What does the allow rule on the restricted vlan and the NAT rule look like? On Dec 11, 2014 11:24 PM, "Ryan Clough" <ryan.clo...@dsic.com> wrote:
> I am hoping that one of you out there can assist me with this rather > interesting problem I am having. Let me set the stage. > > I am running the latest stable version of pfSense: > 2.1.5-RELEASE (amd64) > built on Mon Aug 25 07:44:45 EDT 2014 > FreeBSD 8.3-RELEASE-p16 > > I am running transparent Squid and Squidguard, and all IP ranges have > access to use the proxy. > > I have two WAN connections, each with a handful of public IPs. I have > created an IP alias virtual IP of one of my public IPs on WAN1, which is > used to NAT to a web server. > > We have an internal DNS server that resolves the domain name of a web > server to the local LAN IP address. So, all computers on unrestricted VLANs > access the web server without having to hit the pfSense router at all. This > works as expected and the valid certificate is served and the web page > loads. > > We have one restricted VLAN that is used for guest WiFi access and this > VLAN is assigned external DNS servers and therefore resolve the domain name > to the public IP. > > Now my problem. When connected to the guest WiFi on the restricted VLAN > and attempting to access the web server on its public IP, which is assigned > to a virtual IP on WAN1, I get served the certificate from the pfSense > router. I can tell that this is the pfSense self-signed certificate because > of the details of the certificate displayed in the warning. I also get this > behavior if I force a computer on an unrestricted VLAN, using the hosts > file, to resolve the host name of the web server to its public IP. > > What is going on here? I can provide more information if needed. Thank you > for your time. > > Ryan Clough > Information Systems > Decision Sciences International Corporation > <http://www.decisionsciencescorp.com/> > <http://www.decisionsciencescorp.com/> > > This email and its contents are confidential. If you are not the intended > recipient, please do not disclose or use the information within this email > or its attachments. If you have received this email in error, please report > the error to the sender by return email and delete this communication from > your records. > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
