Wise Pds

You were right... my fault... port forwading works... My port forwading from wan to segment 1 was wrong... Sorry for inconvenience. Thank for your help!

I have discoverd my mistake from your screenshot...

Your scenario it's a nightmare comparing to a simple cable connected to a switch. I mean, i can use vlans, i can bypass by multiples ways... i can use vlan in a specific ethernet port to include the principal segment in de general LAN, but the point is i can't access by wan.. In your video you loggin in with the same subnet at the router so you don't acces from outside...

Sorry, Manuel, but I tested the solution myself and it works fine. As described, there are other solutions, but these require a change in architecture, which I also find to be a better solution since it centralizes firewall rule management on the pfsense firewall and eliminates the (useless) NAT performed by the Keenetic router. This is not a solution because this way Keenetic see all general LAN devices, so is a huge security hole.

Tested right now. Not working. Only works if i connect to a wifi segmente. From WAN it's impossible.

This solution don't work... your fix is open a port to an internal ip ... this don't work with the router itself.

Good morning. I don't think you understand me. I don't access SMB from the Internet, I access it from LAN, but for Keenetic, my LAN is its ‘Internet’. There are only two home routers with advanced firewalls: Synology and Kennetic. With Synology, everything I'm saying can be done with two clicks. Within the LAN network, we want to have several wireless networks, each of which can access a different network resource: some Wi-Fi networks only access the Internet, others access devices on the PFSENSE-SWITCH LAN, etc. We simply need the Keenetic OS firewall to WORK! That's why I want to access SMB from the Internet (LAN). Let me put it another way: I have a pfsense router... connected to a switch... and the Keenetic is also connected to this switch, along with other NAS devices, computers, printers, etc... A 2TB USB drive with folders is connected to the Keenetic. There are four wireless network segments created on the Keenetic: Office, Workshop, Administration, and Management. Each one can access a folder and part of the main network resources (the network where PFSENSE, Switch, and Keenetic WAN are located). We can specify who can access what and where. When I want to access the SMB folders from my computer (within the PFSENSE-SWITCH-KEENETIC-WISEPDS PC network), since I cannot do so from the WAN (which is my LAN), I should then connect to the Wi-Fi of any of the segments to be able to see the folders, whereas if I have WAN access, I can access all of them (with the necessary permission, of course). What I'm saying is that you should let the FIREWALL take control. If I say that it can be accessed from the WAN with the subnet 192.168.3.0/24, then it should be possible. My firewall... my rules. It's also very annoying that only with Keenetic's DDNS can you access the router via HTTPS, and you can't import my certificate or have a self-signed one. I like Keenetic, but it has a lot of room for improvement, and here are two clear examples. It's up to you whether you take my advice or not. Thanks for response Best regards Manuel.

Hi, this is a big big fail... I have my Keenetic router under a PFSENSE router with 3 wifi segments .... first point.. if i use AP mode, this mode don't have firewall... BAD!!! But if i choose to use Router mode under the real PFSENSE ROUTE... i cant access SMB from internet... even if i create a firewall rule... WTF? I only can access using FTP, SFTP, WEBDAV.. more or less...300% slower thant real SMB performance (About 350-390 MB/S with SSD). This is a very bad deal!!! I want to choose the behabiour of the router with the firewall rules!!!! if I what to login into my router by wan port from my lan, i must can do it... If i don't want to use Keenetic DDNS to acces from my WAN PORT (For example, local ip like 192.168.1.5) i must access without problems! Please fix this... a lot of people use Keenetic Routers in router mode inside a lan with a principal router and the wan IP it's a simple 192.168.1.8.... Please, Please, FIX THIS!!!! Synology for example don´t use a obliged DDNS to access wan... the firewall rules are the boss! Be like Synology in this area please! Ah!! Another think! Let me use my own SSL certificate... an IMPORT TOOL to use our certificates please!!! Best regards Manuel.

Tested on version 5.0 beta 9. When ACL it's on Wifi dowgrade to wifi 6 on my Oneplus 13. If i turn off ACL, wifi remains wifi 7 when connected.

I have the Keenetic router inside a LAN network where the main router is PFSENSE. The network uses MTU 9000 (Jumbo frames) but in the WAN port of the keenetic router can only be configured as maximum 1500. Is it possible to add jumbo frames to the O.S.? Many of us use the keenetic routers not as main router but as routers within a larger installation where the main router is above and the keenetic router being routers acts as "AP" but with extra additions such as firewall... AP mode lost a ton of features so... we used them on router mode. Is it possible to add it? Thanks! Translated with DeepL.com (free version)

I know that.. but why i can't import my certificate generated for example with pfsense?

I have a Pfsense router and connected to it a Keenetic Titan router as an access point (But in ROUTER mode, because I need the firewall). I want to be able to login via the Keenetic router wan ip using HTTPS (Inside the LAN) for example with IP:192.168.1.20:8001 and be able to import my autogenerated certificate in PFSENSE to be able to login without using the Keenetic DDNS. For example creating a DNS redirection in PFSENSE from domain example.lab.com to ip 192.168.1.20. I can do this on Asus, Netgear, Tp-link routers, how can I not do it here? I have searched all possible ways and I can't do it. I want login into my keenetic titan router wan port from a lan ip (For example from a computer 192.168.1.100 to my keenetic router 192.168.1.20) Can you implement HTTPS WAN access for any source and import certificate? Thanks!

2X Keenetic titan kn-1812. Router + mesh node. I have a main 5ghz wireless segment (Cloudata), another with 2.4ghz (Domo) and last with 5ghz (Qled). If i turn on ACL on main segment (Cloudata) with whitelist to only accept my mobile phone, my oneplus 13 shows wifi6. Sync speed about 1200 Mbps If i turn off ACL wifi 7 is back. sync Speed 2400Mbps Tested 10 times. ACL on: Wifi 6 ACL off Wifi 7.