How best to access WifI Access Point on OPT1 From LAN
-
I am a Pfsense noob, and my new install of 2.2.6 is up and running fine.
I have OPT1 configured for wireless access on 192.168.1.1 and a wireless router (converted to AP)on that subnet at 192.168.1.2. The Wireless internet access is working well. However, I am trying to access the web configuration GUI of that router/AP from my computer on the LAN network which is 17.22.22.22/24
So far the rules I have created haven't worked. I am sure its an easy thing to enable, but I am missing something. What are the settings to allow access to the http/s ports on the Wireless AP on OPT1 subnet from my PC on the LAN subnet?
(I tried the search function, but I may have not used the right terms because it came back empty)
-
The Router/AP probably doesn't understand the concept of a default gateway on the LAN interface.
You might be able to NAT connections to the AP so the connection appears to be coming from something on the same subnet (192.168.1.1) so routing is not necessary. This would be done with an outbound NAT entry for OPT1 matching the traffic with destination 192.168.1.2 on the correct ports and a NAT address of OPT1 address.
-
I solved it, the abbr. subnet mask was wrong showing /31
In case anyone follows I just created a Rule Firewall>Rules>LAN Protocol: TCP Source: Specific address (to my Desktop Fixed IP) Ports: Any or 80/443 Destination: Specific Address of Wireless Access Point IP (I think the abbr. subnet mask defaulted to /31? I had to change it to /24.
-
Derelict. Thanks. I tried what you suggested and it worked. I misunderstood you slightly and entered the outbound NAT rule as Interface: OPT1. Source: 192.168.1.0/24 (that is my LAN network). Source Port: any. Destination: 192.168.100.0/24 (my OPT1 network). Dest Port: Any. NAT address: OPT1 address.
This rule works and I can access the access point from my Lan. I haven't narrowed the rule down yet- just wanted to get it working first. Now I need to be able to access the access point through my OPEN-VPN client. I tried a rule based on the one above but haven't succeeded yet. Can anyone tell me how to access the access point through OpenVpn? -
"on the LAN network which is 17.22.22.22/24 "
Is this an attempt at obfuscation of public IP space on your lan, or it a rfc1918 space that though you needed to obfuscate? that can not be your lan network?? Its not even a network addess, its a host address.
What are you using for your AP?? Does it support 3rd party firmware? If so firmware like dd-wrt or openwrt allow for gateway to be setup on your lan interface of the router so you don't have do any odd ball natting to get to the device from other networks.
-
Further info. Quoting Derelect "You might be able to NAT connections to the AP so the connection appears to be coming from something on the same subnet (192.168.1.1) so routing is not necessary"
I did this and Lan addresses can connect to Access point on OPT1. I have used the button labeled create a rule based on this one and then modified it several ways.Interface: OPT1. Source: 10.10.10.0/24 (that is my OpenVpn network). Source Port: any. Destination: 192.168.100.0/24 (my OPT1 network). Dest Port: Any. NAT address: OPT1 address.
I also tried using the VPN network as the interface. I am thinking that it is just a matter of coming up with the right rule. By the way the VPN connection is setup to connect to Lan not OPT1 but I need that to work to manage the PFsense itself remotely.
