subject:"\[pfSense\] WAN not accepting traffic"

Re: [pfSense] WAN not accepting traffic

2014-01-16 Thread Brian Caouette

Why would it behave any differently then the old netgear I have plugged 
into it for another part of the house? Both the netgear and the pfsense 
box are essentially doing the same thing.


On 1/15/2014 3:55 AM, Ulrik Lunddahl wrote:

Hi Brian!


Cable Modem (public ip with a 192.168.100.1 management port -> Linksys AP dhcp to 
modem 192.168.100.1 lan ip with all connected pc's in this range including -> PF 
192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp assigns my laptop .101 when 
plugged in.

Have you remembered to tell you NAT router (the first one) to route traffic to 
the 192.168.1.x subnet via 192.168.100.20 (pfSense WAN), you will use a static 
route for that, on the NAT router, not the pfSense box.

- Ulrik




-Oprindelig meddelelse-
Fra: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] På 
vegne af Brian Caouette
Sendt: 15. januar 2014 05:00
Til: pfSense support and discussion
Emne: Re: [pfSense] WAN not accepting traffic

This software is very frustrating. Last night captive portal was prompting for 
logon info and today its not.

UGH

Anyone willing to remote connect and help me out?

Brian

bri...@dlois.com
207-212-6560

On 1/14/2014 10:16 PM, Brian Caouette wrote:

Would you be willing to do a remote connection? If so email
bri...@dlois.com and I'll share the details to the machine.

Brian Caouette
207-212-6560

On 1/14/2014 8:33 PM, Walter Parker wrote:

If the WAN interface is set to DHCP, then I think there is an option
to override/not override the DNS server addresses from the DHCP
server. Check that. Check that the rule passes TCP&UDP. When I've had
this problem before, I also check from the shell, but then again, I'm
an oldtime FreeBSD user, so I don't fear the CLI (check
/etc/resolv.conf).


Walter


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] WAN not accepting traffic

2014-01-15 Thread Ulrik Lunddahl

Hi Brian!

> Cable Modem (public ip with a 192.168.100.1 management port -> Linksys AP 
> dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range 
> including -> PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp 
> assigns my laptop .101 when plugged in.

Have you remembered to tell you NAT router (the first one) to route traffic to 
the 192.168.1.x subnet via 192.168.100.20 (pfSense WAN), you will use a static 
route for that, on the NAT router, not the pfSense box.

- Ulrik




-Oprindelig meddelelse-
Fra: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] På 
vegne af Brian Caouette
Sendt: 15. januar 2014 05:00
Til: pfSense support and discussion
Emne: Re: [pfSense] WAN not accepting traffic

This software is very frustrating. Last night captive portal was prompting for 
logon info and today its not.

UGH

Anyone willing to remote connect and help me out?

Brian

bri...@dlois.com
207-212-6560

On 1/14/2014 10:16 PM, Brian Caouette wrote:
> Would you be willing to do a remote connection? If so email 
> bri...@dlois.com and I'll share the details to the machine.
>
> Brian Caouette
> 207-212-6560
>
> On 1/14/2014 8:33 PM, Walter Parker wrote:
>> If the WAN interface is set to DHCP, then I think there is an option 
>> to override/not override the DNS server addresses from the DHCP 
>> server. Check that. Check that the rule passes TCP&UDP. When I've had 
>> this problem before, I also check from the shell, but then again, I'm 
>> an oldtime FreeBSD user, so I don't fear the CLI (check 
>> /etc/resolv.conf).
>>
>>
>> Walter
>>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Brian Caouette

This software is very frustrating. Last night captive portal was 
prompting for logon info and today its not.


UGH

Anyone willing to remote connect and help me out?

Brian

bri...@dlois.com
207-212-6560

On 1/14/2014 10:16 PM, Brian Caouette wrote:
Would you be willing to do a remote connection? If so email 
bri...@dlois.com and I'll share the details to the machine.


Brian Caouette
207-212-6560

On 1/14/2014 8:33 PM, Walter Parker wrote:
If the WAN interface is set to DHCP, then I think there is an option 
to override/not override the DNS server addresses from the DHCP 
server. Check that. Check that the rule passes TCP&UDP. When I've had 
this problem before, I also check from the shell, but then again, I'm 
an oldtime FreeBSD user, so I don't fear the CLI (check 
/etc/resolv.conf).



Walter



___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Brian Caouette

Would you be willing to do a remote connection? If so email 
bri...@dlois.com and I'll share the details to the machine.


Brian Caouette
207-212-6560

On 1/14/2014 8:33 PM, Walter Parker wrote:
If the WAN interface is set to DHCP, then I think there is an option 
to override/not override the DNS server addresses from the DHCP 
server. Check that. Check that the rule passes TCP&UDP. When I've had 
this problem before, I also check from the shell, but then again, I'm 
an oldtime FreeBSD user, so I don't fear the CLI (check 
/etc/resolv.conf).



Walter



___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Alexandre Paradis

Try to uncheck under wan 'block private network'.


On Tue, Jan 14, 2014 at 8:33 PM, Walter Parker  wrote:

> If the WAN interface is set to DHCP, then I think there is an option to
> override/not override the DNS server addresses from the DHCP server. Check
> that. Check that the rule passes TCP&UDP. When I've had this problem
> before, I also check from the shell, but then again, I'm an oldtime FreeBSD
> user, so I don't fear the CLI (check /etc/resolv.conf).
>
>
> Walter
>
>
> On Tue, Jan 14, 2014 at 5:26 PM, bri...@dlois.com wrote:
>
>> It has 8.8.8.8 & 8.8.4.4
>>
>> What do you mean by over ride? Where is that located? As for a rule for
>> 53 I have one I'm there to allow all. Wouldn't that cover it?
>>
>> Sent from my HTC
>>
>>
>> - Reply message -
>> From: "Walter Parker" 
>> To: "pfSense support and discussion" 
>> Subject: [pfSense] WAN not accepting traffic
>> Date: Tue, Jan 14, 2014 8:04 pm
>>
>>
>> You might check the DNS settings on the PFSense router itself to make
>> sure that it has valid IP addresses for DNS servers. Also check on the
>> override flags (and maybe add a rule for 53 DNS traffic).
>>
>>
>> Walter
>>
>>
>> On Tue, Jan 14, 2014 at 4:47 PM, Brian Caouette  wrote:
>>
>>>  I think we've made progress. Things in management that didn't work are
>>> now working. Before it was not able to do a ping or tracert and now they
>>> do. I think the issue is dns related now because Windows 8 laptop reports a
>>> dns error. Also the dns lookup in management doesn't give me any results.
>>> So for whatever reason its not being passed to the lan.
>>>
>>>
>>> On 1/14/2014 1:13 PM, Walter Parker wrote:
>>>
>>> From the PFSense UI, select Firewall->NAT. Then click on the Outbound
>>> tab. Then select the Manual Outbound NAT rule generation radio button (this
>>> turns off Automatic outbound NAT rule generation). Then delete/deactive the
>>> mapping that has your LAN network as a source. This is what is messing up
>>> your routing of packets from the linksys to the LAN side of the PFSense
>>> router. The option you turned off stops spoofing attacks on a router and
>>> turning it off is required when routing private networks, but does do the
>>> whole job (you also need to disable NATing to complete the job).
>>>
>>>
>>>
>>>
>>>  Walter
>>>
>>>
>>>
>>> On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette wrote:
>>>
>>>>  The pf wan port is plugged into my Linksys ap so it is already behind
>>>> nat hence the reason I unchecked the option under the interface tab to
>>>> block reserved ips. I see no reason to use nat again. I'm open to
>>>> recommendations as to the easiest solution. Pretty sure I did create a rule
>>>> to allow all traffic on both lan and wan. I will confirm as soon as I have
>>>> access to the machine again. I do see sever options for nat. I think I did
>>>> uncheck the option to disable it but nothing changed. If you can give me a
>>>> step by step what to check / uncheck, etc... To recap my setup is:
>>>>
>>>> Cable Modem (public ip with a 192.168.100.1 management port -> Linksys
>>>> AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range
>>>> including -> PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp
>>>> assigns my laptop .101 when plugged in.
>>>>
>>>> Brian
>>>>
>>>>
>>>> On 1/14/2014 12:50 PM, Walter Parker wrote:
>>>>
>>>> By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN
>>>> traffic, you will need to allow it (add rules on both the WAN and LAN
>>>> sides). But you might want to notice something else. If PFSense is
>>>> operating as a straight up router where you don't want NATing of the LAN
>>>> packets, then you will need to disable NAT. By default, it is auto-enabled
>>>> for the LAN side. This is what often prevents the "LAN" side from being
>>>> seen by the WAN side. If you don't want any "firewall" style rules, just
>>>> routing, you can turn off all the firewall rules from one of the advanced
>>>> options.
>>>>
>>>>  You need to decide how you want to use PFSense inside the network.
>>>> I'd

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Walter Parker

If the WAN interface is set to DHCP, then I think there is an option to
override/not override the DNS server addresses from the DHCP server. Check
that. Check that the rule passes TCP&UDP. When I've had this problem
before, I also check from the shell, but then again, I'm an oldtime FreeBSD
user, so I don't fear the CLI (check /etc/resolv.conf).


Walter


On Tue, Jan 14, 2014 at 5:26 PM, bri...@dlois.com  wrote:

> It has 8.8.8.8 & 8.8.4.4
>
> What do you mean by over ride? Where is that located? As for a rule for 53
> I have one I'm there to allow all. Wouldn't that cover it?
>
> Sent from my HTC
>
>
> - Reply message -
> From: "Walter Parker" 
> To: "pfSense support and discussion" 
> Subject: [pfSense] WAN not accepting traffic
> Date: Tue, Jan 14, 2014 8:04 pm
>
>
> You might check the DNS settings on the PFSense router itself to make sure
> that it has valid IP addresses for DNS servers. Also check on the override
> flags (and maybe add a rule for 53 DNS traffic).
>
>
> Walter
>
>
> On Tue, Jan 14, 2014 at 4:47 PM, Brian Caouette  wrote:
>
>>  I think we've made progress. Things in management that didn't work are
>> now working. Before it was not able to do a ping or tracert and now they
>> do. I think the issue is dns related now because Windows 8 laptop reports a
>> dns error. Also the dns lookup in management doesn't give me any results.
>> So for whatever reason its not being passed to the lan.
>>
>>
>> On 1/14/2014 1:13 PM, Walter Parker wrote:
>>
>> From the PFSense UI, select Firewall->NAT. Then click on the Outbound
>> tab. Then select the Manual Outbound NAT rule generation radio button (this
>> turns off Automatic outbound NAT rule generation). Then delete/deactive the
>> mapping that has your LAN network as a source. This is what is messing up
>> your routing of packets from the linksys to the LAN side of the PFSense
>> router. The option you turned off stops spoofing attacks on a router and
>> turning it off is required when routing private networks, but does do the
>> whole job (you also need to disable NATing to complete the job).
>>
>>
>>
>>
>>  Walter
>>
>>
>>
>> On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette wrote:
>>
>>>  The pf wan port is plugged into my Linksys ap so it is already behind
>>> nat hence the reason I unchecked the option under the interface tab to
>>> block reserved ips. I see no reason to use nat again. I'm open to
>>> recommendations as to the easiest solution. Pretty sure I did create a rule
>>> to allow all traffic on both lan and wan. I will confirm as soon as I have
>>> access to the machine again. I do see sever options for nat. I think I did
>>> uncheck the option to disable it but nothing changed. If you can give me a
>>> step by step what to check / uncheck, etc... To recap my setup is:
>>>
>>> Cable Modem (public ip with a 192.168.100.1 management port -> Linksys
>>> AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range
>>> including -> PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp
>>> assigns my laptop .101 when plugged in.
>>>
>>> Brian
>>>
>>>
>>> On 1/14/2014 12:50 PM, Walter Parker wrote:
>>>
>>> By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN
>>> traffic, you will need to allow it (add rules on both the WAN and LAN
>>> sides). But you might want to notice something else. If PFSense is
>>> operating as a straight up router where you don't want NATing of the LAN
>>> packets, then you will need to disable NAT. By default, it is auto-enabled
>>> for the LAN side. This is what often prevents the "LAN" side from being
>>> seen by the WAN side. If you don't want any "firewall" style rules, just
>>> routing, you can turn off all the firewall rules from one of the advanced
>>> options.
>>>
>>>  You need to decide how you want to use PFSense inside the network. I'd
>>> make sure that there is only one NAT router on the network, use the router
>>> that has the actual "real-world IP" connection. Don't NAT on the other
>>> routers and live will be much easier.
>>>
>>>
>>>  Walter
>>>
>>>
>>> On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette wrote:
>>>
>>>> Confirmed but as I said its the WAN blocking external traffic from what
>>>> I see.
>>>

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread bri...@dlois.com

It has 8.8.8.8 & 8.8.4.4

What do you mean by over ride? Where is that located? As for a rule for 53 I 
have one I'm there to allow all. Wouldn't that cover it?

Sent from my HTC

- Reply message -
From: "Walter Parker" 
To: "pfSense support and discussion" 
Subject: [pfSense] WAN not accepting traffic
Date: Tue, Jan 14, 2014 8:04 pm
You might check the DNS settings on the PFSense router itself to make sure that 
it has valid IP addresses for DNS servers. Also check on the override flags 
(and maybe add a rule for 53 DNS traffic).

Walter

On Tue, Jan 14, 2014 at 4:47 PM, Brian Caouette  wrote:

I think we've made progress. Things in
management that didn't work are now working. Before it was not
able to do a ping or tracert and now they do. I think the issue is
dns related now because Windows 8 laptop reports a dns error. Also
the dns lookup in management doesn't give me any results. So for
whatever reason its not being passed to the lan.

On 1/14/2014 1:13 PM, Walter Parker wrote:

From the PFSense UI, select Firewall->NAT. Then
click on the Outbound tab. Then select the Manual Outbound NAT
rule generation radio button (this turns off Automatic outbound
NAT rule generation). Then delete/deactive the mapping that has
your LAN network as a source. This is what is messing up your
routing of packets from the linksys to the LAN side of the
PFSense router. The option you turned off stops spoofing attacks
on a router and turning it off is required when routing private
networks, but does do the whole job (you also need to disable
NATing to complete the job).

Walter

On Tue, Jan 14, 2014 at 10:01 AM, Brian
Caouette 
wrote:

The pf wan port is plugged into my Linksys ap so it
is already behind nat hence the reason I unchecked the
option under the interface tab to block reserved ips. I
see no reason to use nat again. I'm open to
recommendations as to the easiest solution. Pretty sure
I did create a rule to allow all traffic on both lan and
wan. I will confirm as soon as I have access to the
machine again. I do see sever options for nat. I think I
did uncheck the option to disable it but nothing
changed. If you can give me a step by step what to check
/ uncheck, etc... To recap my setup is:

Cable Modem (public ip with a 192.168.100.1 management
port -> Linksys AP dhcp to modem 192.168.100.1 lan ip
with all connected pc's in this range including -> PF
192.168.100.20 and pf lan of 192.168.1.1 of which is
dhcp assigns my laptop .101 when plugged in.

Brian

On 1/14/2014 12:50 PM, Walter Parker wrote:

By default, PFSense blocks WAN to LAN
traffic. If you want WAN to LAN traffic, you will
need to allow it (add rules on both the WAN and
LAN sides). But you might want to notice something
else. If PFSense is operating as a straight up
router where you don't want NATing of the LAN
packets, then you will need to disable NAT. By
default, it is auto-enabled for the LAN side. This
is what often prevents the "LAN" side from being
seen by the WAN side. If you don't want any
"firewall" style rules, just routing, you can turn
off all the firewall rules from one of the
advanced options.

You need to decide how you want to use
PFSense inside the network. I'd make sure that
there is only one NAT router on the network, use
the router that has the actual "real-world IP"
connection. Don't NAT on the other routers and
live will be much easier.

Walter

On Tue, Jan 14, 2014 at
9:40 AM, Brian Caouette 
wrote:

Confirmed but as I
said its the WAN blocking external traffic
from what I see.

Brian

On 1/14/2014 12:04 PM, Robert Pickett
wrote:

I would
start off by checking the firewall
section of pfSense to make sure that the
LAN has a default allow statement. It
should say something like LAN -> any
or something like that.

-Robert

On 1/14/2014 8:53 AM, Brian Caouette
wrote:

 I've
downloaded Pfsense Live 2.1 and
installed it on an old machine with
two nics. The pf machine can ping
internally and externally with no
issues. I was able to jump to shell
and telnet out to a bbs I'm part of.
Now on the LAN nothing works except
the pf web management screen. I have
looked at the logs and it shows all
blocked packets for incoming on the
WAN. I went a step further and create
a rule to all all traffic on the WAN
to no avail. My network is as follows:

Cable Modem -> Linksys AP -> PF.

Yes I know its a little backwards but
it should still work as I also have
another ap feeding off the Linksys for
a different zone in our house with no
issues.

Any idea why the PF lan does not work?
Yes I did disable the option to
disable private addresses since pf is
behind another router with a private
ip.

___

List mailing list

List@lists.pfsense.org

http://lists.pfsense.org/mailman/listinfo/list

_

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Walter Parker

You might check the DNS settings on the PFSense router itself to make sure
that it has valid IP addresses for DNS servers. Also check on the override
flags (and maybe add a rule for 53 DNS traffic).


Walter


On Tue, Jan 14, 2014 at 4:47 PM, Brian Caouette  wrote:

>  I think we've made progress. Things in management that didn't work are
> now working. Before it was not able to do a ping or tracert and now they
> do. I think the issue is dns related now because Windows 8 laptop reports a
> dns error. Also the dns lookup in management doesn't give me any results.
> So for whatever reason its not being passed to the lan.
>
>
> On 1/14/2014 1:13 PM, Walter Parker wrote:
>
> From the PFSense UI, select Firewall->NAT. Then click on the Outbound tab.
> Then select the Manual Outbound NAT rule generation radio button (this
> turns off Automatic outbound NAT rule generation). Then delete/deactive the
> mapping that has your LAN network as a source. This is what is messing up
> your routing of packets from the linksys to the LAN side of the PFSense
> router. The option you turned off stops spoofing attacks on a router and
> turning it off is required when routing private networks, but does do the
> whole job (you also need to disable NATing to complete the job).
>
>
>
>
>  Walter
>
>
>
> On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette  wrote:
>
>>  The pf wan port is plugged into my Linksys ap so it is already behind
>> nat hence the reason I unchecked the option under the interface tab to
>> block reserved ips. I see no reason to use nat again. I'm open to
>> recommendations as to the easiest solution. Pretty sure I did create a rule
>> to allow all traffic on both lan and wan. I will confirm as soon as I have
>> access to the machine again. I do see sever options for nat. I think I did
>> uncheck the option to disable it but nothing changed. If you can give me a
>> step by step what to check / uncheck, etc... To recap my setup is:
>>
>> Cable Modem (public ip with a 192.168.100.1 management port -> Linksys AP
>> dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range
>> including -> PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp
>> assigns my laptop .101 when plugged in.
>>
>> Brian
>>
>>
>> On 1/14/2014 12:50 PM, Walter Parker wrote:
>>
>> By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN
>> traffic, you will need to allow it (add rules on both the WAN and LAN
>> sides). But you might want to notice something else. If PFSense is
>> operating as a straight up router where you don't want NATing of the LAN
>> packets, then you will need to disable NAT. By default, it is auto-enabled
>> for the LAN side. This is what often prevents the "LAN" side from being
>> seen by the WAN side. If you don't want any "firewall" style rules, just
>> routing, you can turn off all the firewall rules from one of the advanced
>> options.
>>
>>  You need to decide how you want to use PFSense inside the network. I'd
>> make sure that there is only one NAT router on the network, use the router
>> that has the actual "real-world IP" connection. Don't NAT on the other
>> routers and live will be much easier.
>>
>>
>>  Walter
>>
>>
>> On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette  wrote:
>>
>>> Confirmed but as I said its the WAN blocking external traffic from what
>>> I see.
>>>
>>> Brian
>>>
>>>
>>> On 1/14/2014 12:04 PM, Robert Pickett wrote:
>>>
 I would start off by checking the firewall section of pfSense to make
 sure that the LAN has a default allow statement. It should say something
 like LAN -> any or something like that.

 -Robert

 On 1/14/2014 8:53 AM, Brian Caouette wrote:

>  I've downloaded Pfsense Live 2.1 and installed it on an old machine
> with two nics. The pf machine can ping internally and externally with no
> issues. I was able to jump to shell and telnet out to a bbs I'm part of.
> Now on the LAN nothing works except the pf web management screen. I have
> looked at the logs and it shows all blocked packets for incoming on the
> WAN. I went a step further and create a rule to all all traffic on the WAN
> to no avail. My network is as follows:
>
> Cable Modem -> Linksys AP -> PF.
>
> Yes I know its a little backwards but it should still work as I also
> have another ap feeding off the Linksys for a different zone in our house
> with no issues.
>
> Any idea why the PF lan does not work? Yes I did disable the option to
> disable private addresses since pf is behind another router with a private
> ip.
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>

 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list

>>>
>>> __

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Brian Caouette

I think we've made progress. Things in management that didn't work are 
now working. Before it was not able to do a ping or tracert and now they 
do. I think the issue is dns related now because Windows 8 laptop 
reports a dns error. Also the dns lookup in management doesn't give me 
any results. So for whatever reason its not being passed to the lan.


On 1/14/2014 1:13 PM, Walter Parker wrote:
From the PFSense UI, select Firewall->NAT. Then click on the Outbound 
tab. Then select the Manual Outbound NAT rule generation radio button 
(this turns off Automatic outbound NAT rule generation). Then 
delete/deactive the mapping that has your LAN network as a source. 
This is what is messing up your routing of packets from the linksys to 
the LAN side of the PFSense router. The option you turned off stops 
spoofing attacks on a router and turning it off is required when 
routing private networks, but does do the whole job (you also need to 
disable NATing to complete the job).





Walter



On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette > wrote:


The pf wan port is plugged into my Linksys ap so it is already
behind nat hence the reason I unchecked the option under the
interface tab to block reserved ips. I see no reason to use nat
again. I'm open to recommendations as to the easiest solution.
Pretty sure I did create a rule to allow all traffic on both lan
and wan. I will confirm as soon as I have access to the machine
again. I do see sever options for nat. I think I did uncheck the
option to disable it but nothing changed. If you can give me a
step by step what to check / uncheck, etc... To recap my setup is:

Cable Modem (public ip with a 192.168.100.1 management port ->
Linksys AP dhcp to modem 192.168.100.1 lan ip with all connected
pc's in this range including -> PF 192.168.100.20 and pf lan of
192.168.1.1 of which is dhcp assigns my laptop .101 when plugged in.

Brian


On 1/14/2014 12:50 PM, Walter Parker wrote:

By default, PFSense blocks WAN to LAN traffic. If you want WAN to
LAN traffic, you will need to allow it (add rules on both the WAN
and LAN sides). But you might want to notice something else. If
PFSense is operating as a straight up router where you don't want
NATing of the LAN packets, then you will need to disable NAT. By
default, it is auto-enabled for the LAN side. This is what often
prevents the "LAN" side from being seen by the WAN side. If you
don't want any "firewall" style rules, just routing, you can turn
off all the firewall rules from one of the advanced options.

You need to decide how you want to use PFSense inside the
network. I'd make sure that there is only one NAT router on the
network, use the router that has the actual "real-world IP"
connection. Don't NAT on the other routers and live will be much
easier.


Walter


On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette mailto:bri...@dlois.com>> wrote:

Confirmed but as I said its the WAN blocking external traffic
from what I see.

Brian


On 1/14/2014 12:04 PM, Robert Pickett wrote:

I would start off by checking the firewall section of
pfSense to make sure that the LAN has a default allow
statement. It should say something like LAN -> any or
something like that.

-Robert

On 1/14/2014 8:53 AM, Brian Caouette wrote:

 I've downloaded Pfsense Live 2.1 and installed it on
an old machine with two nics. The pf machine can ping
internally and externally with no issues. I was able
to jump to shell and telnet out to a bbs I'm part of.
Now on the LAN nothing works except the pf web
management screen. I have looked at the logs and it
shows all blocked packets for incoming on the WAN. I
went a step further and create a rule to all all
traffic on the WAN to no avail. My network is as follows:

Cable Modem -> Linksys AP -> PF.

Yes I know its a little backwards but it should still
work as I also have another ap feeding off the
Linksys for a different zone in our house with no issues.

Any idea why the PF lan does not work? Yes I did
disable the option to disable private addresses since
pf is behind another router with a private ip.
___
List mailing list
List@lists.pfsense.org 
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org 
http://list

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Brian Caouette

Thank you! I will give that a try after 4 hours. I do not have remote 
access to the machine.


Brian

On 1/14/2014 1:13 PM, Walter Parker wrote:
From the PFSense UI, select Firewall->NAT. Then click on the Outbound 
tab. Then select the Manual Outbound NAT rule generation radio button 
(this turns off Automatic outbound NAT rule generation). Then 
delete/deactive the mapping that has your LAN network as a source. 
This is what is messing up your routing of packets from the linksys to 
the LAN side of the PFSense router. The option you turned off stops 
spoofing attacks on a router and turning it off is required when 
routing private networks, but does do the whole job (you also need to 
disable NATing to complete the job).





Walter



On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette > wrote:


The pf wan port is plugged into my Linksys ap so it is already
behind nat hence the reason I unchecked the option under the
interface tab to block reserved ips. I see no reason to use nat
again. I'm open to recommendations as to the easiest solution.
Pretty sure I did create a rule to allow all traffic on both lan
and wan. I will confirm as soon as I have access to the machine
again. I do see sever options for nat. I think I did uncheck the
option to disable it but nothing changed. If you can give me a
step by step what to check / uncheck, etc... To recap my setup is:

Cable Modem (public ip with a 192.168.100.1 management port ->
Linksys AP dhcp to modem 192.168.100.1 lan ip with all connected
pc's in this range including -> PF 192.168.100.20 and pf lan of
192.168.1.1 of which is dhcp assigns my laptop .101 when plugged in.

Brian


On 1/14/2014 12:50 PM, Walter Parker wrote:

By default, PFSense blocks WAN to LAN traffic. If you want WAN to
LAN traffic, you will need to allow it (add rules on both the WAN
and LAN sides). But you might want to notice something else. If
PFSense is operating as a straight up router where you don't want
NATing of the LAN packets, then you will need to disable NAT. By
default, it is auto-enabled for the LAN side. This is what often
prevents the "LAN" side from being seen by the WAN side. If you
don't want any "firewall" style rules, just routing, you can turn
off all the firewall rules from one of the advanced options.

You need to decide how you want to use PFSense inside the
network. I'd make sure that there is only one NAT router on the
network, use the router that has the actual "real-world IP"
connection. Don't NAT on the other routers and live will be much
easier.


Walter


On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette mailto:bri...@dlois.com>> wrote:

Confirmed but as I said its the WAN blocking external traffic
from what I see.

Brian


On 1/14/2014 12:04 PM, Robert Pickett wrote:

I would start off by checking the firewall section of
pfSense to make sure that the LAN has a default allow
statement. It should say something like LAN -> any or
something like that.

-Robert

On 1/14/2014 8:53 AM, Brian Caouette wrote:

 I've downloaded Pfsense Live 2.1 and installed it on
an old machine with two nics. The pf machine can ping
internally and externally with no issues. I was able
to jump to shell and telnet out to a bbs I'm part of.
Now on the LAN nothing works except the pf web
management screen. I have looked at the logs and it
shows all blocked packets for incoming on the WAN. I
went a step further and create a rule to all all
traffic on the WAN to no avail. My network is as follows:

Cable Modem -> Linksys AP -> PF.

Yes I know its a little backwards but it should still
work as I also have another ap feeding off the
Linksys for a different zone in our house with no issues.

Any idea why the PF lan does not work? Yes I did
disable the option to disable private addresses since
pf is behind another router with a private ip.
___
List mailing list
List@lists.pfsense.org 
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org 
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org 
http://lists.pfsense.org/mailman/listinfo/list




--

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Walter Parker

>From the PFSense UI, select Firewall->NAT. Then click on the Outbound tab.
Then select the Manual Outbound NAT rule generation radio button (this
turns off Automatic outbound NAT rule generation). Then delete/deactive the
mapping that has your LAN network as a source. This is what is messing up
your routing of packets from the linksys to the LAN side of the PFSense
router. The option you turned off stops spoofing attacks on a router and
turning it off is required when routing private networks, but does do the
whole job (you also need to disable NATing to complete the job).




Walter



On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette  wrote:

>  The pf wan port is plugged into my Linksys ap so it is already behind
> nat hence the reason I unchecked the option under the interface tab to
> block reserved ips. I see no reason to use nat again. I'm open to
> recommendations as to the easiest solution. Pretty sure I did create a rule
> to allow all traffic on both lan and wan. I will confirm as soon as I have
> access to the machine again. I do see sever options for nat. I think I did
> uncheck the option to disable it but nothing changed. If you can give me a
> step by step what to check / uncheck, etc... To recap my setup is:
>
> Cable Modem (public ip with a 192.168.100.1 management port -> Linksys AP
> dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range
> including -> PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp
> assigns my laptop .101 when plugged in.
>
> Brian
>
>
> On 1/14/2014 12:50 PM, Walter Parker wrote:
>
> By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN
> traffic, you will need to allow it (add rules on both the WAN and LAN
> sides). But you might want to notice something else. If PFSense is
> operating as a straight up router where you don't want NATing of the LAN
> packets, then you will need to disable NAT. By default, it is auto-enabled
> for the LAN side. This is what often prevents the "LAN" side from being
> seen by the WAN side. If you don't want any "firewall" style rules, just
> routing, you can turn off all the firewall rules from one of the advanced
> options.
>
>  You need to decide how you want to use PFSense inside the network. I'd
> make sure that there is only one NAT router on the network, use the router
> that has the actual "real-world IP" connection. Don't NAT on the other
> routers and live will be much easier.
>
>
>  Walter
>
>
> On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette  wrote:
>
>> Confirmed but as I said its the WAN blocking external traffic from what I
>> see.
>>
>> Brian
>>
>>
>> On 1/14/2014 12:04 PM, Robert Pickett wrote:
>>
>>> I would start off by checking the firewall section of pfSense to make
>>> sure that the LAN has a default allow statement. It should say something
>>> like LAN -> any or something like that.
>>>
>>> -Robert
>>>
>>> On 1/14/2014 8:53 AM, Brian Caouette wrote:
>>>
  I've downloaded Pfsense Live 2.1 and installed it on an old machine
 with two nics. The pf machine can ping internally and externally with no
 issues. I was able to jump to shell and telnet out to a bbs I'm part of.
 Now on the LAN nothing works except the pf web management screen. I have
 looked at the logs and it shows all blocked packets for incoming on the
 WAN. I went a step further and create a rule to all all traffic on the WAN
 to no avail. My network is as follows:

 Cable Modem -> Linksys AP -> PF.

 Yes I know its a little backwards but it should still work as I also
 have another ap feeding off the Linksys for a different zone in our house
 with no issues.

 Any idea why the PF lan does not work? Yes I did disable the option to
 disable private addresses since pf is behind another router with a private
 ip.
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list

>>>
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org
>>> http://lists.pfsense.org/mailman/listinfo/list
>>>
>>
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> http://lists.pfsense.org/mailman/listinfo/list
>>
>
>
>
>  --
> The greatest dangers to liberty lurk in insidious encroachment by men of
> zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
>
>
> ___
> List mailing 
> listList@lists.pfsense.orghttp://lists.pfsense.org/mailman/listinfo/list
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
>


-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List maili

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Brian Caouette

The pf wan port is plugged into my Linksys ap so it is already behind 
nat hence the reason I unchecked the option under the interface tab to 
block reserved ips. I see no reason to use nat again. I'm open to 
recommendations as to the easiest solution. Pretty sure I did create a 
rule to allow all traffic on both lan and wan. I will confirm as soon as 
I have access to the machine again. I do see sever options for nat. I 
think I did uncheck the option to disable it but nothing changed. If you 
can give me a step by step what to check / uncheck, etc... To recap my 
setup is:


Cable Modem (public ip with a 192.168.100.1 management port -> Linksys 
AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this 
range including -> PF 192.168.100.20 and pf lan of 192.168.1.1 of which 
is dhcp assigns my laptop .101 when plugged in.


Brian

On 1/14/2014 12:50 PM, Walter Parker wrote:
By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN 
traffic, you will need to allow it (add rules on both the WAN and LAN 
sides). But you might want to notice something else. If PFSense is 
operating as a straight up router where you don't want NATing of the 
LAN packets, then you will need to disable NAT. By default, it is 
auto-enabled for the LAN side. This is what often prevents the "LAN" 
side from being seen by the WAN side. If you don't want any "firewall" 
style rules, just routing, you can turn off all the firewall rules 
from one of the advanced options.


You need to decide how you want to use PFSense inside the network. I'd 
make sure that there is only one NAT router on the network, use the 
router that has the actual "real-world IP" connection. Don't NAT on 
the other routers and live will be much easier.



Walter


On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette > wrote:


Confirmed but as I said its the WAN blocking external traffic from
what I see.

Brian


On 1/14/2014 12:04 PM, Robert Pickett wrote:

I would start off by checking the firewall section of pfSense
to make sure that the LAN has a default allow statement. It
should say something like LAN -> any or something like that.

-Robert

On 1/14/2014 8:53 AM, Brian Caouette wrote:

 I've downloaded Pfsense Live 2.1 and installed it on an
old machine with two nics. The pf machine can ping
internally and externally with no issues. I was able to
jump to shell and telnet out to a bbs I'm part of. Now on
the LAN nothing works except the pf web management screen.
I have looked at the logs and it shows all blocked packets
for incoming on the WAN. I went a step further and create
a rule to all all traffic on the WAN to no avail. My
network is as follows:

Cable Modem -> Linksys AP -> PF.

Yes I know its a little backwards but it should still work
as I also have another ap feeding off the Linksys for a
different zone in our house with no issues.

Any idea why the PF lan does not work? Yes I did disable
the option to disable private addresses since pf is behind
another router with a private ip.
___
List mailing list
List@lists.pfsense.org 
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org 
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org 
http://lists.pfsense.org/mailman/listinfo/list




--
The greatest dangers to liberty lurk in insidious encroachment by 
men of zeal, well-meaning but without understanding.   -- Justice 
Louis D. Brandeis



___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Walter Parker

By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN
traffic, you will need to allow it (add rules on both the WAN and LAN
sides). But you might want to notice something else. If PFSense is
operating as a straight up router where you don't want NATing of the LAN
packets, then you will need to disable NAT. By default, it is auto-enabled
for the LAN side. This is what often prevents the "LAN" side from being
seen by the WAN side. If you don't want any "firewall" style rules, just
routing, you can turn off all the firewall rules from one of the advanced
options.

You need to decide how you want to use PFSense inside the network. I'd make
sure that there is only one NAT router on the network, use the router that
has the actual "real-world IP" connection. Don't NAT on the other routers
and live will be much easier.

Walter

On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette  wrote:

> Confirmed but as I said its the WAN blocking external traffic from what I
> see.
>
> Brian
>
>
> On 1/14/2014 12:04 PM, Robert Pickett wrote:
>
>> I would start off by checking the firewall section of pfSense to make
>> sure that the LAN has a default allow statement. It should say something
>> like LAN -> any or something like that.
>>
>> -Robert
>>
>> On 1/14/2014 8:53 AM, Brian Caouette wrote:
>>
>>>  I've downloaded Pfsense Live 2.1 and installed it on an old machine
>>> with two nics. The pf machine can ping internally and externally with no
>>> issues. I was able to jump to shell and telnet out to a bbs I'm part of.
>>> Now on the LAN nothing works except the pf web management screen. I have
>>> looked at the logs and it shows all blocked packets for incoming on the
>>> WAN. I went a step further and create a rule to all all traffic on the WAN
>>> to no avail. My network is as follows:
>>>
>>> Cable Modem -> Linksys AP -> PF.
>>>
>>> Yes I know its a little backwards but it should still work as I also
>>> have another ap feeding off the Linksys for a different zone in our house
>>> with no issues.
>>>
>>> Any idea why the PF lan does not work? Yes I did disable the option to
>>> disable private addresses since pf is behind another router with a private
>>> ip.
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org
>>> http://lists.pfsense.org/mailman/listinfo/list
>>>
>>
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> http://lists.pfsense.org/mailman/listinfo/list
>>
>
> ___
> List mailing list
> List@lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>

-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Nishant Sharma

Are you sure your WAN and LAN networks are on different subnets?

PfSense by default has LAN on 192.168.1.0/24. Make sure that you Linksys 
provides IPs different from this.

-N
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Brian Caouette

Confirmed but as I said its the WAN blocking external traffic from what 
I see.


Brian

On 1/14/2014 12:04 PM, Robert Pickett wrote:
I would start off by checking the firewall section of pfSense to make 
sure that the LAN has a default allow statement. It should say 
something like LAN -> any or something like that.


-Robert

On 1/14/2014 8:53 AM, Brian Caouette wrote:
 I've downloaded Pfsense Live 2.1 and installed it on an old machine 
with two nics. The pf machine can ping internally and externally with 
no issues. I was able to jump to shell and telnet out to a bbs I'm 
part of. Now on the LAN nothing works except the pf web management 
screen. I have looked at the logs and it shows all blocked packets 
for incoming on the WAN. I went a step further and create a rule to 
all all traffic on the WAN to no avail. My network is as follows:


Cable Modem -> Linksys AP -> PF.

Yes I know its a little backwards but it should still work as I also 
have another ap feeding off the Linksys for a different zone in our 
house with no issues.


Any idea why the PF lan does not work? Yes I did disable the option 
to disable private addresses since pf is behind another router with a 
private ip.

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Robert Pickett

I would start off by checking the firewall section of pfSense to make 
sure that the LAN has a default allow statement. It should say something 
like LAN -> any or something like that.


-Robert

On 1/14/2014 8:53 AM, Brian Caouette wrote:
 I've downloaded Pfsense Live 2.1 and installed it on an old machine 
with two nics. The pf machine can ping internally and externally with 
no issues. I was able to jump to shell and telnet out to a bbs I'm 
part of. Now on the LAN nothing works except the pf web management 
screen. I have looked at the logs and it shows all blocked packets for 
incoming on the WAN. I went a step further and create a rule to all 
all traffic on the WAN to no avail. My network is as follows:


Cable Modem -> Linksys AP -> PF.

Yes I know its a little backwards but it should still work as I also 
have another ap feeding off the Linksys for a different zone in our 
house with no issues.


Any idea why the PF lan does not work? Yes I did disable the option to 
disable private addresses since pf is behind another router with a 
private ip.

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] WAN not accepting traffic

2014-01-14 Thread Brian Caouette

 I've downloaded Pfsense Live 2.1 and installed it on an old machine 
with two nics. The pf machine can ping internally and externally with no 
issues. I was able to jump to shell and telnet out to a bbs I'm part of. 
Now on the LAN nothing works except the pf web management screen. I have 
looked at the logs and it shows all blocked packets for incoming on the 
WAN. I went a step further and create a rule to all all traffic on the 
WAN to no avail. My network is as follows:


Cable Modem -> Linksys AP -> PF.

Yes I know its a little backwards but it should still work as I also 
have another ap feeding off the Linksys for a different zone in our 
house with no issues.


Any idea why the PF lan does not work? Yes I did disable the option to 
disable private addresses since pf is behind another router with a 
private ip.

___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

Re: [pfSense] WAN not accepting traffic

[pfSense] WAN not accepting traffic

17 matches

Site Navigation

Mail list logo

Footer information