Cannot ping OPT1 subnet from LAN



  • I am having trouble trying to ping my a router on OPT1 from LAN.

    LAN = 192.168.10.0/24
    OPT1 = 192.168.0.0/24

    OPT1 rules:

    IPv4 * OPT1 net * * * * none

    IPv6 * OPT1 net * * * * none

    LAN rules:

    IPv4 * LAN net * * * * none

    IPv6 * LAN net * * * * none

    On the OPT1 interface I have a WIFI router that I want to use as guest access with captive portal. I can connect to this router and log in to the captive portal to access internet fine, but cannot load the router web config from LAN only when connected to OPT1.

    Not sure what to do here, I would really appreciate some help here if possible!

    Thanks



  • Is OPT1 the wifirouter set as non-router but AP (with no DHCP server active) ?



  • @hda:

    Is OPT1 the wifirouter set as non-router but AP (with no DHCP server active) ?

    Yes sir, it is configured as a WAP with no DHCP enabled, the DHCP is handled by pfSense.



  • Setup the WAP with a static IP in WAP & pfSense, outside the dhcp-pool(numbers) for OPT1 ?



  • @hda:

    Setup the WAP with a static IP in WAP & pfSense, outside the dhcp-pool(numbers) for OPT1 ?

    Yes sir. The WAP has a static IP set as 192.168.0.1 and in pfSense and the DHCP range for OPT1 is set to 192.168.0.100 - 192.168.0.200.

    Edit: I have set the OPT1 interface to be 192.168.0.10 by the way.


  • LAYER 8 Netgate

    Sounds like either:

    • The WAP doesn't allow incoming ICMP to the interface (perhaps only from its local network)

    • The WAP does not have pfSense set as its default gateway



  • @Derelict:

    Sounds like either:

    • The WAP doesn't allow incoming ICMP to the interface (perhaps only from its local network)

    • The WAP does not have pfSense set as its default gateway

    1. It will not let me access the web config either from LAN, not just ping. Do you think this could still be an issue?
    2. I have connected the WAP via a LAN port not the WAN port, so it shouldn't need a default gateway should it?  :o



  • @rikkib:


    2. I have connected the WAP via a LAN port not the WAN port, so it shouldn't need a default gateway should it?  :o

    Yes. set Gateway in WAP to your OPT1 = 192.168.0.10.

    Reboot WAP, reset states in pfSense ?



  • I don't know how to set the gateway on the WAP except for the WAN port.

    I just tried resetting the states and WAP but still just times out :(



  • Can you get a wifi-client-IP to go public on OPT1 ? And what brand is this WAP ?

    [Syncing pfSense and WAP must be assured. Maybe by rebooting both]



  • Do you mean can I get internet access from a WIFI client connected to WAP? And it is a Dlink DIR-615.

    I can connect to the WIFI and get a DHCP IP of 192.168.0.101 which then gives me the captive portal login page, from there I can get through the captive portal and get internet access and access the web config but only from devices connected to the WAP/OPT1 interface, any devices on LAN cannot.



  • OK. Then you must find out how to allow LAN-net into the DLink615(WAN). Firewall in there ?
    Should you use a LAN-port on the the DLink i.s.o. its WAN-port ?



  • There is an option for "SPI Firewall" in Dlink but it is disabled as well as NAT and DHCP are also disabled.

    And yes the WAP is connected to pfSense through the LAN port and not the WAN port.



  • Did you test if you must use the WAN-port i.s.o. LAN-port ? Anyway, it is not likely a pfSense issue…



  • I did not try the WAN port as I assumed it was not the correct way to configure it. I can try but wouldn't I have to enable remote admin to allow LAN interface to access web config through WAN port on the WAP?

    I thought it was a strange issue but as I am new to pfSense I thought maybe there was something I am missing.

    Thank you for taking your time to try and help me, I appreciate it.


  • LAYER 8 Netgate

    it shouldn't need a default gateway should it?

    Of course it needs a default gateway for traffic to and from the WAP itself to networks other than its own subnet.  Could be that you're trying to use gear not designed to be an AP as an AP and that's just going to be a limitation you have to live with.



  • If the Dlink615 does not have a way to set a gateway onto OPT1, then you need to fake the traffic coming from LAN. Switch to HYbrid Outbound NAT. Add an outbound NAT rule on OPT1 for traffic from source LANnet and destination "IP address of Dlink615". That will make the conect from LAN sem to come from OPT1 address, and Dlink615 will be able to reply.


Log in to reply