The pf wan port is plugged into my Linksys ap so it is already behind
nat hence the reason I unchecked the option under the interface tab to
block reserved ips. I see no reason to use nat again. I'm open to
recommendations as to the easiest solution. Pretty sure I did create a
rule to allow all traffic on both lan and wan. I will confirm as soon as
I have access to the machine again. I do see sever options for nat. I
think I did uncheck the option to disable it but nothing changed. If you
can give me a step by step what to check / uncheck, etc... To recap my
setup is:
Cable Modem (public ip with a 192.168.100.1 management port -> Linksys
AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this
range including -> PF 192.168.100.20 and pf lan of 192.168.1.1 of which
is dhcp assigns my laptop .101 when plugged in.
Brian
On 1/14/2014 12:50 PM, Walter Parker wrote:
By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN
traffic, you will need to allow it (add rules on both the WAN and LAN
sides). But you might want to notice something else. If PFSense is
operating as a straight up router where you don't want NATing of the
LAN packets, then you will need to disable NAT. By default, it is
auto-enabled for the LAN side. This is what often prevents the "LAN"
side from being seen by the WAN side. If you don't want any "firewall"
style rules, just routing, you can turn off all the firewall rules
from one of the advanced options.
You need to decide how you want to use PFSense inside the network. I'd
make sure that there is only one NAT router on the network, use the
router that has the actual "real-world IP" connection. Don't NAT on
the other routers and live will be much easier.
Walter
On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette <[email protected]
<mailto:[email protected]>> wrote:
Confirmed but as I said its the WAN blocking external traffic from
what I see.
Brian
On 1/14/2014 12:04 PM, Robert Pickett wrote:
I would start off by checking the firewall section of pfSense
to make sure that the LAN has a default allow statement. It
should say something like LAN -> any or something like that.
-Robert
On 1/14/2014 8:53 AM, Brian Caouette wrote:
I've downloaded Pfsense Live 2.1 and installed it on an
old machine with two nics. The pf machine can ping
internally and externally with no issues. I was able to
jump to shell and telnet out to a bbs I'm part of. Now on
the LAN nothing works except the pf web management screen.
I have looked at the logs and it shows all blocked packets
for incoming on the WAN. I went a step further and create
a rule to all all traffic on the WAN to no avail. My
network is as follows:
Cable Modem -> Linksys AP -> PF.
Yes I know its a little backwards but it should still work
as I also have another ap feeding off the Linksys for a
different zone in our house with no issues.
Any idea why the PF lan does not work? Yes I did disable
the option to disable private addresses since pf is behind
another router with a private ip.
_______________________________________________
List mailing list
[email protected] <mailto:[email protected]>
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
[email protected] <mailto:[email protected]>
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
[email protected] <mailto:[email protected]>
http://lists.pfsense.org/mailman/listinfo/list
--
The greatest dangers to liberty lurk in insidious encroachment by
men of zeal, well-meaning but without understanding. -- Justice
Louis D. Brandeis
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
