I can’t log in from a local network with a gateway on FreeBSD 10.2 to a TP-Link router using a webmort, why?

A

AntohaRomaha2016-03-30 14:35:06

FreeBSD

AntohaRomaha, 2016-03-30 14:35:06

Good afternoon.
Put the gateway on FreeBSD 10.2 (192.168.1.1), distributes the Internet to the local area. There is a router, for extra. the object, at it WAN 192.168.1.201 IP on DHCP from a fryakh receives. The router distributes the Internet to its LAN, 172.1.2.0/24, everything works.
But here's the problem - I can't log in from the 192.168.1.0/24 network to the web interface of this router. Pings perfectly, but does not let you into the webmord.
Previously, when instead of a fryah, there was a regular Zuksel box router, it got to this .201 router from LAN.
What to add to IPFW Fryakhi?
IPFW config:

exface="tun0"
inface="re0"
in_ip="192.168.1.1"

cmd="ipfw -q"
$cmd -f flush
$cmd table 1 flush
$cmd table 2 flush
$cmd -f queue flush
$cmd -f pipe flush

#PIPES
$cmd pipe 1 config bw 1Mbit/s
$cmd pipe 11 config bw 1Mbit/s
$cmd queue 1 config pipe 1 mask dst-ip 0xffffffff
$cmd queue 2 config pipe 11 mask src-ip 0xffffffff
$cmd add 50 queue 1 ip from any to 192.168.1.0/24{31,40,50,201} via re0
$cmd add 51 queue 2 ip from 192.168.1.0/24{31,40,50,201} to any via re0

$cmd add 100 allow ip from any to any via lo0
$cmd add 200 deny ip from any to 127.0.0.0/8
$cmd add 300 deny ip from 127.0.0.0/8 to any
$cmd add 400 allow all from any to any via $inface
$cmd nat 1 config log if $exface reset same_ports deny_in \
redirect_port tcp 192.168.1.101:20 20 \
redirect_port tcp 192.168.1.101:21 21
$cmd add 1030 nat 1 ip from any to any via $exface

In general, the task is to forward ports from the LAN of this .201 router to Fryakha's external white IP address:
xx.xx.xx.xxx:1201 -> 172.1.2.101:1200
xx.xx.xx.xxx:1202 -> 172.1 .2.102:1200
xx.xx.xx.xxx:1203 -> 172.1.2.103:1200
xx.xx.xx.xxx:1204 -> 172.1.2.104:1200

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

S

Sergey, 2016-03-30
@edinorog

1. and most importantly. it was not clear what for it was to stick the port from the gateway into the wan port. it would be easier to stick it into the lan port. and everything was prettier and more comfortable.

A

AntohaRomaha, 2016-03-30
@AntohaRomaha

Hmm .... Well, it's just that it was done before the advent of the fryakha, before me .. through WAN. But in general, this is not a very good idea. There is an additional facility where all sorts of "guests" come 24/7, with free Wi-Fi. The car wash is there. I do not want to let them into my locale. Access to a server and network folders, etc... It's all cut to bother...
In general, I have a couple of routers for Wi-Fi in the local office - so I implemented them on them. The routers themselves are not routers, but banal Wi-Fi switches, in the LAN they receive the Internet from the fryahi and distribute the Wi-Fi. Clients of this Wi-Fi see my fry as a DHCP and gateway. But this is inside the office. And that object is finally in the public domain for everyone ..

R

res2001, 2016-03-30
@res2001

Perhaps access to the web interface via the WAN is blocked on the router.
As far as I understand your LAN is 192.168.1.0\24, respectively, you have access to the router directly from the LAN, without the participation of FreeBSD, so the problem with accessing the web interface is not in FreeBSD.
For port forwarding - disable NAT on the router, on FreeBSD write static routes to the network behind the router and configure port forwarding on FreeBSD NAT as you need.

A

athacker, 2016-04-01
@athacker

Comrade, what does the friah have to do with it if you are also on the 192.168.1.0 network, and thus go to 192.168.1.201 directly, bypassing the friah? So if the router does not let you in, you need to deal with the router. I agree with my colleague above - most likely, the entrance to the admin via the WAN interface is disabled there. And the presence of no zuhels or other devices here could not help or hinder in any way.