1

I want to be able to reach my ISP router's web panel while connected to my wireless AP. Currently, I'm unable to, even when they're in the same subnet (or at least I think they are).

If I'm connected to the AP, I can't either ping or open the router address. If I'm connected directly to the router, I can open the control panel, but there's no internet access or any other network access (which makes sense as there is no DHCP server or PPoE client at this point. I think).

I've read this answer but I'm not sure how it applies.

This is the approximate networking diagram for my home setup:

  • Technicolor TD5130v2: ISP ADSL moder/router/wifi running in Bridged mode with DHCP disabled.
  • pfSense: generic PC with dual Ethernet. Acts as PPPoE client, DHCP server and DNS resolver.
  • Wi-Fi AP: Actually a Multilaser RE047 wifi router, with DHCP disabled, acting as an AP. The WAN port is unused, connected to pfSense via its own LAN port.

enter image description here

Community
  • 1
That Brazilian Guy
  • 6,834
  • 10
  • 64
  • 102

2 Answers2

1

It might help to know the ISP and modem model number as I have some experience with various ones. It also helps to know if you are running pfSense in router mode or bridge mode.

I'm going to go with the literal meaning of "bridge" mode as you have used it to describe your modem, and assume pfSense is in routing mode. This means pfSense has obtained a public IP address on the WAN interface (something you did not specify in your drawing). This would be something off the wall, like 69.23.129.231.

Rather than explain why, some ISP modems work in a partial bridge mode, where they will let you use a public IP address but they also maintain a private IP address and are able to route also. This means the router still has the IP address 192.168.2.2. I'm assuming this is the case, because you said you can get to the WebUI when you plug in directly.

That leaves us with the problem being that your modem's private IP address (192.168.2.2) is on the SAME network as all the systems on the other side of the pfSense box. You can't have two IP address on the same network on opposite sides of a router. If PC #1 with IP address 192.168.2.10 tries to communicate with IP address 192.168.2.2 (the IP of your router), PC #1 decides that IP address is for a host on the same network as itself and tries to communicate directly with that host. It will never send the packet of data to the pfSense box to be forwarded on through to the modem. Even if it did, the pfSense box would not know what to do with it, because the pfSense box will also think that it belongs to the same network.

You have to either change the IP addressing scheme on your private side, i.e. all the machines and the pfSense LAN interface to some other network address (like 192.168.10.x), or you need to change the modem's LAN IP to a different network, like 192.168.10.1.

The assumptions I made above are really the only scenario I can think of where you would get all the behavior you described above.

Appleoddity
  • 11,565
  • 2
  • 24
  • 40
1

Here's what I did to achieve the desired result:

  • On the modem:
    • First, I configured the modem to have an IP on a different subnet (in this case, 192.168.1.1).
  • On pfSense:
    • Assign a new OTP interface on the same physical network card used on WAN
    • Enable this interface and give it an IP address on the same subnet (ie, 192.168.1.2)
    • Create a new NAT outbound rule associated with this interface, with source 192.168.2.0/24 and destination 192.168.1.0/24

Now I can access the modem interface on 192.168.1.1, pfSense on either 192.168.1.2 or 192.168.2.1 and the wifi "AP" on 192.168.2.3

(source)

That Brazilian Guy
  • 6,834
  • 10
  • 64
  • 102