[pfSense] pfSense box not visible from LAN, only from WAN

2013-05-08 Thread Marco
Hi,

I'm a new pfSense user and just set up my first box, which is a
wireless access point. The problem is that I can't ping my pfSense
box (or use the web configurator) from the LAN side, but both work
from the WAN. Here are some details about my setup:

WAN: ethernet, IP assigned via DHCP
LAN: wireless in AP mode, no IP configured, but obtained via DHCP from the WAN
bridge: bridges WLAN and LAN interfaces, no IP configured

I can connect to the access point and the hosts get an IP address.
If I scan the network from the LAN (wireless connection) I get this
result:

  10.101.101.1  (gateway)
  10.101.101.32 (the host I'm scanning from, LAN)
  10.101.101.63 (some other host, WAN)
  more hosts…

However, if I scan the network from the WAN I get this result:

  10.101.101.1  (gateway)
  10.101.101.28 (the pfSense box)
  10.101.101.63 (the host I'm scanning from, WAN)
  more hosts…

I have no firewalls rules, except one per interface, which permits
all traffic. I can provide more information if necessary, just let
me know.

How can I make the pfsense box visible from the LAN side? Am I doing
something wrong or is this expected?

Regards
Marco

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] pfSense box not visible from LAN, only from WAN

2013-05-08 Thread Chris Bagnall

On 8/5/13 7:41 pm, Marco wrote:

no IP configured


This would be your problem.


How can I make the pfsense box visible from the LAN side? Am I doing
something wrong or is this expected?


I suspect it's expected behaviour. If you want to use pfSense purely as 
an access point, then you're probably best off not using LAN at all 
(unless you need filtering). Bridge WAN with your WLAN interface and LAN 
becomes effectively redundant.


(I seem to recall in the past it wasn't possible to bridge WAN with 
anything - whether this limitation still exists in 2.x I don't know, but 
if it does, you might be best off ignoring both WAN and LAN, and create 
an OPT interface to bridge with your WLAN interface)


Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] pfSense box not visible from LAN, only from WAN

2013-05-08 Thread Marco
On 2013–05–08 Chris Bagnall wrote:

 On 8/5/13 7:41 pm, Marco wrote:
 no IP configured
 
 This would be your problem.

This was the problem, indeed. I set the LAN to DHCP and I can see
the pfSense box and access the web configurator.

 How can I make the pfsense box visible from the LAN side? Am I doing
 something wrong or is this expected?
 
 I suspect it's expected behaviour. If you want to use pfSense purely
 as an access point, then you're probably best off not using LAN at
 all (unless you need filtering). Bridge WAN with your WLAN interface
 and LAN becomes effectively redundant.

I think I didn't make myself clear, sorry. The LAN *is* the WLAN. I
have just two interfaces, one ethernet (WAN) and one WLAN (LAN), and
then a bridge across both (OPT1).

Thanks for the very quick response. It works now.

Regards
Marco

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


Re: [pfSense] pfSense box not visible from LAN, only from WAN

2013-05-08 Thread Marco
On 2013–05–08 b...@todoo.biz wrote:

 I am not sure what you are precisely trying to do… 

This box is a replacement for an old Debian AP I set up a few years
ago which worked flawlessly but died recently. It did not do any
filtering, it was just a bridge between wired and wireless network
using hostap and bridge-utils to provide wireless internet access
for about a dozen users. Since everybody is talking about pfSense I
thought I could give it a try for this setup.

 But if your idea is to have a neutral wireless AP, you will want to: 
 
 1. bridge the WAN and WLAN together. 

That's what I did. The missing IP address (I still don't know why
this is necessary, but nevermind) on the WLAN network was the cause
of my trouble. It's working now.

 2. deactivate all firewalling on your box (advanced network or
 firewall settings). 

That's what I did.

 3. In case you want to filter, you might want to change the
 settings in advanced so that you filter on the bridge rather than
 on each interface (in the sysctl pane). 

When time permits I will definitely look into the features pfSense
provides to improve the network quality. I'm especially interested
in prioritizing skype traffic. That has been the biggest problem in
the past. During the peak hours video calls are not possible. Maybe
the traffic shaper could be of help. On the other hand I read that
skype is very hard to shape.


Thank you too for the response.

Regards
Marco

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list