Various sites and services being blocked - how to fix?
-
@silence Done. Is it working now?
I'm okay with you having dashboard access temporarily.
I just can't give you full network access. I trust that you won't jack up my configuration too badly and lock me out or anything. :) -
@elmojo, .... here
-
@elmojo, With this I adjust this giving access specifically to those who need an iT support to help you.
You are not granting full root access to anything.
-
@silence Cool, thanks. :)
-
@elmojo, Don't worry, it's going to be certified in pfsense from here.
Can I log in now?
-
@silence absolutely. I thought you were already in there. :)
-
@elmojo, Send me a capture of all the user's configuration, something happened to us.
-
@silence Which one do you want to see?
I've edited/added permissions for your login. Maybe that will help?
-
@elmojo, yes done...! now try to use your pc normally, and when you have a problem tell me which page.
-
@silence, Please disable the DHCPv6 Server service
-
@elmojo, Change Monitor To 8.8.8.8
-
@silence Okay, done.
Why is that gateway IP and monitor IP different than my public IP?Nope, pages still not loading.
I cannot, for example, access my Verizon account page (web), or my copier GUI (LAN). -
-
@silence Done. No change. Sites still inaccessible.
Wait... it's working!!
-
-
@silence I don't understand. Is this a rule or an alias? You said Firewall> Rules> WAN, but the screen shows editing an alias. I don't have any aliases set up...
Wait, I think I see... you want me to add a new alias, right?
What does this do?
-
@elmojo, Confirm if everything really works 100%
Because I still see a problem in your logs.
if it works 100% then ignore this alias.
the ip of your gateway will always be different, the monitor ip can use the one you want I like 8.8.8.8 it is only to monitor your ping
-
@elmojo, Well, this alias is to block access to your pfsense and then allow everything as your old home router did, but if it already works well for you, I do not recommend doing this.
IT IS MUCH BETTER FOR SAFETY THE RULE YOU ALREADY HAVE IN WAN (DENY ALL TO ALL)
-
@silence Okay, cool. I will turn off that alias then.
Man, thank you so much for your help. There's no way I would have gotten this working without you, @Gertjan and @serbus. You guys have been so patient and helpful in getting this mess worked out! I can't imagine why it was such a mess. I'm sure I did something to cause it. lol
Unless you think you have some additional work or checking to do in there, I'm going to disable to the remote access for now.On another note (I can start a new thread if that's cleaner), what's the preferred method for adding a wireless AP to pfsense? I read the netgate doc, and it just says "plug it into the switch", but there's a better way... It then talks about assigning an OPT interface and bridging to the LAN, but doesn't explain that process clearly enough for me to follow. I'd like to do it right, so that my wifi is protected and all traffic runs through the pfsense, just like my LAN. I'm not concerned about speed.
-
@elmojo, This can be achieved, check a little the documentation of the captive portal (Validate if your ap) is compatible and I recommend you verify a little the configuration of your device, some have static dns this I do not recommend.
As for remote access, you just have to delete the user and the rule from the wan
it was a pleasure to help you.
