I think we've made progress. Things in management that didn't work are
now working. Before it was not able to do a ping or tracert and now they
do. I think the issue is dns related now because Windows 8 laptop
reports a dns error. Also the dns lookup in management doesn't give me
any results. So for whatever reason its not being passed to the lan.
On 1/14/2014 1:13 PM, Walter Parker wrote:
From the PFSense UI, select Firewall->NAT. Then click on the Outbound
tab. Then select the Manual Outbound NAT rule generation radio button
(this turns off Automatic outbound NAT rule generation). Then
delete/deactive the mapping that has your LAN network as a source.
This is what is messing up your routing of packets from the linksys to
the LAN side of the PFSense router. The option you turned off stops
spoofing attacks on a router and turning it off is required when
routing private networks, but does do the whole job (you also need to
disable NATing to complete the job).
Walter
On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette <bri...@dlois.com
<mailto:bri...@dlois.com>> wrote:
The pf wan port is plugged into my Linksys ap so it is already
behind nat hence the reason I unchecked the option under the
interface tab to block reserved ips. I see no reason to use nat
again. I'm open to recommendations as to the easiest solution.
Pretty sure I did create a rule to allow all traffic on both lan
and wan. I will confirm as soon as I have access to the machine
again. I do see sever options for nat. I think I did uncheck the
option to disable it but nothing changed. If you can give me a
step by step what to check / uncheck, etc... To recap my setup is:
Cable Modem (public ip with a 192.168.100.1 management port ->
Linksys AP dhcp to modem 192.168.100.1 lan ip with all connected
pc's in this range including -> PF 192.168.100.20 and pf lan of
192.168.1.1 of which is dhcp assigns my laptop .101 when plugged in.
Brian
On 1/14/2014 12:50 PM, Walter Parker wrote:
By default, PFSense blocks WAN to LAN traffic. If you want WAN to
LAN traffic, you will need to allow it (add rules on both the WAN
and LAN sides). But you might want to notice something else. If
PFSense is operating as a straight up router where you don't want
NATing of the LAN packets, then you will need to disable NAT. By
default, it is auto-enabled for the LAN side. This is what often
prevents the "LAN" side from being seen by the WAN side. If you
don't want any "firewall" style rules, just routing, you can turn
off all the firewall rules from one of the advanced options.
You need to decide how you want to use PFSense inside the
network. I'd make sure that there is only one NAT router on the
network, use the router that has the actual "real-world IP"
connection. Don't NAT on the other routers and live will be much
easier.
Walter
On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette <bri...@dlois.com
<mailto:bri...@dlois.com>> wrote:
Confirmed but as I said its the WAN blocking external traffic
from what I see.
Brian
On 1/14/2014 12:04 PM, Robert Pickett wrote:
I would start off by checking the firewall section of
pfSense to make sure that the LAN has a default allow
statement. It should say something like LAN -> any or
something like that.
-Robert
On 1/14/2014 8:53 AM, Brian Caouette wrote:
I've downloaded Pfsense Live 2.1 and installed it on
an old machine with two nics. The pf machine can ping
internally and externally with no issues. I was able
to jump to shell and telnet out to a bbs I'm part of.
Now on the LAN nothing works except the pf web
management screen. I have looked at the logs and it
shows all blocked packets for incoming on the WAN. I
went a step further and create a rule to all all
traffic on the WAN to no avail. My network is as follows:
Cable Modem -> Linksys AP -> PF.
Yes I know its a little backwards but it should still
work as I also have another ap feeding off the
Linksys for a different zone in our house with no issues.
Any idea why the PF lan does not work? Yes I did
disable the option to disable private addresses since
pf is behind another router with a private ip.
_______________________________________________
List mailing list
List@lists.pfsense.org <mailto:List@lists.pfsense.org>
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
List@lists.pfsense.org <mailto:List@lists.pfsense.org>
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
List@lists.pfsense.org <mailto:List@lists.pfsense.org>
http://lists.pfsense.org/mailman/listinfo/list
--
The greatest dangers to liberty lurk in insidious encroachment by
men of zeal, well-meaning but without understanding. -- Justice
Louis D. Brandeis
_______________________________________________
List mailing list
List@lists.pfsense.org <mailto:List@lists.pfsense.org>
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
List@lists.pfsense.org <mailto:List@lists.pfsense.org>
http://lists.pfsense.org/mailman/listinfo/list
--
The greatest dangers to liberty lurk in insidious encroachment by
men of zeal, well-meaning but without understanding. -- Justice
Louis D. Brandeis
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
