Re: [pfSense Support] VLAN trunking?
Thanks everyone, it worked.For future reference, here's how: I created a new VLAN and assigned it to the Metro Ethernet interface. Then I added the VLAN as a new interface and enabled it, assigning a static IP in a different IP range from the Metro Ethernet interface. I rebooted next for the system to recognize the new VLAN interface. Then I added firewall rules to allow traffic through both the Metro interface and the VLAN interface (not sure yet if both of these are necessary), and finally added a static route to send LAN traffic destined for the remote LAN to the IP of the remote VLAN interface. It's a pretty short distance and it's a fast pipe, so I should be able to get some pretty good benchmarks of the type of traffic it's possible to push over this connection. I'm running it on Poweredge 1850 servers with 2 GB RAM, onboard Intel NICs, and Intel 1000MT dual port server PCI adapters. NateOn 11/8/06, Bill Marquette < [EMAIL PROTECTED]> wrote: On 11/8/06, Nathan Osborne <[EMAIL PROTECTED]> wrote:> Hi everyone,>> I have a pretty basic VLAN question that I haven't been able to find the > answer to: Can pfSense do VLAN trunking? More specifically: I'm > installing a Metro Ethernet connection with pfSense boxes on each end. I> need to tag all traffic sent over the Metro Ethernet connection with a> specific VLAN id in order for the ISP's switch to handle the traffic > correctly and send it on to the pfSense box on the other end. Can pfSense> do this through its VLAN configuration, or would I need a 802.1q switch in> between the pfSense and the Metro E connection on each end to specify the > VLAN info?>> Each box has Intel cards (em), running ver 1.0.1.Should be possible. The VLAN setup assumes trunk mode.--Bill- To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] VLAN trunking?
Hi everyone,I have a pretty basic VLAN question that I haven't been able to find the answer to: Can pfSense do VLAN trunking? More specifically: I'm installing a Metro Ethernet connection with pfSense boxes on each end. I need to tag all traffic sent over the Metro Ethernet connection with a specific VLAN id in order for the ISP's switch to handle the traffic correctly and send it on to the pfSense box on the other end. Can pfSense do this through its VLAN configuration, or would I need a 802.1q switch in between the pfSense and the Metro E connection on each end to specify the VLAN info? Each box has Intel cards (em), running ver 1.0.1.Thanks for any tips,Nate
Re: [pfSense Support] Dynamic Rule
PPTP has some issues with OS X 10.4 now, but OpenVPN works great on the Mac using the latest Tunnelblick client, 3.0 rc 3 (http://www.tunnelblick.net/). Nate On 9/18/06, Bill Marquette <[EMAIL PROTECTED]> wrote: On 9/18/06, Heath Henderson <[EMAIL PROTECTED]> wrote:> I have a user who sits outside of our Office network. I need to open up a> port for them to access Filemaker Through. I want to eventually get a VPN > setup, but he has a Mac and I am not certain of how well the VPN will work> with X.4 right now. I don't really have time to get this setup. I thought> I would see about opening the ports up for him. >> He is on a Dynamic DSL connection. He travels frequently. What is involved> in setting up a script which can be run every minute which will check a> dynDNS name and insert the correct IP # in to the rule I have setup for him > to access this port through the firewall?>> I have this successfully working on a linux box with a hosts.allow script> running and inserting the correct IP# so he can ssh into a server remotely. >> Thanks>> --> Heath Henderson> --You could always try OpenVPN. I know of at least one person usingpfSense using it with OSX.--Bill- To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: PPTP clients can't see bridged OPT clients
Can anyone tell me if this is possible: --> PPTP clients connect to VPN and get LAN IP, then PPTP clients connect to OPT1 clients with OPT1 bridged to LAN ?It seems pretty basic, but I can't get it to work no matter how unrestrictive I make the rules. Thanks for the help,NateOn 6/2/06, Nathan Osborne <[EMAIL PROTECTED]> wrote: Hi everyone,I am having trouble getting PPTP clients to see clients on my OPT1 network. I have BETA 4 installed with OPT1 bridged to LAN. WAN is configured with a static IP connected to a DSL modem. I'm running the PPTP server on the WAN IP. Clients are able to log in to PPTP VPN fine and can ping and connect to everything on the LAN. Local LAN and OPT clients can see each other (ping, smb shares) in both directions. But the remote PPTP clients are not able to ping or connect to smb shares on the OPT net. I've tried this with filtering bridge enabled and disabled--either way I don't see any relevant block rules in the Firewall system log. I'm not using traffic shaping. I've set the MTU on WAN, OPT and all PPTP clients to 1430. Can someone help set me straight? Should this be possible? I want PPTP clients to have full access to the LAN and the bridged OPT nets. My PPTP rules:* PPTP Clients * Lan Net * ** PPTP Clients * OPT1 Subnet * ** PPTP Clients * * * *My OPT1 rules:* OPT1 Net * Lan Net * * * OPT1 Net * PPTP Clients * * * OPT1 Net * * * *My LAN rules:* Lan Net * * * *Thanks for your help,Nate
[pfSense Support] PPTP clients can't see bridged OPT clients
Hi everyone,I am having trouble getting PPTP clients to see clients on my OPT1 network. I have BETA 4 installed with OPT1 bridged to LAN. WAN is configured with a static IP connected to a DSL modem. I'm running the PPTP server on the WAN IP. Clients are able to log in to PPTP VPN fine and can ping and connect to everything on the LAN. Local LAN and OPT clients can see each other (ping, smb shares) in both directions. But the remote PPTP clients are not able to ping or connect to smb shares on the OPT net. I've tried this with filtering bridge enabled and disabled--either way I don't see any relevant block rules in the Firewall system log. I'm not using traffic shaping. I've set the MTU on WAN, OPT and all PPTP clients to 1430. Can someone help set me straight? Should this be possible? I want PPTP clients to have full access to the LAN and the bridged OPT nets. My PPTP rules:* PPTP Clients * Lan Net * ** PPTP Clients * OPT1 Subnet * ** PPTP Clients * * * *My OPT1 rules:* OPT1 Net * Lan Net * * * OPT1 Net * PPTP Clients * * * OPT1 Net * * * *My LAN rules:* Lan Net * * * *Thanks for your help,Nate
[pfSense Support] NAT port forwarding ICMP
Hello everyone, I'm trying to allow inbound ping through the WAN interface to a NAT'd server for testing purposes. I see that there is no option to choose ICMP protocol when setting up port forwarding NAT. To allow ICMP to a NAT'd server, must I use 1:1 NAT? Thanks!
[pfSense Support] PPTP Remote Desktop issue
Hi everyone, I'm having trouble running Remote Desktop over PPTP, using the built-in PPTP server. I can establish a PPTP connection from an outside client machine to pfSense with no problems, and can access computers on the remote pfSense LAN (ping, file shares, port 80, etc). However, when I try to connect via Windows Remote Desktop, I get the following strange behavior: The first Remote Desktop connection I open up starts to connect and shows the outline of the login screen window, but the login screen never comes up, it just times out. But if I open a second Remote Desktop connection at the same time, connecting to the same or a different server, it connects immediately--the login screen comes up right away, and I can log in and use it without issue. If I close both remote desktop sessions and start over, the same thing happens -- the first session starts to open, but times out before it gets to the login screen, and the 2nd session works immediately. I'm running beta 1 at two different sites. Both sites show the same behavior. Both are running the built-in PPTP server, authenticating against Windows IAS radius servers. I have an IPSec tunnel between the two sites that is working fine. I don't see anything being blocked on TCP 3389 in the firewall logs. Am I missing something? Is this some sort of NAT strangeness? My PPTP rules say: pass TCP PPTP clients * * *. I also tried allowing UDP 137 and 138 in the PPTP rules, but it doesn't seem to make a difference. The client I am connecting from is on a separate private subnet behind a m0n0wall firewall, with the standard allow all outbound traffic rule. Thanks for any assistance!
