(solved) Access Webgui from different subnet

Started by xman111, November 10, 2023, 10:00:14 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 10, 2023, 10:00:14 PM Last Edit: November 12, 2023, 04:58:46 PM by xman111
Hey guys, new here, coming from PFsense.

I am trying to access the webgui (192.168.10.1) from my laptop (192.168.20.14).  Is there anything more i need than firewall rules from 192.168.20.0 to any?  i cannot connect.

any help would be appreciated.
November 10, 2023, 10:49:28 PM #1
if system > settings > administration > Listen interfaces is set to All (recommended) then yes.
November 11, 2023, 04:04:16 AM #2
thanks for ther reply.. i do have that set and this is my rule for that subnet.. does this look right?

November 11, 2023, 07:55:49 AM #3
That rule
- matches way more than the webGUI access (destination: WLAN address, TCP port 443 or whatever you are using)
- will only work if you are connecting to the WLAN IP and the webserver is listening there, as already said above.
- will not work anyway if IPv6 is used on your network

Not really anything different here from pfS. "Cannot connect" is not useful description of the problem. Look at the firewall logs at least.
November 11, 2023, 05:30:16 PM #4
i was just trying to make a wide open rule to at least let me ping between subnets.   I also disabled all the ipv6 on my network as i thought that may be part of the problem.  In pfsense, i thought i just made a rule that allowed my laptop to any and it worked right away.  I literally worked on it for hours last night and couldn't get it working, lol.
November 11, 2023, 05:39:22 PM #5
Hmmm...

- firewall logs still missing
- rule on WLAN won't do any good if blocked by rules on another interface or floating
- disabling IPv6 on firewall does not disable it on any client. It only blocks all IPv6 traffic, if you mean the Firewall -> Settings -> Advanced -> Allow IPv6 checkbox. Certainly not a useful strategy at all. IPv6 has been preferred for ages by any reasonable OS out there.
November 11, 2023, 11:53:33 PM #6
and you can connect successfully to it from a client on its LAN i.e. 192.168.10.0/24, right?
The rule looks very open but yes, that is all that should be needed in terms of rules.
But yes, I agree, turn on the logging of defaults temporarily to be sure.
November 12, 2023, 12:55:32 AM #7 Last Edit: November 12, 2023, 01:42:29 AM by xman111
yes I can connect to it directly.

something very weird.  I connected a laptop at 192.168.20.30 and setup a continuous ping to 192.168.10.1 and it was working. At the time I had my other laptop connected to the lan and it was getting an ip of 192.168.10.14. as soon as I disconnect my laptop from the Lan, the ping from the other laptop fails.  when I plug my laptop back to the lan, the ping works again. its acting like I am pinging the other laptop but I am actually pinging the 192.168.10.1 ip.

what setting is wrong here?
November 12, 2023, 01:58:09 AM #8 Last Edit: November 12, 2023, 02:08:15 AM by doktornotor
Good that you did not post any logs ever, even after they've been requested at least 3 times. Outta here.  ::)
November 12, 2023, 03:06:17 AM #9
sorry man, have been out Christmas shopping for the kids and was on my phone, will try to post the log file.  thanks for trying anyways.
November 12, 2023, 03:29:48 AM #10 Last Edit: November 12, 2023, 03:32:45 AM by xman111
couldn't figure out how to download the logs so i just took a screenshot of it.  This is the laptop continuously trying to ping the firewall.  This is successful only when my other laptop is plugged into the lan.

November 12, 2023, 12:52:52 PM #11 Last Edit: November 12, 2023, 02:41:56 PM by Patrick M. Hausen
Of course! If nothing is plugged into LAN the interface is down and the IP address not reachable. Most people have a switch plugged in there so the interface stays up.

If you don't need a switch because you need only one wired port and your access point, why do you use two different networks and not a LAN bridge? That would solve your problem and behave like most consumer routers do.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
November 12, 2023, 04:56:32 PM #12 Last Edit: November 12, 2023, 06:20:34 PM by xman111
Quote from: Patrick M. Hausen on November 12, 2023, 12:52:52 PM
Of course! If nothing is plugged into LAN the interface is down and the IP address not reachable

dude, that was it!!  i didn't realize that the interface goes down if nothing is plugged into it. 

I use all managed Cisco switches on my main network.  I am just trying to slowly move my config from Pfsense to Opnsense.  I have a mini pc running Opnsense with an old unifi AP connected to it.  I just wanted to be able to wirelessly login to Opnsense wifi and slowly work on setting up all my stuff without having a wire dangling across my room for my kids or dog to trip on.  I will just leave a switch plugged into it for the meantime.

thanks again, i am embarrased to say how much time i spent on this!!
Print
Go Up Pages1
User actions