Various sites and services being blocked - how to fix?
-
@elmojo, Change Monitor To 8.8.8.8
-
@silence Okay, done.
Why is that gateway IP and monitor IP different than my public IP?Nope, pages still not loading.
I cannot, for example, access my Verizon account page (web), or my copier GUI (LAN). -
-
@silence Done. No change. Sites still inaccessible.
Wait... it's working!!
-
-
@silence I don't understand. Is this a rule or an alias? You said Firewall> Rules> WAN, but the screen shows editing an alias. I don't have any aliases set up...
Wait, I think I see... you want me to add a new alias, right?
What does this do?
-
@elmojo, Confirm if everything really works 100%
Because I still see a problem in your logs.
if it works 100% then ignore this alias.
the ip of your gateway will always be different, the monitor ip can use the one you want I like 8.8.8.8 it is only to monitor your ping
-
@elmojo, Well, this alias is to block access to your pfsense and then allow everything as your old home router did, but if it already works well for you, I do not recommend doing this.
IT IS MUCH BETTER FOR SAFETY THE RULE YOU ALREADY HAVE IN WAN (DENY ALL TO ALL)
-
@silence Okay, cool. I will turn off that alias then.
Man, thank you so much for your help. There's no way I would have gotten this working without you, @Gertjan and @serbus. You guys have been so patient and helpful in getting this mess worked out! I can't imagine why it was such a mess. I'm sure I did something to cause it. lol
Unless you think you have some additional work or checking to do in there, I'm going to disable to the remote access for now.On another note (I can start a new thread if that's cleaner), what's the preferred method for adding a wireless AP to pfsense? I read the netgate doc, and it just says "plug it into the switch", but there's a better way... It then talks about assigning an OPT interface and bridging to the LAN, but doesn't explain that process clearly enough for me to follow. I'd like to do it right, so that my wifi is protected and all traffic runs through the pfsense, just like my LAN. I'm not concerned about speed.
-
@elmojo, This can be achieved, check a little the documentation of the captive portal (Validate if your ap) is compatible and I recommend you verify a little the configuration of your device, some have static dns this I do not recommend.
As for remote access, you just have to delete the user and the rule from the wan
it was a pleasure to help you.
-
@silence
Is captive portal required to do the OPT/Bridge as described in the doc?
It doesn't say anything about that, and I don't need any increased security at this point, or per-user login or tacking. I just want all the wifi traffic to run through the firewall rules like the LAN traffic does. Maybe it does this by default if the AP is plugged into the switch, but the doc makes it sound like it does not. -
@elmojo, well if you only want internet, via pfsense then just connect the ap to your lan.
-
@silence Will any clients connected to the wifi have access to the local LAN by default? It's fine if they do. I can lock them out later with a guest network or whatever. I just want to get it up and running for now. Those who connect will be trusted personnel anyway. We are an isolated location, so no one else is around to snoop the wifi. lol
I'm more concerned with protecting the connected wifi devices via the firewall rules. -
@elmojo, IF YOU HAVE A SWITCH You can create vlan in pfsense and manage everything in your switch
-
@silence I do indeed. :) I'll have to look into all that later.
For the moment, I'm just wanting to know this: If I plug an AP into the switch, with no other configuration, will the wifi traffic be protected by all the same Pass/Block rules from the pfsense as the LAN? -
@elmojo, yes
-
@silence Excellent.
Well thanks again for all your help!
Hopefully I'll be able to sort out my own messes for a while, but I know where to ask if things get to be too much for me to handle. ;) -
@elmojo, Excellent.
Brother, I have a cybersecurity company if you are interested you can always contact me via email WelinsonQuezada@Gmail.com
If you know of someone interested in some VPN or advanced configuration on networks (hardware or software does not matter) you can contact me.
-
@silence Thanks for that. I have a client who might need your services.
I will pass along the info.
-
@elmojo, Thank you and have a merry Christmas and New Year.
