Connected to wireless interface, yet cannot ping it

  • Hi team

    I have setup a pfSense system (1.2-RC4) with D-Link DWL-G510 Wireless NIC on opt2. This is a supported card

    Everything else with the pfSense box is working OK (connect from LAN to internet on WAN etc).

    The Wireless interface is configured as an Access point. WPA-PSK. My WinXP Spk2 machine authenticates and connects fine. It even gets an IP etc via DHCP (client gets, Access Point IP is

    first problem is that I cannot ping from

    If I run a packet capture from the pfSense box, I can see the ICMP echo requests coming from yet it is not responding.

    (Note: not sure that it affects things at this level, but I have setup firewall rule to allow the WIFI subnet to access the WAN (with or without this makes no difference).

    Any ideas?

  • The WLAN is a OPTx:


    If you want to have Internet access from multiple LAN subnets (on various OPTx interfaces) enable Advanced outbound NAT.
    You need to create a rule for every subnet you want NAT'ed.
    Alternatively you can change the source of single existing rule from LAN to "any" thus NAT'ing everything.
    This might create a problem for FTP with multiWAN
    more here:,7096.msg40810.html#msg40810

    Could you post a screenshot of your rule you created on the WLAN interface here?

  • Hi Gruens,

    I would have thought I'd need to be able to ping the interface (ie have IP working on it) before worrying about NAT and access to the WAN network.

    Never the less I added the rule and still I cannot ping the interface.

    Here is the NAT rules

  • Here are some additional screen shots of the config.

    The only thing that seems a little strange to me is the DHCP leases where it shows the address which is given to the wireless client as expired?? the client shows the lease as still active (as expected).

    If there are not any great ideas I suppose I will simplify the config as much as possible to see where its going wrong. Static IP, no Encryption etc.



  • Your firewall rule is wrong.
    Destination WAN-Interface means EXACTLY THAT

    You allow right now only access to the IP of your WAN.

    Your rule should look something like that:

    Source: "WLAN-subnet" –> or in the case of bridging "LAN-subnet"
    Destination: *

  • Fantastic, all working now. I miss understood thinking that was allowing anything going via the WAN rather than specifically the ip of the WAN interface itself.

    So I have setup as you described but with a rule before it that is blocking anything coming from WIFI headed for LAN subnet.

    Thanks again.


  • If you want to filter from WLAN to LAN you also need to enable the filtering of bridges.

    Advanced –> "Enable filtering bridge"

    Also make sure that your rules have the right order

  • In my case WIFI and LAN are different subnets so I think it should be OK (ie routed not bridged).

    Thanks for the link to the other topic, some useful tips in there


Log in to reply