It has 8.8.8.8 & 8.8.4.4
What do you mean by over ride? Where is that located? As for a rule for 53 I
have one I'm there to allow all. Wouldn't that cover it?
Sent from my HTC
----- Reply message -----
From: "Walter Parker" <walt...@gmail.com>
To: "pfSense support and discussion" <list@lists.pfsense.org>
Subject: [pfSense] WAN not accepting traffic
Date: Tue, Jan 14, 2014 8:04 pm
You might check the DNS settings on the PFSense router itself to make sure that
it has valid IP addresses for DNS servers. Also check on the override flags
(and maybe add a rule for 53 DNS traffic).
Walter
On Tue, Jan 14, 2014 at 4:47 PM, Brian Caouette <bri...@dlois.com> wrote:
I think we've made progress. Things in
management that didn't work are now working. Before it was not
able to do a ping or tracert and now they do. I think the issue is
dns related now because Windows 8 laptop reports a dns error. Also
the dns lookup in management doesn't give me any results. So for
whatever reason its not being passed to the lan.
On 1/14/2014 1:13 PM, Walter Parker wrote:
From the PFSense UI, select Firewall->NAT. Then
click on the Outbound tab. Then select the Manual Outbound NAT
rule generation radio button (this turns off Automatic outbound
NAT rule generation). Then delete/deactive the mapping that has
your LAN network as a source. This is what is messing up your
routing of packets from the linksys to the LAN side of the
PFSense router. The option you turned off stops spoofing attacks
on a router and turning it off is required when routing private
networks, but does do the whole job (you also need to disable
NATing to complete the job).
Walter
On Tue, Jan 14, 2014 at 10:01 AM, Brian
Caouette <bri...@dlois.com>
wrote:
The pf wan port is plugged into my Linksys ap so it
is already behind nat hence the reason I unchecked the
option under the interface tab to block reserved ips. I
see no reason to use nat again. I'm open to
recommendations as to the easiest solution. Pretty sure
I did create a rule to allow all traffic on both lan and
wan. I will confirm as soon as I have access to the
machine again. I do see sever options for nat. I think I
did uncheck the option to disable it but nothing
changed. If you can give me a step by step what to check
/ uncheck, etc... To recap my setup is:
Cable Modem (public ip with a 192.168.100.1 management
port -> Linksys AP dhcp to modem 192.168.100.1 lan ip
with all connected pc's in this range including -> PF
192.168.100.20 and pf lan of 192.168.1.1 of which is
dhcp assigns my laptop .101 when plugged in.
Brian
On 1/14/2014 12:50 PM, Walter Parker wrote:
By default, PFSense blocks WAN to LAN
traffic. If you want WAN to LAN traffic, you will
need to allow it (add rules on both the WAN and
LAN sides). But you might want to notice something
else. If PFSense is operating as a straight up
router where you don't want NATing of the LAN
packets, then you will need to disable NAT. By
default, it is auto-enabled for the LAN side. This
is what often prevents the "LAN" side from being
seen by the WAN side. If you don't want any
"firewall" style rules, just routing, you can turn
off all the firewall rules from one of the
advanced options.
You need to decide how you want to use
PFSense inside the network. I'd make sure that
there is only one NAT router on the network, use
the router that has the actual "real-world IP"
connection. Don't NAT on the other routers and
live will be much easier.
Walter
On Tue, Jan 14, 2014 at
9:40 AM, Brian Caouette <bri...@dlois.com>
wrote:
Confirmed but as I
said its the WAN blocking external traffic
from what I see.
Brian
On 1/14/2014 12:04 PM, Robert Pickett
wrote:
I would
start off by checking the firewall
section of pfSense to make sure that the
LAN has a default allow statement. It
should say something like LAN -> any
or something like that.
-Robert
On 1/14/2014 8:53 AM, Brian Caouette
wrote:
I've
downloaded Pfsense Live 2.1 and
installed it on an old machine with
two nics. The pf machine can ping
internally and externally with no
issues. I was able to jump to shell
and telnet out to a bbs I'm part of.
Now on the LAN nothing works except
the pf web management screen. I have
looked at the logs and it shows all
blocked packets for incoming on the
WAN. I went a step further and create
a rule to all all traffic on the WAN
to no avail. My network is as follows:
Cable Modem -> Linksys AP -> PF.
Yes I know its a little backwards but
it should still work as I also have
another ap feeding off the Linksys for
a different zone in our house with no
issues.
Any idea why the PF lan does not work?
Yes I did disable the option to
disable private addresses since pf is
behind another router with a private
ip.
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
--
The
greatest dangers to liberty lurk in insidious
encroachment by men of zeal, well-meaning but
without understanding. -- Justice Louis
D. Brandeis
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
--
The
greatest dangers to liberty lurk in insidious encroachment by
men of zeal, well-meaning but without understanding. --
Justice Louis D. Brandeis
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
--
The greatest dangers to liberty lurk in insidious encroachment by men of zeal,
well-meaning but without understanding. -- Justice Louis D. Brandeis
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
