Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot Ping/Connect to LAN Devices from ISP Wireless Router

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      humps
      last edited by

      I'm running Pfsense 2.2.6 64 bit on a box in a SOHO environment with 1 LAN (192.168.0.x) and 1 WAN (192.168.100.x)

      I Connect the ISP modem/router to the Pfsense box, DCHP is enabled on the ISP Router it has built in wireless, I also have a Windows Sever 2012 on the same network doing DHCP/DNS and AD File sharing for my computers/servers and they are able to connect to the internet with no issues.

      On the same ISP modem/Router (192.168.100.1) i have built in wireless on it so I used my phone, laptop and tablet to connect to the built in Wireless on the ISP router side and when I connect to the wireless I get 192.168.100.x addresses and i am able to browse the internet but i am unable to ping any computer/servers on the LAN side with 192.168.0.x addresses.

      What am i doing wrong, How can i get the devices on the ISP Wireless router with 192.168.100.x addresses to communicate with devices on the LAN network with 192.168.100.x  addresses ? ?

      Any Help Appreciated, Thank you.

      1 Reply Last reply Reply Quote 0
      • C Offline
        ctirado
        last edited by

        What you're essentially doing is what is discussed on this How To:

        https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall

        Since you have part of your network between pFsense and your ISP's router and another section behind pfSense, you will need to setup rules to allow traffic to pass to and from your ISPs router's LAN side. The how to above should help you with that.

        This setup is kind of strange and it means that only the devices behind pFsense will be taking advantage of pFsense's firewall. It also means you will be running a double NAT (Internet <-> ISP Router <-> pFsense) which could cause some programs to not work correctly. You would also need to forward ports twice (once inside your ISPs router and again in pFsense) if you want any Internet sourced traffic to reach your server behind pfSense. If you have the funds, I would strongly suggest putting an access point behind pFsense, putting the router/modem in transparent bridging mode and have pFsense handle all of the routing, NAT'ing and firewalling. You would then only have 1 DHCP scope to worry about. Good luck.

        Carlos

        1 Reply Last reply Reply Quote 0
        • H Offline
          humps
          last edited by

          @ctirado:

          If you have the funds, I would strongly suggest putting an access point behind pFsense, putting the router/modem in transparent bridging mode and have pFsense handle all of the routing, NAT'ing and firewalling. You would then only have 1 DHCP scope to worry about. Good luck.

          Carlos

          Hey thanks for the reply, My set-up is kinda strange indeed I can agree with you on that. Everything was kinda done  short notice in a rush so i was not given the time to properly plan what i was doing i just put something together with what I had onsite at the moment. Funds is low but I had plans of putting a Wireless Access Point behind pfsense firewall because it would make things less complicated.

          On the subject of "transparent bridging mode" i need some advice  . . I notice in the settings on the ISP router it has 3 modes: Bridging, NAT with routing and NAT without Routing. I am currently using NAT with routing is that the correct mode for my setup? Which would be best?

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            "but i am unable to ping any computer/servers on the LAN side with 192.168.0.x addresses."

            Well yeah, why would you think you would be able to – since that 192.168.100 network is on the wan side of pfsense and would be hostile just like a public IP.. So unless you setup a port forward its blocked by default.  Also there is default rule to block all rfc1918 addresses even if you setup a port forward.

            If you want to use pfsense, You should really bring your wireless behind pfsense.  Get another wifi router and use it as AP, and disable wifi on your isp device.  Or get a real AP and again disable wifi on your isp device.

            I would also suggest changing your isp device to bridge or just modem mode so that pfsense gets your public IP right on your wan..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • H Offline
              humps
              last edited by

              @johnpoz:

              "but i am unable to ping any computer/servers on the LAN side with 192.168.0.x addresses."

              Well yeah, why would you think you would be able to – since that 192.168.100 network is on the wan side of pfsense and would be hostile just like a public IP.. So unless you setup a port forward its blocked by default.  Also there is default rule to block all rfc1918 addresses even if you setup a port forward.

              If you want to use pfsense, You should really bring your wireless behind pfsense.  Get another wifi router and use it as AP, and disable wifi on your isp device.  Or get a real AP and again disable wifi on your isp device.

              I would also suggest changing your isp device to bridge or just modem mode so that pfsense gets your public IP right on your wan..

              Thanks for the feedback, I did some reading and now I fully understand what is required.
              I will now act on your input/feedback and my reading.

              Thanks Again.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.