Route between 2 interfaces

globexgr

Hi,

i have 2 interfaces Lan (192.168.88.0/24) and Opt1(192.168.77.0/24). I would like to access a computer on opt1 (lets say 192.168.77.10 on port 80) from a computer from lan (e.g 192.168.88.100). From the search i've done on the net i am given to understand that i will need to use another gateway or sth but i just cant get it to work. Can anyone tell me the specific rules and steps i will need to follow to make this work.

tx in advance

EDIT: LAN IP = 192.168.88.1
       OPT1 IP = 192.168.77.1

heper

is pfsense the default gateway for you clients ?

if yes: just add firewall rules to PASS FROM lan to op1 and the other way around.

if no: you gonna have to do the same but also add routes on every client.

globexgr

Tx for the fast reply.

My default gateway (copied from pfsense) is this: WAN (default) WAN 192.168.16.1 192.168.16.1 Interface WAN Dynamic Gateway

So i guess i fall to the second category. Right?
I have two questions.
A. why do i have to add PASS rule from opt1 to lan.
B. How exactly do i set up those routes. Do you mean that i have to perform configurations on the source and target device? Isn't that doable through pfsense only. I need more detail in that one.

heper

how is your network layout ??

internet – Pfsense __ LAN---PC1 , PC 3
                            | __OPT1-- PC2, PC4

if it is like that, then pfsense IS your default gateway ... then you only need to add the firewall rules.

A. why do i have to add PASS rule from opt1 to lan.

if you wish to be able to connect from OP1 to LAN then you need one, if not, then you don't

globexgr

Yes this is my network layout more or less. I have done what you said and tested it with netcat. I do find the specified port open on the host of OPT1 from LAN but then the connection is reset. Sniffing with wireshark i see that i manage to perform a full 3-way handshake but then the pc on OPT1 sends a RST packet. I am not sure whether i will be able to connect to an application running on that machine yet.

My exact set up is this.

internet – Pfsense __ LAN---PC1 , PC 3
                           | __OPT1--Bridge--- PC2, PC4

The bridge is nothing but a router running in bridge mode so i can connect multiple computers to the OPT1 interface. So my initial purpose was to connect to the bridge's web interface which i though would be possible if i could access the OPT1 subnet but i cannot. So am I missing sth here? My assumption is that you can access the bridge's interface through OPT1 only. Is that correct?

EDIT: Yes i can connect to a remote folder in the OPT1 from LAN. So that means it will work. But my second question remains. Why cant i access the bridge's web interface?

podilarius

It might not have a gateway set and if it does, it might not be pfsense on that interface.

globexgr

Indeed you are right. The gateway IP of the bridge is the IP of the Bridge (192.168.77.10). But when i add a route to 192.168.77.1 i lose access to the bridge. I am really confused about how this works. I attach a screen of the routing table in the bridge.

podilarius

What kind of device it that?
If is in bridge mode, then it should be able to pass traffic even to itself. It is very unusual that a device would use itself for a gateway as it seem like an infinite loop. Usually you are going to use a device one step up (IE the pfsense route/firewall).

globexgr

It is a wlan router (see http://www.baudtec.com.tw/p_wlan%20adsl2+%20router_tw263r4.htmfor more details). The only configuration i have done is to set it in bridge mode. The OPT1 subnet has access to both the bridge and the pfsense.
But as i said i can't access it from the LAN subnet even though i can see a service on the OPT1 subnet. Is it possible that by default this device does not allow traffic coming from the outside??? After all it was meant to be used as a home adsl2 router (it was provided to me by my ISP) so you wouldn't want anyone to access it from outside. Just saying. It is confusing though. Let me know if you need more screens, info or anything else.

P.S. Is it possible to VPN to the OPT1 and access it "from inside". Would this work as a workaround or am i misinterpreting the concept of VPN?

podilarius

It would still need to be routed. So, your theory is probably correct in that your wlan router is setup in such as way as to block access. It is hard to tell if that is because it is blocking private IPs or any access. If you have access to the configuration, it should be easy to check or change that behavior.

gderf

@globexgr:

My exact set up is this.

internet – Pfsense __ LAN---PC1 , PC 3
                           | __OPT1--Bridge--- PC2, PC4

The bridge is nothing but a router running in bridge mode so i can connect multiple computers to the OPT1 interface.

Wouldn't a hub or switch be a better choice instead of that "bridge" or is it also being used as an access point?

podilarius

according to his posts, it is an access point (wlan). but I could be wrong.

gderf

@podilarius:

according to his posts, it is an access point (wlan). but I could be wrong.

According to his posts it's an ADSL router. I use mine here as an access point by disabling its WAN port and plugging one of the LAN ports into my LAN's switch.

I don't see anything in his posts saying he is actually using it as an access point. The way I read it, he's using it as a hub. If that's true, why does he need to see the ADSL router's web pages?

podilarius

No idea. I do exactly the same thing. I don't use the WAN port at all.
Even if he was using it as a switch, the WAN on that should not be used, just one of the LAN ports would work.

globexgr

Wouldn't a hub or switch be a better choice instead of that "bridge" or is it also being used as an access point?

Yes it would be…but i had a spare router so i used that instead of buying a switch. It is not used as an wireless access point though as i have disabled the wifi.

The way I read it, he's using it as a hub. If that's true, why does he need to see the ADSL router's web pages?

Correct me if I am wrong but i think i am trying to use it as a switch. The reason i need to access its web page is because i want to manage all my network devices from the lan subnet.

Even if he was using it as a switch, the WAN on that should not be used, just one of the LAN ports would work.

There is no distinction between WAN and LAN ports as far as i can tell. Maybe because its an ADSL router and its meant to be used to connect you to the internet and not a different subnet.Just saying.

Is it possible to VPN to the OPT1 and access it "from inside". Would this work as a workaround or am i misinterpreting the concept of VPN?

Nobody really answered that question.

P.S. Tx for the feedback. Even if we don't make it work i appreciate the responses.

podilarius

As a test, plug it up the pfsense interface into the "LAN" switch port on that device and see if all works like expected. Setting up a VPN probably won't work, but you can give it a try.

dguy

i may be wrong but you should be able to just use your LAN port without bridging.

i have two wireless routers configured in my network. i simply don't plug in the WAN port and just use the LAN ports essentially as a switch. in your case turn off bridging, plug ethernet into LAN (i.e. Port 1) with IP 192.168.77.10; have that connect to your pfsense box (IP 192.167.77.1) and see if that works.

i checked the documenation of your router and it looks no different than your typical routers except for the ADSL port acting as the WAN.

i agree that the VPN scenario probably won't work, or is too complex a solution for what you want to accomplish.