Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Firewall Question regarding OPT1 and OPT2

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thafener
      last edited by

      Hi folks

      I have a pfsense box with two extra interfaces called OPT1 and OPT2.

      Behind OPT1 I have a network with some 40 Network Cams and their
      Camera Server. I can ping them all from LAN and I can monitor them with
      a SNMP tool.

      Behind OPT2 I have a network with some 35 Access Points and one
      Access Point Controller running on Windows XP SP3. In this network I
      can ping the XP host only from LAN, the Ap's to not reply on a ping while
      their IP configuration regarding address, subnet mask and gateway are
      correct.
      However, I can ping the Access Points from the OPT 2 subnet  ???

      How come ?

      Thx in advance

      cheers thafener

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        Going to need a bit more information. Like what are the rules on the LAN interface? Perhaps the access points have a firewall that prevents access from anything but its own subnet. Are all access points using the same model or manufacturer?

        1 Reply Last reply Reply Quote 0
        • T
          thafener
          last edited by

          Thank you for your reply. On LAN I just have the default anti lockout rule and the default allow LAN to any rule.
          Most of the Access Points are Uniquiti Unifi models, but there are some Netgear and Cisco too. As I told you this
          is strange because I can ping them all from the problematic subnet

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            this sounds very much like a device that does not have the correct gateway filled in. It could also be that the AP's block all connections from outside their own subnet (see post podilarius )

            I know of several cheaper accesspoints where you can fill in a gateway, but they don't actually use them. (only gui option)
            I think this is because they use the same hardware as their "router" counterparts and just use a hacked firmware to make them an accesspoint.

            If indeed you are suffering from this kind of issue, then you might not have many options to solve this. (firmware update / support call )
            I get around by using remote desktop to a pc within the same subnet to manage them accesspoints

            1 Reply Last reply Reply Quote 0
            • T
              thafener
              last edited by

              It is exactly as you guessed, these Unifi AP's are not reachable from outside their network, Support just told me.
              Thank you very much for your hints  ;)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.