Unable to access internet from AP

renatohtpc · Feb 20, 2015, 2:15 AM

Like this?

Thanks again for your help.

Renato

Derelict · Feb 20, 2015, 3:03 AM

Looks good. It really doesn't matter, but you might want to be consistent for consistency's sake on the source addresses. Either from BLUE net or from any. For me, I like rules that do the same thing to look the same.

That should be working pretty well for you.

renatohtpc · Feb 21, 2015, 4:02 PM

Derelict

Thanks for your help. Now I have the AP working.

Here is another question. I clearly must not understand firewall rules!

I am trying to access the AP from the LAN network. I have the following rule on the lan. I would have thought that these rules could allow any device on the LAN to connect to any of the other Interfaces including the BLUE interface.

If I try and go to http://192.168.2.2 I should be able to see the netgear page. I get nothing, "The connection was reset".

What am I missing?

Thanks
Renato

Derelict · Feb 21, 2015, 6:03 PM

Is the AP set on 192.168.2.2? Does the AP have the proper netmask? Can you set a default gateway on the LAN interface (that can be trouble). If not can you set static routes in the AP? It needs to know to send traffic for anything but its own subnet (192.168.2.0/24) to pfSense for routing. Maybe set a static route for 192.168.0.0 255.255.0.0 with a gateway of pfSense's address on that segment.

renatohtpc · Feb 21, 2015, 10:14 PM

Derelict

Here is a screenshot from the AP.

Thanks
Renato

Derelict · Feb 21, 2015, 10:55 PM

Hmm. What happens with https?

hda · Feb 22, 2015, 12:19 AM

Does it matter/help if you give the AP a Static, outside the pool, i.s.o. a Dynamic. ?
I use a Zyxel 3205v2 wired to pfSense. Clients of this AP get the dynamic IP from the pfSense DHCP-server.

Derelict · Feb 21, 2015, 11:57 PM

There should be no DHCP server on the AP.

renatohtpc · Feb 22, 2015, 1:14 AM

Trying to access the AP thru the https, it fails as well.

I have setup DHCP (192.168.2.100 -> 192.168.2.130) and a list of allowed MAC addresses on the Blue Interface. Both the AP and my wireless devices are listed as allowed MAC addresses.

Right now I am only enforcing MAC addresses to control who connects to the blue Interface.

The AP gets a fixed IP address 192.168.2.2 and my ipad gets an address from the DHCP. The AP has the DHCP disabled as it is being handled by the Blue interface.

The ipad connects to the AP and is able to access the internet in addition to the Netgear web page.

My laptop connected to the LAN still cannot.

I am at a loss!

Renato

Derelict · Feb 22, 2015, 1:42 AM

Why are get address/dns dynamically both checked?

renatohtpc · Feb 22, 2015, 2:05 AM

That's how I had it setup with IpCop. So that the AP would get the information from the IPCOP DHCP.

Renato

Derelict · Feb 22, 2015, 2:13 AM

Then look in your DHCP leases for the APs MAC address and see what address your AP got and try to connect to that.

I have no idea what sort of cockamamie schemes your AP manufacturer concocted. I would give it a static.

hda · Feb 22, 2015, 4:35 PM

@renatohtpc:

…
The AP gets a fixed IP address 192.168.2.2
...

W.r.t. screenshot of your post #8. First within the AP-box you should set the Static addressing and DNS to pfSense-server. So not a double entry in pfSense DHCP-leases due to dynamic & static. Do not allow the AP address as a dynamic. Secondly set the AP static in pfSense DHCP-server, of course with the correct MAC.