as @arne_f said have you checked this page of your firewall?
Firewall
blue Access
the info is in the Wiki page above
I have mine disabled.
192.168.6.0/24 is my whole blue network
the info is in the Wiki page above
I have mine disabled.
192.168.6.0/24 is my whole blue network
1 Like
adding more stuff to a distro I try to keep as clean as possible already… jeez, where did I hear that before… oh wait. all the time every time linux
Thanks for the other link though. I have a list of 29 interfaces already.
Oh yes. Its there alright.
But I usually only add Wifi devices to it, since it is made for my Blue 192.168.10.1/24 IP range. Did not see it as any logical step to add a Green device there, but nevertheless I have. It did not explode yet.
and with the Docker IP Mac conundrum its actually there at least one more time.
Can you try adding one more entry?
it will make me feel better (and this is all about me!) 
Take your BLUE network and add it here just temporarily and as a test. Let us know if it works!
Once proved as the right answer, then change it to something smaller like:
2 Likes
Disabling the mac filter is a good test if there is a bug in the blue access as @Jon suggested.
My thought is to wind back.
Laptop in green . Can it connect to server port 443?
Laptop in Blue can it connect to blue with Mac filter off port 443?
Laptop in blue Mac filter on connect to server with firewall pinhole port 443 or all?
this is exactly what I suggested before in this thread.
2 Likes
Drop_Wirelessforward IS EXACTLY THAT. How hard is to test with one line in the WUI the hypothesis that best explains the logs? 30 seconds of time?
Easy does it… I will.
I may have misunderstood something, I admit that willingly. I am most appreciative for your, and all’s, patience and will try your suggestions later today.
I am not always on my SoHo network and nothing is externally accessible. Sometimes I just ignore it doing something else that may be more fun. Like playing Lord of The Rings Online or Elden Ring. Or doing Tech Support for those and other games.
I do these threads to serve as tips and guides for myself and others, so I tend to try keeping things as easy and illustrated as possible. Only other readers can be the judge of that, but it helps me. I do not intend to try your patience but I am very much aware that I am on a learning curve.
3 Likes
So
I removed any and all Firewall entries I was testing.
I disabled the Firewall Pinhole from Blue to Green.
I disabled the Blue DHCP and added 192.168.10.0/24 to that.
Which is the span of my Blue with MAC address filtering,
No result.
Just in case I added the same for 192.168.10.1/24. I don’t get the difference, but there it is.
..10.1/24 does resolve to my IPFire. ..10.0/24 does not.
Still no result.
Should I perhaps delete all the Blue entries?
UISP do not consider ..10.1/24 a valid span.
It is set to monitor 192.168.1.0/24,192.168.10.0/24.
Testing a bit:
EDIT ( See below post) I can NOT access my WiFi (Blue) devices from Green, or between themselves, like I can NOT access my Temp Monitors and Solar Panel via my smartphone, and those do currently not have Internet connection either.
Wifi (Blue) devices can not access internal resources on Green , like the fileshare on 192.168.1.10.
I can not access the UISP server via SSH from laptop on WiFi (Blue). (It works from Green).
The UISP server on Green with IP 192.168.1.13 can still not access Wifi Devices, despite Blue being disabled and a rule added that should grant that access, AFAIK, the ones I added above. It can access all Green devices.
Log is still showing dropped attempts from Green UISP to Blue devices.
I have left all above changes active until further notice.
192.168.10.0/24 refers to the whole subnet space with 192.168.10.0 refering to the whole network. That IP can not be used for any host. Also 192.168.10.255 can not be used as an IP for a host. It is the broadcast address for the whole subnet.
192.168.10.0/24 can not resolve as it refers to the whole network containing all the Computer IP’s that could be used from 192.168.10.1 to 192.168.10.254
192.168.10.1/24 is basically saying the computer with IP 192.168.10.1 from the subnet of IP’s 192.168.10.0 to 192.168.10.255 so it can be resolved because it is referring to a single IP that is not the network or the broadcast address.
3 Likes
Hem, I was out for a few hours and it seems the damn Wifi was not reacting as fast as I would have expected it too.
Now, a few hours later, I notice how all my Wifi (Blue) has no connection within my network nor to the Internet. Which I thought I would have noticed while typing my previous post, since I disabled the Blue networks DHCP, but didn’t. And the Pinhole Rule between selected devices on Blue to access Green is also disabled.
So a small but perhaps important correction in regards to that. I will have to enable that eventually.
Thanks @bonnietwin I suspected as much, but one gets use to type ..1/24 even if it is not exactly correct. There is obviously no device with address 192.168.10.0, nor any with 192.168.10.255, and same goes for Green.
But now it is dropped with “DROP_FORWARD” which mean it is caused by the firewall and not the MAC address filter. (which report “DROP_Wireless*”)
Now user rules should work.
4 Likes
I have kind of been avoiding this thread a bit since I realize I am not really fulfilling anyone’s wet dream about taking instructions or understanding network stuff logic, fast enough. 
Maybe, longshot, I have to specifically define a rule for Port 443, instead of just selecting “all protocols” in the rule.
As it is, I can access the network equipment, so far only three devices, and check it for status, settings and FW upgrades easily enough without having to use a centralized interface like UISP. Would have been nice though.
I will try again, but will also check with the Ubiquiti people if they have any tips.
Please remember that any post directed towards you may not always convey the intended tone or meaning. For many of us, English is not our first language. Even if we were all communicating in our native languages, written communication is inherently prone to misunderstanding.
4 Likes
I have been on multilanguage forums since 1996, so I know that. A lot of people do not, so one has to take that into account and always read “nicely”. 
1995 for me 
Usenet veteran. Actually, just veteran given my age.
Choosing a charitable interpretation of words, even when they can be construed unkindly, is an excellent policy. I appreciate your restraint in situations where my own words could have been misinterpreted. I assure you that was not my intention.
1 Like