PiHole Rasbian RP4b Blocked Traffic

Your AP is Routing.
Turn off DHCP in your AP.
Or you could try setting your AP DNS it your Pihole IP

Yea, thatā€™s the whole point. 2 networks separated by subnet.

You may need a port forward rule on AP

Folksā€¦ read the packet captures and my context. If your driving down the road and your in Georgia heading to Miami Florida, your asking the signs in Florida to route you in Florida before the car gets there. It doesnt work that way lol

That is correct. IPFire canā€™t reach any devices in the 10.x network directly by MAC, therefore no ARP entries can be created.
However, there should be an entry for the WAN port of your access point (172.16.17.32 I suppose?)

These entries are created as static routes. Please try ip route list table all or ip route show table static
I confirmed on my own IPFire that these routes are effective as soon as they show up in the ā€œrouting table entriesā€ list. Altough they arenā€™t shown by ā€œroute -nā€.

This confirms my suspicion that something is still wrong with the access point configuration.
The route on IPFire is working and the AP responds to ping & ssh on all interfaces. But it doensā€™t allow traffic from itā€™s WAN to the internal network.
I think there are still some firewall rules enabled. Perhaps there are some rules hard-coded in the firmware which we donā€™t know about?

Could you please check again that the access point is not blocking any incoming connections. For example, share a folder on you notebook and try to connect to it from the wired 172.x network.

1 Like

luani,

I am positive that my WiFi AP isnā€™t blocking connections as I can ping across, and connect across. Just as a temporary resolve, I enabled NAT on my Wifi and can get through. I donā€™t want to leave it that way, but figured heck if it works right now, it worksā€¦

In any event, I had talked with Bernhard, and a few others along the way on here, and may just enable Blue on my IPFire Instance. I have the extra Gigabit Full Duplex ports there, so heckā€¦ Might as well use them right?

Just one question before I move into that configurationā€¦ I do not have a WiFi Card PCIe or otherwise in the device. Can I simply enable Blue, reboot the Firewall and move down my Cat 8 Cable to my Gigabit port in the Firewall, from the Switch it is currently connected to?

I only ask this, because I thought I had read somewhere you needed to have a literal WiFi card to use Blue.

Eric

I would plug your new blue nic on your IPFire
into the AP directly. unless you have a separate switch or a segmented switch.

I got it up and running. Had to toy with it, mostly DHCP issues from where I was tired and networking while asleep, but its fixed now.

Bernhard, I gave up doing it the other way. To answer your question why. I am almost positive that the dumb gigabit switch only has a forwarding table, and NOT an ARP table, thus forwarding the traffic onto the next layer 3 logical device that could make decisions and that happened to be the green interface.

In any event LOL, I now have Blue, and flipped my WiFi router into complete AP mode bypassing any and all DHCP and anything else. It just hosts the SSID and then IPFire Blue does the reservations.

By doing so, PiHole hanging off the Green Network Switch is accessible. Of course, I had to add a Blue to Green firewall rule for accessible ports. It works fine now, and I can fully track 10.x.x.x addresses as well.

Eric

1 Like

Hi Eric,
according to your post from two days ago, you can not (fully) ping accross? (10.10.90.1 success vs. 10.10.90.58 failure)
Iā€™m sorry if I misunderstood! But if it works now, I donā€™t want to keep harping on it. Glad you were able to work out the problem.

Well, ping was just one problem of many I was working through. Iā€™m ok on this now after architecture redesign.

ping is seldom the problem but the indicator in network and routing problems!
Just to round this discussion up.

2 Likes