Can't ping or connect to devices on same subnet

Started by akme24, March 30, 2024, 09:20:35 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 30, 2024, 09:20:35 PM Last Edit: March 30, 2024, 10:02:04 PM by akme24
Running into an an odd issue.

Wifi interface has default any allow rules applied but yet I can't ping anything or connect to any other devices on that same network segment of 192.168.14.0/24.

Example:

WiFi_GW_Opnsense: 192.168.14.254

Host: 192.168.14.114

Destination: 192.168.14.136

I've double checked the subnet masks on the devices and they are /24, there are no L3 devices or other switching in the path.

Edit: arp -a on the host shows only the gw of 192.168.14.254 (all other devices on the LAN are absent), the arp table on the firewall shows all devices on the 192.168.14.0/24 subnet.

March 31, 2024, 10:01:37 AM #1
Quote from: akme24 on March 30, 2024, 09:20:35 PM
there are no L3 devices or other switching in the path.

I'm a bit puzzled why this would be a firewall issue. Have you checked with the vendor of your WiFi access point?
March 31, 2024, 10:56:34 AM #2
Probably the OP uses a WiFi interface on his firewall and is not aware that this way, he needs to configure a bridge.

Otherwise, some WiFi APs do traffic isolation, thereby separating the guests.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
March 31, 2024, 07:06:54 PM #3
Quote from: bartjsmit on March 31, 2024, 10:01:37 AM
Quote from: akme24 on March 30, 2024, 09:20:35 PM
there are no L3 devices or other switching in the path.

I'm a bit puzzled why this would be a firewall issue. Have you checked with the vendor of your WiFi access point?

It's an embedded Atheros radio and I'm assuming the driver is part of the FreeBSD package. FWIW I get the exact same behavior on pfsense.

Maybe something about this driver is preventing communication to devices on the same network segment (they are connecting to this radio too), you are right, it should not be a firewall issue.

This hardware was previously used with Sophos UTM 9 and had no issues but that's based on opensuse Linux.
March 31, 2024, 07:09:04 PM #4
Quote from: meyergru on March 31, 2024, 10:56:34 AM
Probably the OP uses a WiFi interface on his firewall and is not aware that this way, he needs to configure a bridge.

Otherwise, some WiFi APs do traffic isolation, thereby separating the guests.

Why would I need to create a bridge if it's the same subnet? I'm not bridging to another subnet or other hardware. All devices connect to this radio on the 192.168.14.0/24 subnet

You may be onto something with AP traffic isolation, any idea how to shut this off?
March 31, 2024, 07:10:00 PM #5
The feature is called "wireless isolation" and can be turned off normally, no idea if this is supported in BSD driver. Many people think it's not a good idea to have wireless hardware in your BSD-based firewall.
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
March 31, 2024, 07:19:40 PM #6
The fix was to enable "Allow intra-BSS communication" on the WIFI interface in the OPNSense GUI.

Thanks to all who responded.
Print
Go Up Pages1
User actions