When I setup my second interface and put Captive Portal on my opt1. I 
had to put the ip of my access point in the "Allowed IP addresses" to be 
able to talk to the access point using ping or the web interface.

-Robert

Chris Taylor wrote:

> Hi,
>
> I've got a client who's having a bit of a weird problem with some 
> access points. He has a couple of Linksys WAP54Gs and also some 
> Netgear WG602s.
>
> The APs are on his OPT1/WLAN interface and captive portal users can 
> gain access through them without trouble. He's running 1.21 
> (generic-pc) with no other issues (well, PPTP isn't working but forget 
> that...) Traffic shaping is in use for LAN > WAN and WLAN > WAN. There 
> are very few firewall rules in use, especially on the LAN side, where 
> there is a clear LAN -> any rule taking precedence.
>
> The issue is that he cannot access the AP's setup pages from his LAN. 
> From m0n0wall's Ping page, if you set the interface to WLAN and ping 
> an AP, it works fine. From any client PC on the LAN, you can't get to 
> any of the APs. However, there's a printer located on the WLAN 
> (intended for LAN use) and this works fine. There are specific rules 
> to allow this and even adding similar/identical rules for the APs 
> changes nothing.
>
> I'm really at a loss here; I've looked over the entire config, tried 
> rebooting each item etc - with no luck. The only thing that seems even 
> vaguely plausible is that maybe the APs won't accept traffic from an 
> address in a different subnet (WLAN is 192.168.2.x/24, LAN is 
> 192.168.8.x/24) but the client assures me he could get to his APs when 
> he used IPCop before.
>
> I suppose the first question is: If I have a firewall rule permitting 
> any traffic from the LAN subnet (any protocol, SP, destination, EP), 
> should I be able to ping things on my WLAN subnet? There are no Block 
> rules whatsoever on the LAN interface so I'd have thought so.
>
> Any help would be greatly appreciated, this is baffling me! :(
>
> Chris Taylor