeSWITCH

                1 Reply Last reply Reply Quote 0
                • J
                  jeroen234 last edited by

                  sounds like you had made a bridge somewhere
                  but dit not had all conections of the bridge pluged in
                  so then the bridge is broken and will not work

                  1 Reply Last reply Reply Quote 0
                  • S
                    sloan last edited by

                    Yes that probably had something to do with it.  In the configuration I had in the past bridged some interfaces.  It is possible that I did not unbridge them.  Who knows I thought that I did?

                    PFS 2.0 ALPHA-ALPHA on x86 :FreeSWITCH

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post