Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall blocks Nexus 7 in LAN

    Firewalling
    2
    19
    2953
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrsunfire last edited by

      Hi!

      I'm using my Nexus 7 in LAN, connected via WLAN. If I want to upload files from a PC in LAN using app AirDroid, I also get some errors on firewall logs, see below.
      Normaly, every access from LAN to LAN should be allowed. If I check "Easy rule: pass this traffic" it still won't work and show me an other source port.
      If I'm using the Server who provides my WLAN access point, I can upload everything. Reading from N7 via AirDroid also is working.

      Whats the problem? What can I do, to allow all that traffic?

      EDIT:

      I forgot. I'm routing from my LAN net (192.168.1.0/24) into the WLAN network (192.168.0.0/24 via the server in LAN (192.168.1.10)

      1    <1 ms    <1 ms    <1 ms  pfsense.net [192.168.1.1]
      2    <1 ms    <1 ms    <1 ms  Server.net [192.168.1.10]
      3    42 ms    5 ms    3 ms  tablet.net [192.168.0.9]


      1 Reply Last reply Reply Quote 0
      • K
        kathampy last edited by

        If you're routing between LAN and WLAN using something other (192.168.1.10) than the default gateway (192.168.1.1) then you need either:

        1. Static routes on the clients on both LAN and WLAN to each other via 192.168.1.10.

        OR

        2. Static routes on the default gateways of LAN and WLAN to each other via 192.168.1.10.

        If you're using #2, you need appropriate firewall rules on the default gateways. In either case this is bad architecture and you should just use pfSense to route between LAN and WLAN and use pfSense as the default gateway for both.

        1 Reply Last reply Reply Quote 0
        • M
          mrsunfire last edited by

          Hm yes, I've setup a second gateway (192.168.1.10)
          Maybe I'm blind, but where can I set static routes in pfsense? I don't want to setup them on the clients. Just share the DNS server (pfsense) via DHCP to the clients.

          1 Reply Last reply Reply Quote 0
          • K
            kathampy last edited by

            You can also send the default gateway and additional static routes to clients using DHCP option 121. If you have two gateways, do this to prevent unnecessary load on pfSense. You must mention the default gateway in addition to any static routes in DHCP option 121.

            Better yet, stop using a separate gateway and use pfSense as a router.

            1 Reply Last reply Reply Quote 0
            • M
              mrsunfire last edited by

              I know, but the problem is I need the Gateway 192.168.1.10 cause on this server is my access point for private WLAN. So only he knows the clients of his WLAN.

              Its like this:

              WLAN –-----------------------Server --------- pfSense ------------ LAN Clients
              192.168.0.0/24        192.168.1.10        192.168.1.1        192.168.1.0/24

              1 Reply Last reply Reply Quote 0
              • K
                kathampy last edited by

                Just plug the access point into another interface on pfSense if you really want it on a separate ethernet network.

                1 Reply Last reply Reply Quote 0
                • M
                  mrsunfire last edited by

                  This might be an idea. But what will it change? The server is the access point, but a server also for http and so on. So I would also need him as gateway becouse pfsense dont know about the WLAN net.
                  Dont forget, all other WLAN devices works fine. Its only with the nexus and while uploading files to it with airdroid app.
                  What does the firewall blocks say to you? For me there is no reason to block.

                  1 Reply Last reply Reply Quote 0
                  • K
                    kathampy last edited by

                    pfSense will know when you plug the AP into another interface and give it an IP address of 192.168.0.1/24. Then plug the private interface of the server into the AP as well.

                    Android follows network spec more strictly than others (e.g. it breaks if you don't include the default gateway in DHCP option 121). It will break if you setup is invalid, which it is.

                    1 Reply Last reply Reply Quote 0
                    • M
                      mrsunfire last edited by

                      I cant, couse AP uses the connection from server and dont has an own one. Pls read the edit of my previous post.

                      1 Reply Last reply Reply Quote 0
                      • K
                        kathampy last edited by

                        What kind of access point is it?

                        1 Reply Last reply Reply Quote 0
                        • M
                          mrsunfire last edited by

                          A asus pci-e wlan network card. If Im right its the PCE-N53.

                          1 Reply Last reply Reply Quote 0
                          • K
                            kathampy last edited by

                            Plug the AP, server's private interface and a new pfSense interface into a switch. Plug the server's LAN interface, pfSense's LAN interface and LAN clients into another switch. That is all. Use pfSense as the default gateway for everything.

                            1 Reply Last reply Reply Quote 0
                            • K
                              kathampy last edited by

                              @mrsunfire:

                              A asus pci-e wlan network card. If Im right its the PCE-N53.

                              Then just plug it into pfSense. Problem solved. You don't need to do anything else other than create firewall rules for the private WLAN.

                              1 Reply Last reply Reply Quote 0
                              • K
                                kathampy last edited by

                                You could also enable vLANs on the server and trunk the AP and LAN it to pfSense on separate LAN and WLAN interfaces over the single LAN cable.

                                1 Reply Last reply Reply Quote 0
                                • M
                                  mrsunfire last edited by

                                  I cant. The network card dont has an own network connection. Its usung the connection from the server to pfsense. Thats why I have an other network. Maybe I should buy a network card with RJ45 connection.
                                  Dont know if vLan would work on a Windows XP machine.

                                  1 Reply Last reply Reply Quote 0
                                  • K
                                    kathampy last edited by

                                    See my 2nd last post. Plug the wireless card directly into pfSense.

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      mrsunfire last edited by

                                      How, without an ethernetconnection? The card only has PCI-E.
                                      http://www.asus.com/Networking/PCEN53/

                                      1 Reply Last reply Reply Quote 0
                                      • K
                                        kathampy last edited by

                                        Plug the card into pfSense and remove it from the server!

                                        1 Reply Last reply Reply Quote 0
                                        • M
                                          mrsunfire last edited by

                                          Ah lol ok, I understood ;). I don't prefere that, becouse there is already my public WLAN (Hotspot) and not enough space.
                                          Maybe it's an idea to install a second networkcard in the server and connect it with pfsense, and bridge that to the WLAN card?!

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post

                                          Products

                                          • Platform Overview
                                          • TNSR
                                          • pfSense
                                          • Appliances

                                          Services

                                          • Training
                                          • Professional Services

                                          Support

                                          • Subscription Plans
                                          • Contact Support
                                          • Product Lifecycle
                                          • Documentation

                                          News

                                          • Media Coverage
                                          • Press
                                          • Events

                                          Resources

                                          • Blog
                                          • FAQ
                                          • Find a Partner
                                          • Resource Library
                                          • Security Information

                                          Company

                                          • About Us
                                          • Careers
                                          • Partners
                                          • Contact Us
                                          • Legal
                                          Our Mission

                                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                          Subscribe to our Newsletter

                                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                          © 2021 Rubicon Communications, LLC | Privacy Policy