Problem to reach LAN from WLAN

climblinne

I have the following configuration under PfSense 2.0.1:

WAN1: Not used until now, will be a static IP address from Wimax connection
WAN2: ADSL-Router, IP DHCP, 192.168.1.2, Gateway 192.168.1.1, Firewall - default blocking
LAN: 10.17.60.251, No DHCP, Mask 255.255.255.0, Firewall: Allow *
WLAN1: 192.168.2.1, DHCP activated, Mask 255.255.255.0, Firewall: Allow *
WLAN2: 192.168.3.1, DHCP activated, Mask 255.255.255.0, Firewall: Allow * (same wireless card, second AP)

Internet through WAN2 from LAN, WLAN1 is working.
Access from LAN to WLAN1  is working.
Access from WLAN1 to LAN is not working and I don't understand why?

Actually NAT is set to auto translation. The route list in the status looks correct.

In the beginning I had the LAN segment at the WAN port and this I could reach from the WLAN port.
Hopefully anybody can help me…

heper

normally a firewall rule on the wlan tab with destination any or lan-subnet should work if the default gateway is used.

be sure you havent specified a specific gateway on the "allow *" rule

marvosa

Are you getting internet on WLAN2?

So on WLAN2, you have created a 2nd AP configured with the 192.168.3.0/24 subnet on the same card for people to connect to? (a network map would be helpful)

Can you post the routing table on PFsense?

climblinne

@heper:

normally a firewall rule on the wlan tab with destination any or lan-subnet should work if the default gateway is used.

be sure you havent specified a specific gateway on the "allow *" rule

I use the default gateway already with all set to "*"

climblinne

@marvosa:

Are you getting internet on WLAN2?

So on WLAN2, you have created a 2nd AP configured with the 192.168.3.0/24 subnet on the same card for people to connect to? (a network map would be helpful)

Can you post the routing table on PFsense?

One WLAN should be for internal use and the other one should be later a guest account with internet access only.
But until now both are full functional with * rules and internet is working for both of them.

The WAN1 sould be later the main internet connection & WAN2 the backup internet connection. WAN2 i also used later for the guest access. For testing I only have WAN2 connected, because our other router is still active :)

IPv4
Destination Gateway Flags Refs Use Mtu Netif Expire
default 192.168.1.1 UGS 0 7946 1500 vr2
8.8.8.8 192.168.1.1 UGHS 0 372 1500 vr2
10.17.60.0/24 link#1 U 0 734 1500 vr0
10.17.60.251 link#1 UHS 0 0 16384 lo0
1.2.3.224/30 link#2 U 0 0 1500 vr1 //  not used WAN1 IP modified
1.2.3.226 link#2 UHS 0 0 16384 lo0 // not used WAN1 IP modified
127.0.0.1 link#6 UH 0 155 16384 lo0
192.168.1.0/24 link#3 U 0 20687 1500 vr2
192.168.1.2 link#3 UHS 0 0 16384 lo0
192.168.2.0/24 link#9 U 0 4893 1500 ath0_wlan1
192.168.2.1 link#9 UHS 0 0 16384 lo0
192.168.3.0/24 link#10 U 0 8444 1500 ath0_wlan2
192.168.3.1 link#10 UHS 0 0 16384 lo0