When I setup my second interface and put Captive Portal on my opt1. I
had to put the ip of my access point in the "Allowed IP addresses" to be
able to talk to the access point using ping or the web interface.
Chris Taylor wrote:
> I've got a client who's having a bit of a weird problem with some
> access points. He has a couple of Linksys WAP54Gs and also some
> Netgear WG602s.
> The APs are on his OPT1/WLAN interface and captive portal users can
> gain access through them without trouble. He's running 1.21
> (generic-pc) with no other issues (well, PPTP isn't working but forget
> that...) Traffic shaping is in use for LAN > WAN and WLAN > WAN. There
> are very few firewall rules in use, especially on the LAN side, where
> there is a clear LAN -> any rule taking precedence.
> The issue is that he cannot access the AP's setup pages from his LAN.
> From m0n0wall's Ping page, if you set the interface to WLAN and ping
> an AP, it works fine. From any client PC on the LAN, you can't get to
> any of the APs. However, there's a printer located on the WLAN
> (intended for LAN use) and this works fine. There are specific rules
> to allow this and even adding similar/identical rules for the APs
> changes nothing.
> I'm really at a loss here; I've looked over the entire config, tried
> rebooting each item etc - with no luck. The only thing that seems even
> vaguely plausible is that maybe the APs won't accept traffic from an
> address in a different subnet (WLAN is 192.168.2.x/24, LAN is
> 192.168.8.x/24) but the client assures me he could get to his APs when
> he used IPCop before.
> I suppose the first question is: If I have a firewall rule permitting
> any traffic from the LAN subnet (any protocol, SP, destination, EP),
> should I be able to ping things on my WLAN subnet? There are no Block
> rules whatsoever on the LAN interface so I'd have thought so.
> Any help would be greatly appreciated, this is baffling me! :(
> Chris Taylor