[pfSense] WAN not accepting traffic
I've downloaded Pfsense Live 2.1 and installed it on an old machine with two nics. The pf machine can ping internally and externally with no issues. I was able to jump to shell and telnet out to a bbs I'm part of. Now on the LAN nothing works except the pf web management screen. I have looked at the logs and it shows all blocked packets for incoming on the WAN. I went a step further and create a rule to all all traffic on the WAN to no avail. My network is as follows: Cable Modem - Linksys AP - PF. Yes I know its a little backwards but it should still work as I also have another ap feeding off the Linksys for a different zone in our house with no issues. Any idea why the PF lan does not work? Yes I did disable the option to disable private addresses since pf is behind another router with a private ip. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] WAN not accepting traffic
I would start off by checking the firewall section of pfSense to make sure that the LAN has a default allow statement. It should say something like LAN - any or something like that. -Robert On 1/14/2014 8:53 AM, Brian Caouette wrote: I've downloaded Pfsense Live 2.1 and installed it on an old machine with two nics. The pf machine can ping internally and externally with no issues. I was able to jump to shell and telnet out to a bbs I'm part of. Now on the LAN nothing works except the pf web management screen. I have looked at the logs and it shows all blocked packets for incoming on the WAN. I went a step further and create a rule to all all traffic on the WAN to no avail. My network is as follows: Cable Modem - Linksys AP - PF. Yes I know its a little backwards but it should still work as I also have another ap feeding off the Linksys for a different zone in our house with no issues. Any idea why the PF lan does not work? Yes I did disable the option to disable private addresses since pf is behind another router with a private ip. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] WAN not accepting traffic
Confirmed but as I said its the WAN blocking external traffic from what I see. Brian On 1/14/2014 12:04 PM, Robert Pickett wrote: I would start off by checking the firewall section of pfSense to make sure that the LAN has a default allow statement. It should say something like LAN - any or something like that. -Robert On 1/14/2014 8:53 AM, Brian Caouette wrote: I've downloaded Pfsense Live 2.1 and installed it on an old machine with two nics. The pf machine can ping internally and externally with no issues. I was able to jump to shell and telnet out to a bbs I'm part of. Now on the LAN nothing works except the pf web management screen. I have looked at the logs and it shows all blocked packets for incoming on the WAN. I went a step further and create a rule to all all traffic on the WAN to no avail. My network is as follows: Cable Modem - Linksys AP - PF. Yes I know its a little backwards but it should still work as I also have another ap feeding off the Linksys for a different zone in our house with no issues. Any idea why the PF lan does not work? Yes I did disable the option to disable private addresses since pf is behind another router with a private ip. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] WAN not accepting traffic
Are you sure your WAN and LAN networks are on different subnets? PfSense by default has LAN on 192.168.1.0/24. Make sure that you Linksys provides IPs different from this. -N -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] WAN not accepting traffic
By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN traffic, you will need to allow it (add rules on both the WAN and LAN sides). But you might want to notice something else. If PFSense is operating as a straight up router where you don't want NATing of the LAN packets, then you will need to disable NAT. By default, it is auto-enabled for the LAN side. This is what often prevents the LAN side from being seen by the WAN side. If you don't want any firewall style rules, just routing, you can turn off all the firewall rules from one of the advanced options. You need to decide how you want to use PFSense inside the network. I'd make sure that there is only one NAT router on the network, use the router that has the actual real-world IP connection. Don't NAT on the other routers and live will be much easier. Walter On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette bri...@dlois.com wrote: Confirmed but as I said its the WAN blocking external traffic from what I see. Brian On 1/14/2014 12:04 PM, Robert Pickett wrote: I would start off by checking the firewall section of pfSense to make sure that the LAN has a default allow statement. It should say something like LAN - any or something like that. -Robert On 1/14/2014 8:53 AM, Brian Caouette wrote: I've downloaded Pfsense Live 2.1 and installed it on an old machine with two nics. The pf machine can ping internally and externally with no issues. I was able to jump to shell and telnet out to a bbs I'm part of. Now on the LAN nothing works except the pf web management screen. I have looked at the logs and it shows all blocked packets for incoming on the WAN. I went a step further and create a rule to all all traffic on the WAN to no avail. My network is as follows: Cable Modem - Linksys AP - PF. Yes I know its a little backwards but it should still work as I also have another ap feeding off the Linksys for a different zone in our house with no issues. Any idea why the PF lan does not work? Yes I did disable the option to disable private addresses since pf is behind another router with a private ip. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] WAN not accepting traffic
The pf wan port is plugged into my Linksys ap so it is already behind nat hence the reason I unchecked the option under the interface tab to block reserved ips. I see no reason to use nat again. I'm open to recommendations as to the easiest solution. Pretty sure I did create a rule to allow all traffic on both lan and wan. I will confirm as soon as I have access to the machine again. I do see sever options for nat. I think I did uncheck the option to disable it but nothing changed. If you can give me a step by step what to check / uncheck, etc... To recap my setup is: Cable Modem (public ip with a 192.168.100.1 management port - Linksys AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range including - PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp assigns my laptop .101 when plugged in. Brian On 1/14/2014 12:50 PM, Walter Parker wrote: By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN traffic, you will need to allow it (add rules on both the WAN and LAN sides). But you might want to notice something else. If PFSense is operating as a straight up router where you don't want NATing of the LAN packets, then you will need to disable NAT. By default, it is auto-enabled for the LAN side. This is what often prevents the LAN side from being seen by the WAN side. If you don't want any firewall style rules, just routing, you can turn off all the firewall rules from one of the advanced options. You need to decide how you want to use PFSense inside the network. I'd make sure that there is only one NAT router on the network, use the router that has the actual real-world IP connection. Don't NAT on the other routers and live will be much easier. Walter On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette bri...@dlois.com mailto:bri...@dlois.com wrote: Confirmed but as I said its the WAN blocking external traffic from what I see. Brian On 1/14/2014 12:04 PM, Robert Pickett wrote: I would start off by checking the firewall section of pfSense to make sure that the LAN has a default allow statement. It should say something like LAN - any or something like that. -Robert On 1/14/2014 8:53 AM, Brian Caouette wrote: I've downloaded Pfsense Live 2.1 and installed it on an old machine with two nics. The pf machine can ping internally and externally with no issues. I was able to jump to shell and telnet out to a bbs I'm part of. Now on the LAN nothing works except the pf web management screen. I have looked at the logs and it shows all blocked packets for incoming on the WAN. I went a step further and create a rule to all all traffic on the WAN to no avail. My network is as follows: Cable Modem - Linksys AP - PF. Yes I know its a little backwards but it should still work as I also have another ap feeding off the Linksys for a different zone in our house with no issues. Any idea why the PF lan does not work? Yes I did disable the option to disable private addresses since pf is behind another router with a private ip. ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] WAN not accepting traffic
From the PFSense UI, select Firewall-NAT. Then click on the Outbound tab. Then select the Manual Outbound NAT rule generation radio button (this turns off Automatic outbound NAT rule generation). Then delete/deactive the mapping that has your LAN network as a source. This is what is messing up your routing of packets from the linksys to the LAN side of the PFSense router. The option you turned off stops spoofing attacks on a router and turning it off is required when routing private networks, but does do the whole job (you also need to disable NATing to complete the job). Walter On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette bri...@dlois.com wrote: The pf wan port is plugged into my Linksys ap so it is already behind nat hence the reason I unchecked the option under the interface tab to block reserved ips. I see no reason to use nat again. I'm open to recommendations as to the easiest solution. Pretty sure I did create a rule to allow all traffic on both lan and wan. I will confirm as soon as I have access to the machine again. I do see sever options for nat. I think I did uncheck the option to disable it but nothing changed. If you can give me a step by step what to check / uncheck, etc... To recap my setup is: Cable Modem (public ip with a 192.168.100.1 management port - Linksys AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range including - PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp assigns my laptop .101 when plugged in. Brian On 1/14/2014 12:50 PM, Walter Parker wrote: By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN traffic, you will need to allow it (add rules on both the WAN and LAN sides). But you might want to notice something else. If PFSense is operating as a straight up router where you don't want NATing of the LAN packets, then you will need to disable NAT. By default, it is auto-enabled for the LAN side. This is what often prevents the LAN side from being seen by the WAN side. If you don't want any firewall style rules, just routing, you can turn off all the firewall rules from one of the advanced options. You need to decide how you want to use PFSense inside the network. I'd make sure that there is only one NAT router on the network, use the router that has the actual real-world IP connection. Don't NAT on the other routers and live will be much easier. Walter On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette bri...@dlois.com wrote: Confirmed but as I said its the WAN blocking external traffic from what I see. Brian On 1/14/2014 12:04 PM, Robert Pickett wrote: I would start off by checking the firewall section of pfSense to make sure that the LAN has a default allow statement. It should say something like LAN - any or something like that. -Robert On 1/14/2014 8:53 AM, Brian Caouette wrote: I've downloaded Pfsense Live 2.1 and installed it on an old machine with two nics. The pf machine can ping internally and externally with no issues. I was able to jump to shell and telnet out to a bbs I'm part of. Now on the LAN nothing works except the pf web management screen. I have looked at the logs and it shows all blocked packets for incoming on the WAN. I went a step further and create a rule to all all traffic on the WAN to no avail. My network is as follows: Cable Modem - Linksys AP - PF. Yes I know its a little backwards but it should still work as I also have another ap feeding off the Linksys for a different zone in our house with no issues. Any idea why the PF lan does not work? Yes I did disable the option to disable private addresses since pf is behind another router with a private ip. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing listList@lists.pfsense.orghttp://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] WAN not accepting traffic
Thank you! I will give that a try after 4 hours. I do not have remote access to the machine. Brian On 1/14/2014 1:13 PM, Walter Parker wrote: From the PFSense UI, select Firewall-NAT. Then click on the Outbound tab. Then select the Manual Outbound NAT rule generation radio button (this turns off Automatic outbound NAT rule generation). Then delete/deactive the mapping that has your LAN network as a source. This is what is messing up your routing of packets from the linksys to the LAN side of the PFSense router. The option you turned off stops spoofing attacks on a router and turning it off is required when routing private networks, but does do the whole job (you also need to disable NATing to complete the job). Walter On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette bri...@dlois.com mailto:bri...@dlois.com wrote: The pf wan port is plugged into my Linksys ap so it is already behind nat hence the reason I unchecked the option under the interface tab to block reserved ips. I see no reason to use nat again. I'm open to recommendations as to the easiest solution. Pretty sure I did create a rule to allow all traffic on both lan and wan. I will confirm as soon as I have access to the machine again. I do see sever options for nat. I think I did uncheck the option to disable it but nothing changed. If you can give me a step by step what to check / uncheck, etc... To recap my setup is: Cable Modem (public ip with a 192.168.100.1 management port - Linksys AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range including - PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp assigns my laptop .101 when plugged in. Brian On 1/14/2014 12:50 PM, Walter Parker wrote: By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN traffic, you will need to allow it (add rules on both the WAN and LAN sides). But you might want to notice something else. If PFSense is operating as a straight up router where you don't want NATing of the LAN packets, then you will need to disable NAT. By default, it is auto-enabled for the LAN side. This is what often prevents the LAN side from being seen by the WAN side. If you don't want any firewall style rules, just routing, you can turn off all the firewall rules from one of the advanced options. You need to decide how you want to use PFSense inside the network. I'd make sure that there is only one NAT router on the network, use the router that has the actual real-world IP connection. Don't NAT on the other routers and live will be much easier. Walter On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette bri...@dlois.com mailto:bri...@dlois.com wrote: Confirmed but as I said its the WAN blocking external traffic from what I see. Brian On 1/14/2014 12:04 PM, Robert Pickett wrote: I would start off by checking the firewall section of pfSense to make sure that the LAN has a default allow statement. It should say something like LAN - any or something like that. -Robert On 1/14/2014 8:53 AM, Brian Caouette wrote: I've downloaded Pfsense Live 2.1 and installed it on an old machine with two nics. The pf machine can ping internally and externally with no issues. I was able to jump to shell and telnet out to a bbs I'm part of. Now on the LAN nothing works except the pf web management screen. I have looked at the logs and it shows all blocked packets for incoming on the WAN. I went a step further and create a rule to all all traffic on the WAN to no avail. My network is as follows: Cable Modem - Linksys AP - PF. Yes I know its a little backwards but it should still work as I also have another ap feeding off the Linksys for a different zone in our house with no issues. Any idea why the PF lan does not work? Yes I did disable the option to disable private addresses since pf is behind another router with a private ip. ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org
[pfSense] Apple Messages Blocked
I have tried searching the forums for find a fix to allow Apple Messages app to successfully connect using Audio, Video, or Screen Sharing. Unfortunately I have not found a solution. It seems the port number is different each time I view the logs. Has anyone been able to resolve this or similar issue? The initial connection does work (ringing the bell) but when I accept the invite, it fails to start the actual stream. I am using the Jabber protocol with gmail since both parties have gmail accounts. Is it possible to temporarily create a DMZ to a specific private IP address to allow the service to connect and view the logs to understand what ports are needed to make this work safely. Any suggestions would be greatly appreciated. Paul Galati paulgal...@gmail.com ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Apple Messages Blocked
Hi Paul Although I didn't yet have to look at this, I could imagine some of our teachers and students might come at us sooner or later and ask about iMessage and Facetime, that's why I'm answering ... 2014/1/14 Paul Galati paulgal...@gmail.com I have tried searching the forums for find a fix to allow Apple Messages app to successfully connect using Audio, Video, or Screen Sharing. Unfortunately I have not found a solution. It seems the port number is different each time I view the logs. Has anyone been able to resolve this or similar issue? The initial connection does work (ringing the bell) but when I accept the invite, it fails to start the actual stream. I am using the Jabber protocol with gmail since both parties have gmail accounts. Is it possible to temporarily create a DMZ to a specific private IP address to allow the service to connect and view the logs to understand what ports are needed to make this work safely. At least Apple has put up some documentation on that topic: http://support.apple.com/kb/ht4245 maybe that's the ports you see listed there? Honestly I don't know how good or bad iMessage works with NAT, at least Apple seems to ask for (manual) port forwarding. If that is going to be true, I don't see myself putting up static port forwardings as we do have NAT and not that many public IPv4's for the (wifi) network However that's not my daily job and I'm just not seing the silver bullet to make it work? ;-) -- Mat ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Captive Portal
This is going to sound like a dumb question but ... Can the Captive Portal function be used by an offsite location? IE: A hotspot between two locations each with their own internet feed but using a single install of PFSense? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] WAN not accepting traffic
I think we've made progress. Things in management that didn't work are now working. Before it was not able to do a ping or tracert and now they do. I think the issue is dns related now because Windows 8 laptop reports a dns error. Also the dns lookup in management doesn't give me any results. So for whatever reason its not being passed to the lan. On 1/14/2014 1:13 PM, Walter Parker wrote: From the PFSense UI, select Firewall-NAT. Then click on the Outbound tab. Then select the Manual Outbound NAT rule generation radio button (this turns off Automatic outbound NAT rule generation). Then delete/deactive the mapping that has your LAN network as a source. This is what is messing up your routing of packets from the linksys to the LAN side of the PFSense router. The option you turned off stops spoofing attacks on a router and turning it off is required when routing private networks, but does do the whole job (you also need to disable NATing to complete the job). Walter On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette bri...@dlois.com mailto:bri...@dlois.com wrote: The pf wan port is plugged into my Linksys ap so it is already behind nat hence the reason I unchecked the option under the interface tab to block reserved ips. I see no reason to use nat again. I'm open to recommendations as to the easiest solution. Pretty sure I did create a rule to allow all traffic on both lan and wan. I will confirm as soon as I have access to the machine again. I do see sever options for nat. I think I did uncheck the option to disable it but nothing changed. If you can give me a step by step what to check / uncheck, etc... To recap my setup is: Cable Modem (public ip with a 192.168.100.1 management port - Linksys AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range including - PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp assigns my laptop .101 when plugged in. Brian On 1/14/2014 12:50 PM, Walter Parker wrote: By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN traffic, you will need to allow it (add rules on both the WAN and LAN sides). But you might want to notice something else. If PFSense is operating as a straight up router where you don't want NATing of the LAN packets, then you will need to disable NAT. By default, it is auto-enabled for the LAN side. This is what often prevents the LAN side from being seen by the WAN side. If you don't want any firewall style rules, just routing, you can turn off all the firewall rules from one of the advanced options. You need to decide how you want to use PFSense inside the network. I'd make sure that there is only one NAT router on the network, use the router that has the actual real-world IP connection. Don't NAT on the other routers and live will be much easier. Walter On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette bri...@dlois.com mailto:bri...@dlois.com wrote: Confirmed but as I said its the WAN blocking external traffic from what I see. Brian On 1/14/2014 12:04 PM, Robert Pickett wrote: I would start off by checking the firewall section of pfSense to make sure that the LAN has a default allow statement. It should say something like LAN - any or something like that. -Robert On 1/14/2014 8:53 AM, Brian Caouette wrote: I've downloaded Pfsense Live 2.1 and installed it on an old machine with two nics. The pf machine can ping internally and externally with no issues. I was able to jump to shell and telnet out to a bbs I'm part of. Now on the LAN nothing works except the pf web management screen. I have looked at the logs and it shows all blocked packets for incoming on the WAN. I went a step further and create a rule to all all traffic on the WAN to no avail. My network is as follows: Cable Modem - Linksys AP - PF. Yes I know its a little backwards but it should still work as I also have another ap feeding off the Linksys for a different zone in our house with no issues. Any idea why the PF lan does not work? Yes I did disable the option to disable private addresses since pf is behind another router with a private ip. ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org
Re: [pfSense] WAN not accepting traffic
You might check the DNS settings on the PFSense router itself to make sure that it has valid IP addresses for DNS servers. Also check on the override flags (and maybe add a rule for 53 DNS traffic). Walter On Tue, Jan 14, 2014 at 4:47 PM, Brian Caouette bri...@dlois.com wrote: I think we've made progress. Things in management that didn't work are now working. Before it was not able to do a ping or tracert and now they do. I think the issue is dns related now because Windows 8 laptop reports a dns error. Also the dns lookup in management doesn't give me any results. So for whatever reason its not being passed to the lan. On 1/14/2014 1:13 PM, Walter Parker wrote: From the PFSense UI, select Firewall-NAT. Then click on the Outbound tab. Then select the Manual Outbound NAT rule generation radio button (this turns off Automatic outbound NAT rule generation). Then delete/deactive the mapping that has your LAN network as a source. This is what is messing up your routing of packets from the linksys to the LAN side of the PFSense router. The option you turned off stops spoofing attacks on a router and turning it off is required when routing private networks, but does do the whole job (you also need to disable NATing to complete the job). Walter On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette bri...@dlois.com wrote: The pf wan port is plugged into my Linksys ap so it is already behind nat hence the reason I unchecked the option under the interface tab to block reserved ips. I see no reason to use nat again. I'm open to recommendations as to the easiest solution. Pretty sure I did create a rule to allow all traffic on both lan and wan. I will confirm as soon as I have access to the machine again. I do see sever options for nat. I think I did uncheck the option to disable it but nothing changed. If you can give me a step by step what to check / uncheck, etc... To recap my setup is: Cable Modem (public ip with a 192.168.100.1 management port - Linksys AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range including - PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp assigns my laptop .101 when plugged in. Brian On 1/14/2014 12:50 PM, Walter Parker wrote: By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN traffic, you will need to allow it (add rules on both the WAN and LAN sides). But you might want to notice something else. If PFSense is operating as a straight up router where you don't want NATing of the LAN packets, then you will need to disable NAT. By default, it is auto-enabled for the LAN side. This is what often prevents the LAN side from being seen by the WAN side. If you don't want any firewall style rules, just routing, you can turn off all the firewall rules from one of the advanced options. You need to decide how you want to use PFSense inside the network. I'd make sure that there is only one NAT router on the network, use the router that has the actual real-world IP connection. Don't NAT on the other routers and live will be much easier. Walter On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette bri...@dlois.com wrote: Confirmed but as I said its the WAN blocking external traffic from what I see. Brian On 1/14/2014 12:04 PM, Robert Pickett wrote: I would start off by checking the firewall section of pfSense to make sure that the LAN has a default allow statement. It should say something like LAN - any or something like that. -Robert On 1/14/2014 8:53 AM, Brian Caouette wrote: I've downloaded Pfsense Live 2.1 and installed it on an old machine with two nics. The pf machine can ping internally and externally with no issues. I was able to jump to shell and telnet out to a bbs I'm part of. Now on the LAN nothing works except the pf web management screen. I have looked at the logs and it shows all blocked packets for incoming on the WAN. I went a step further and create a rule to all all traffic on the WAN to no avail. My network is as follows: Cable Modem - Linksys AP - PF. Yes I know its a little backwards but it should still work as I also have another ap feeding off the Linksys for a different zone in our house with no issues. Any idea why the PF lan does not work? Yes I did disable the option to disable private addresses since pf is behind another router with a private ip. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
Re: [pfSense] WAN not accepting traffic
Would you be willing to do a remote connection? If so email bri...@dlois.com and I'll share the details to the machine. Brian Caouette 207-212-6560 On 1/14/2014 8:33 PM, Walter Parker wrote: If the WAN interface is set to DHCP, then I think there is an option to override/not override the DNS server addresses from the DHCP server. Check that. Check that the rule passes TCPUDP. When I've had this problem before, I also check from the shell, but then again, I'm an oldtime FreeBSD user, so I don't fear the CLI (check /etc/resolv.conf). Walter ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] WAN not accepting traffic
This software is very frustrating. Last night captive portal was prompting for logon info and today its not. UGH Anyone willing to remote connect and help me out? Brian bri...@dlois.com 207-212-6560 On 1/14/2014 10:16 PM, Brian Caouette wrote: Would you be willing to do a remote connection? If so email bri...@dlois.com and I'll share the details to the machine. Brian Caouette 207-212-6560 On 1/14/2014 8:33 PM, Walter Parker wrote: If the WAN interface is set to DHCP, then I think there is an option to override/not override the DNS server addresses from the DHCP server. Check that. Check that the rule passes TCPUDP. When I've had this problem before, I also check from the shell, but then again, I'm an oldtime FreeBSD user, so I don't fear the CLI (check /etc/resolv.conf). Walter ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list