>From the PFSense UI, select Firewall->NAT. Then click on the Outbound tab. Then select the Manual Outbound NAT rule generation radio button (this turns off Automatic outbound NAT rule generation). Then delete/deactive the mapping that has your LAN network as a source. This is what is messing up your routing of packets from the linksys to the LAN side of the PFSense router. The option you turned off stops spoofing attacks on a router and turning it off is required when routing private networks, but does do the whole job (you also need to disable NATing to complete the job).
Walter On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette <bri...@dlois.com> wrote: > The pf wan port is plugged into my Linksys ap so it is already behind > nat hence the reason I unchecked the option under the interface tab to > block reserved ips. I see no reason to use nat again. I'm open to > recommendations as to the easiest solution. Pretty sure I did create a rule > to allow all traffic on both lan and wan. I will confirm as soon as I have > access to the machine again. I do see sever options for nat. I think I did > uncheck the option to disable it but nothing changed. If you can give me a > step by step what to check / uncheck, etc... To recap my setup is: > > Cable Modem (public ip with a 192.168.100.1 management port -> Linksys AP > dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range > including -> PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp > assigns my laptop .101 when plugged in. > > Brian > > > On 1/14/2014 12:50 PM, Walter Parker wrote: > > By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN > traffic, you will need to allow it (add rules on both the WAN and LAN > sides). But you might want to notice something else. If PFSense is > operating as a straight up router where you don't want NATing of the LAN > packets, then you will need to disable NAT. By default, it is auto-enabled > for the LAN side. This is what often prevents the "LAN" side from being > seen by the WAN side. If you don't want any "firewall" style rules, just > routing, you can turn off all the firewall rules from one of the advanced > options. > > You need to decide how you want to use PFSense inside the network. I'd > make sure that there is only one NAT router on the network, use the router > that has the actual "real-world IP" connection. Don't NAT on the other > routers and live will be much easier. > > > Walter > > > On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette <bri...@dlois.com> wrote: > >> Confirmed but as I said its the WAN blocking external traffic from what I >> see. >> >> Brian >> >> >> On 1/14/2014 12:04 PM, Robert Pickett wrote: >> >>> I would start off by checking the firewall section of pfSense to make >>> sure that the LAN has a default allow statement. It should say something >>> like LAN -> any or something like that. >>> >>> -Robert >>> >>> On 1/14/2014 8:53 AM, Brian Caouette wrote: >>> >>>> I've downloaded Pfsense Live 2.1 and installed it on an old machine >>>> with two nics. The pf machine can ping internally and externally with no >>>> issues. I was able to jump to shell and telnet out to a bbs I'm part of. >>>> Now on the LAN nothing works except the pf web management screen. I have >>>> looked at the logs and it shows all blocked packets for incoming on the >>>> WAN. I went a step further and create a rule to all all traffic on the WAN >>>> to no avail. My network is as follows: >>>> >>>> Cable Modem -> Linksys AP -> PF. >>>> >>>> Yes I know its a little backwards but it should still work as I also >>>> have another ap feeding off the Linksys for a different zone in our house >>>> with no issues. >>>> >>>> Any idea why the PF lan does not work? Yes I did disable the option to >>>> disable private addresses since pf is behind another router with a private >>>> ip. >>>> _______________________________________________ >>>> List mailing list >>>> List@lists.pfsense.org >>>> http://lists.pfsense.org/mailman/listinfo/list >>>> >>> >>> _______________________________________________ >>> List mailing list >>> List@lists.pfsense.org >>> http://lists.pfsense.org/mailman/listinfo/list >>> >> >> _______________________________________________ >> List mailing list >> List@lists.pfsense.org >> http://lists.pfsense.org/mailman/listinfo/list >> > > > > -- > The greatest dangers to liberty lurk in insidious encroachment by men of > zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis > > > _______________________________________________ > List mailing > listList@lists.pfsense.orghttp://lists.pfsense.org/mailman/listinfo/list > > > > _______________________________________________ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list > > -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
