Cannot access static IP from other interface (using WRT54GL as Access Points)
-
Hi,
I'll try to describe my problem as clearly as I can. I've got a pfsense box up and running with the 2.0 release. We have 3 interfaces configured: WAN, LAN and "Public". "Public" is used for a wireless network which shouldn't be able to access the internal things on LAN. I guess this is a very common setup.
Now, on the "Public" network we have 3 access points. One of which is a Linksys WAP54GL (a real access point) which has a static DHCP lease on it's mac adress. This makes it very easy to monitor it from a computer on the LAN interface with some firewall rules in pfsense.
We also have two Linksys WRT54GL's setup as Wireless access points (by not connecting them on it's WAN port but on one of the normal ports). The problem with these is that we cannot activate DHCP on the normal ports, so they cannot recieve an IP from pfsense. Thus, we've configured a static IP on them. They do work fine as access points in this situation, but our problem is that we cannot monitor them from the computer on the LAN interface. We can neither ping nor access their web interfaces.
Does anyone know why the routing is so different using static vs. dynamic IP addresses? How can we solve this issue?
Thanks for your time!
-
Wow, 194 views and no reply! I was considering filing a bug report, but then I found this:
http://redmine.pfsense.org/issues/1491So atleast someone else had the same problem, and the advice he got was to post here. Is there anyone here who has this working? Because then atleast I know that it's possible and not a bug.
-
I think this isn't a bug of pfsense. It is just misconfiguration on the WLAN AP or disability of the WLAN AP.
Do you use DD-WRT on this AP ?
http://www.dd-wrt.com/site/indexThere you can change from where you can access the web GUI, from WAN port, from LAN, from wireless. You can assign the WAN port to the switch and so on. Please check the AP configuration - there should be the problem and this is what was the answer on redmine because it is not a bug of pfsense nor pfsense related.
-
The reason I doubt the WRT54GL's are the problem is that accessing them when on the same network works flawlessly. We've got two of the WRT54GL and they share the same issue. We're not yet using DD-WRT but we might consider using it if it solves the problem. Note that we also have a WAP54GL with static dhcp lease and this one we can access from both networks without troubles.
When I get back from the holidays I'll try to set a static ip on a computer and see if the problem is reproducible without the wrt54gl.
-
You're missing a default gateway, hence have no return routing. You can't put one on a Linksys with stock firmware unless you use the WAN port, which you don't want because that leaves you with double NAT and you just want them to be a bridge only. You'll either have to use one of the alternative firmware distros like DDWRT, or configure outbound NAT to translate to the interface IP when accessing those APs so they don't need return routing.