Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Internet Access Through Netgear WNAP210 (Wireless Access Point)

    Scheduled Pinned Locked Moved Wireless
    20 Posts 5 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Longhair
      last edited by

      This is from a 2.1.5 (32-bit) clean install. I've only run the Setup Wizard. All the firewall rules are from the default setup. No packages installed.

      WAN: 192.168.1.2
      LAN:  192.168.2.1
      OPT1: 192.168.3.1

      LAN –> Computer A (192.168.2.2) --> Internet works.
      OPT1 --> Computer B (192.168.3.2) --> Internet works.

      Netgear WNAP210 (Wireless Access Point) Settings Without pfSense:

      DHCP Client - Disable
      IP Address 192.168.1.3
      IP Submask 255.255.255.0
      Default Gateway 192.168.1.1

      Router --> Netgear WNAP210 (192.168.1.3) --> Computer C (192.168.1.4) Internet works.

      So far everything works without any problems.

      Netgear WNAP210 Settings With pfSense:

      DHCP Client - Disable
      IP Address 192.168.3.3
      IP Submask 255.255.255.0
      Default Gateway 192.168.3.1

      OPT1 --> Netgear WNAP210 (192.168.3.3) --> Computer C (192.168.3.4) No Internet (page cannot be displayed).

      I've rebooted pfSense, Netgear WNAP210 and Computer C but that has not helped.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        If you really did all that it would be working.  Double check everything.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • L
          Longhair
          last edited by

          I've tried with 2.2 & 2.1.5 (64 & 32 bit) and ended up writing down all the steps down before making the post.

          I decided to ping 8.8.8.8 on both the LAN and OPT1 - both behind pfSense 2.1.5 32-bit clean install.

          LAN results:

          Pinging 8.8.8.8 with 32 bytes of data:
          Reply from 8.8.8.8: bytes=32 time 19ms TTL=55
          Reply from 8.8.8.8: bytes=32 time 19ms TTL=55
          Reply from 8.8.8.8: bytes=32 time 19ms TTL=55
          Reply from 8.8.8.8: bytes=32 time 19ms TTL=55

          Ping statistics for 8.8.8.8:
                Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
          Approximate round trip times in milli-seconds:
                Minimum = 18ms, Maximum = 19ms, Average = 18ms

          OPT1 Results:

          Pinging 8.8.8.8 with 32 bytes of data:
          Reply from 192.168.3.2: Destination host unreachable.
          Reply from 192.168.3.2: Destination host unreachable.
          Reply from 192.168.3.2: Destination host unreachable.
          Reply from 192.168.3.2: Destination host unreachable.

          Ping statistics for 8.8.8.8:
                Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

          I am able to browse web pages (random Google search & open link) on the Internet without problem with both LAN & OPT1.

          Now with the wireless access point.

          Netgear WNAP210 without pfSense:

          Pinging 8.8.8.8 with 32 bytes of data:
          Reply from 8.8.8.8: bytes=32 time 21ms TTL=56
          Reply from 8.8.8.8: bytes=32 time 19ms TTL=56
          Reply from 8.8.8.8: bytes=32 time 21ms TTL=56
          Reply from 8.8.8.8: bytes=32 time 19ms TTL=56

          Ping statistics for 8.8.8.8:
                Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
          Approximate round trip times in milli-seconds:
                Minimum = 18ms, Maximum = 21ms, Average = 20ms

          Able to browse web pages.

          Netgear WNAP210 with pfSense:

          Pinging 8.8.8.8 with 32 bytes of data:
          Request timed out.
          Request timed out.
          Request timed out.
          Request timed out.

          Ping statistics for 8.8.8.8:
                Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

          Unable to browse web pages - Server not found.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            I surrender to the "blame pfsense" stupidity for awhile.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • L
              Longhair
              last edited by

              @Derelict:

              I surrender to the "blame pfsense" stupidity for awhile.

              Do you see something that I don't? It would be real helpful if you could point it out so i can get this setup working properly.

              1 Reply Last reply Reply Quote 0
              • M
                mikeisfly
                last edited by

                Looks like 192.168.3.2 is sending back a icmp packet to your host machine saying destination host is unreachable. You would expect the router (192.168.3.1)to send that back. When you connect to the access point what IP information do you get on your machine? Do you have any listings in your arp table (arp -a from the command line if it is Windows, I think this works in Linux/Unix too)? How are you able to ping google without PfSense is there another upstream router that you are going through? If you could diagram your network that would help to determine your issue gifly.com

                1 Reply Last reply Reply Quote 0
                • L
                  Longhair
                  last edited by

                  The DHCP server is disabled on the access point. Computer C (the one using wireless) has a static IP address.

                  I will post the arp table tomorrow when I am back at the computer with issues.

                  Without pfSense i am plugged directly into the router/modem.

                  router/modem (10.0.0.1)
                          |
                          |
                      switch (unmanaged)
                          |
                          |
                          + –- Computer B (10.0.0.2)
                          |
                          |
                          + --- Wireless AP (10.0.0.3)
                                        |
                                        |
                                        + --- Computer C (10.0.0.4)

                  The network that pfSense is in is pretty simple - testing environment. There is no DHCP server running. All IP addresses are static - 192.168.x.x is only used for testing environments to avoid potential problems.

                  router/modem (10.0.0.1)
                          |
                          |
                      switch (unmanaged)
                          |
                          |
                    pfSense WAN (192.168.1.2)
                          |
                          |
                          + –- LAN (192.168.2.1)
                          |          |
                          |          |
                          |          + --- Computer A (192.168.2.2)
                          |
                          |
                          + --- OPT1 (192.168.3.1)
                                        |
                                        |
                                      + --- switch (unmanaged)
                                                  |
                                                  |
                                                  + --- Computer B (192.168.3.2)
                                                  |
                                                  |
                                                  + --- Wireless AP (192.168.3.3)
                                                                |
                                                                |
                                                                + --- Computer C (192.168.3.4)

                  1 Reply Last reply Reply Quote 0
                  • P
                    phil.davis
                    last edited by

                    Netgear WNAP210 Settings With pfSense:
                    
                    DHCP Client - Disable
                    

                    That is good - the client should be getting its DHCP from pfSense OPT1 interface.

                    IP Address 192.168.3.3
                    IP Submask 255.255.255.0
                    Default Gateway 192.168.3.1
                    

                    That is all good and handy for accessing and managing the WiFi box, but it will (should) have no effect on the client.
                    The WiFi device is simply acting as a dumb AP - bridging client packets to/from WiFi and pfSense OPT1.
                    The client should be getting DHCP from pfSense that includes pfSense OPT1 IP 192.168.3.1 as its default gateway.
                    Check the client IP settings, see if it can ping OPT1 IP 192.168.3.1
                    Make sure the cable is plugged in from a WiFi device LAN port to pfSense. The WiFi device WAN port is not used in this configuration.

                    As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                    If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                    1 Reply Last reply Reply Quote 0
                    • L
                      Longhair
                      last edited by

                      I didn't make any rules so if I tried to ping OPT1, it would not return anything. I will make a rule tomorrow and post the results.

                      There is only one port that can be plugged in on the Netgear WNAP 210  :)

                      I ended up making a new thread in the Wireless sub-forum: https://forum.pfsense.org/index.php?topic=89797.0 It has a little more information added.

                      1 Reply Last reply Reply Quote 0
                      • P
                        phil.davis
                        last edited by

                        There is only one port that can be plugged in on the Netgear WNAP 210

                        Sorry, I had assumed without looking that it was a combo WiFi AP/router. I see it is an AP that supports multi BSSID, multi VLAN.
                        In its AP mode it should "just work".
                        You need a pass rule on OPT! to allow traffic source OPT1 destination all - that will simply allow everything through to the internet.
                        But you already said you could plug a computer into OPT1 by cable and it works, so I assumed you have a pass rule on OPT1.

                        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                        1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate
                          last edited by

                          Can the wireless client ping pfSense?

                          Did you disable block private networks on pfSense WAN like you have to do if you put it behind another router?

                          Put your modem in bridge mode and let pfSense get the public IP address from your ISP.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • L
                            Longhair
                            last edited by

                            Sorry for the late reply. Other things needed attention.

                            No, Computer C cannot ping pfSense.

                            Yes, did disable block private networks…

                            Currently pfSense is in a test environment while I try to get everything working properly.

                            1 Reply Last reply Reply Quote 0
                            • L
                              Longhair
                              last edited by

                              Sorry for the late reply. Other things needed my attention.

                              I did try the following: https://forum.pfsense.org/index.php?topic=47519.0

                              I thought this was created by default but if not:
                              If you look at the LAN tab, then the OPT1 tab they should look the same. 1 rule each.

                              Select from the Menu: Firewall -> Rules then click the OPT1 tab. There should be 1 rule, which is the same as the under the LAN tab, except that it is named OPT1.
                                *    OPT1 net    *    *    *    *    none        Default allow OPT1 to Any rule

                              If not add it by clicking the little '+' sign in the small grey button to the right and it will open a rule form, 'e' to edit.
                              Select the following:
                              Interface: 'OPT1'
                              Protocol: 'Any'
                              Source: 'OPT1 subnet'
                              Destination: 'Any'
                              Description: 'Default allow OPT1 to Any rule' This will allow everything outbound.

                              If there is a rule pointing to LAN you may want to remove this, or modify it to allow only the traffic to access particular services.

                              But still no Internet access  :-\

                              1 Reply Last reply Reply Quote 0
                              • DerelictD
                                Derelict LAYER 8 Netgate
                                last edited by

                                People who understand how things work have no problem getting pfSense to do what's expected.  People who don't have a grasp of the basics have trouble. Same with any networking appliance.

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                1 Reply Last reply Reply Quote 0
                                • L
                                  Longhair
                                  last edited by

                                  @Derelict:

                                  People who understand how things work have no problem getting pfSense to do what's expected.  People who don't have a grasp of the basics have trouble. Same with any networking appliance.

                                  OK, why don't teach me what exactly I am doing wrong if it so painfully obvious to you that you need to look down on me?

                                  1 Reply Last reply Reply Quote 0
                                  • H
                                    hda
                                    last edited by

                                    If you have cascading routers setup, well then 1st:

                                    If ISP router-LAN ==10.0.0.1/24; pfSense-WAN =>10.0.0.2;
                                    then pfSense-LAN =>192.168.1.1/24; pfSense-OPT1 =>192.168.2.1/24;

                                    1 Reply Last reply Reply Quote 0
                                    • L
                                      Longhair
                                      last edited by

                                      @hda:

                                      If you have cascading routers setup, well then 1st:

                                      If ISP router-LAN ==10.0.0.1/24; pfSense-WAN =>10.0.0.2;
                                      then pfSense-LAN =>192.168.1.1/24; pfSense-OPT1 =>192.168.2.1/24;

                                      pfSense WAN is on the same subnet as the modem/router.

                                      WAN: 192.168.1.2

                                      LAN:  192.168.2.1

                                      OPT1: 192.168.3.1

                                      /24 was implied for all.

                                      1 Reply Last reply Reply Quote 0
                                      • H
                                        hda
                                        last edited by

                                        That. is. not. good. for. clarity.

                                        pfSense-box is a router. I gave you a solution.

                                        1 Reply Last reply Reply Quote 0
                                        • L
                                          Longhair
                                          last edited by

                                          @hda:

                                          That. is. not. good.

                                          pfSense-box is a router. I gave you a solution.

                                          Why is that not good? IP modem / router 192.168.1.1 –> pfSense WAN 192.168.1.2

                                          Why does the pfSense WAN and LAN have to be on different bit block ranges?

                                          1 Reply Last reply Reply Quote 0
                                          • H
                                            hda
                                            last edited by

                                            Clear & reliable config of the network is prerequisite. You make errors like in reply #6.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.