PFNoob - A Few Issues (Router IP, Local Ports, and Separate Interface)

Viejo

@viragomann Nothing in ARP, I'm sure I misconfigured something somewhere.

On the HTPC (runs Jellyfin) I'm able to access that Qbittorrent web interface on port 8081 no problem, but on the same PC I can't connect to Jellyfin on port 8096. I can check that inter-BSS option once I figure out where my routers are.

I would expect (I may be incredibly wrong here) that I should normally be able to access the routers by going to 192.168.55.1 for my Trash router, or 10.40.40.2 for my normal LAN router. That may be incorrect but it's odd to me that I don't see them listed anywhere, something to do with them both being in bridge mode?

stephenw10

How are those old routers connected? What ports physically?

They won't have any static routing so their web interfaces would only be accessible from a client on their LAN side in the same subnet.

Steve

Viejo

@viragomann said in PFNoob - A Few Issues (Router IP, Local Ports, and Separate Interface):

@viejo said in PFNoob - A Few Issues (Router IP, Local Ports, and Separate Interface):

I don't see that IP anywhere within PFsense or on the network.

Even not in the ARP table after reconnecting the device?
If not, you might have to reset it to default settings.

For some reason after rebooting (I haven't yet reset it) the main LAN router, I'm now unable to get to the firewall page or any outside internet with the Trash router - However I'm suddenly able to access the Trash wifi configuration on 192.168.0.1

So I can't see the 10.40 network right now on Trash, but I can access the router's config page now just from power rebooting the OTHER router.

I'm sure I have something twisted around somewhere. Thank you for helping me troubleshoot this.

I'm getting this error now in PFsense. I think I should enable SSH so I can remote in and read these logs.

@stephenw10
WAN interface igb0 directly from modem
LAN interface igb1 goes into Port 1 on the GS switch
Main router is plugged into Port 2 on the GS switch
Trash router is plugged directly into igb2 on the firewall

I'm pretty sure I did try to set these routers up with static routing, so that could very well be the issue. I'll reset them to factory defaults and see if that helps clear anything up. So to confirm, should the router itself use DHCP (instead of static IP), but have it's DHCP server capabilities disabled? Thinking about it now I guess that would make sense, so the router actually gets a DHCP address from the firewall... derp.

Thank you everyone for your patience with me, I'm just trying to learn this/figure things out as I'm going.

stephenw10

Sorry I mean on the old routers what ports are connected? If you are connected boa their WAN ports you would not expect to be able to access the web interfaces.

Viejo

@stephenw10 Sorry I meant to include that info - Both routers have their inlet cables going into Port 1 on them, but not the Internet/WAN port.

So Trash router has cable going from PFsense into Port 1 on the router (not WAN). Main router has cable going from the switch into Port 1.

I reset the Trash router to factory defaults, and now I'm unable to access it again on 192.168.0.1. If I type "ip route" on one of my laptops while connected to the wifi on it, it tells me 192.168.55.1, which if I navigate to brings me to the PFsense login screen. I also still have no outbound access on this router again.

I'm getting error logs, it looks like it may be having issues applying the rule I made earlier in this thread? I'm trying to look into things and troubleshoot as I'm responding just to try and make sure I haven't made an obvious mistake.

Edit: The laptop on the TrashLAN is still getting DHCP addresses from the firewall so the issue seems to be somewhere with the router being able to get outside into open internet. Looks like that rule from earlier may not be working now based on the logs but I don't see why. I also still don't see either router themselves on the network.

The routers should have their inlet cables going into normal ports on them, and not into their WAN ports correct?...

stephenw10

Ok, that's correct.

The laptop will only be able to reach the wifi router if it's in the same subnet though. If it;s been reset to 192.168.0.1 that's no longer the case.
When you try to reach that IP from the laptop it routes that traffic via it's gateway (pfSense at 192.168.55.1) but pfSense also has no idea where 192.168.0.0/24 is so it routes it out of the WAN where obviously it fails.
However even if that request was routed correctly to router it has no idea where 192.168.55.0/24 is so it cannot reply.

There are ways to workaround that but really you should just set the router to a static IP in 192.168.55.0/24 subnet.

That v6 bogons error is because the maximum table size is too small. See:
https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#firewall-maximum-table-entries

Steve

Viejo

@stephenw10 I'm still just having a hard time figuring out how to actually access the router config so I can correct the IP on it and put it in the proper 192.168.55.0 subnet.

I thought plugging a laptop directly into the Trash router via an ethernet cable and disabling wifi on the laptop may allow me to connect directly to the router's IP, but it still defaults to 192.168.55.1, and trying to go to that page still forwards me to PFSense - What's odd is I noticed I was able to get outside to the internet again on the ethernet connection, and even after I unplugged and went back on Trash wifi, the internet continued to work - I haven't changed anything since my last comment, so I'm not sure if something just took a long time to propagate or what...

"ip route" shows 192.168.55.1 as the gateway, so somehow it knows to use that presumably from the interface configuration on PFSense.

stephenw10

Set your laptop to a static IP in the 192.168.0.0/24 subnet temporarily.

Viejo

@stephenw10 Thank you very much, I was able to reset the Trash router and manually set my laptop's IP to something within the subnet like you mentioned, and was then able to configure the router and put it on the correct 192.168.55.1 subnet within it's own menu by setting the IP there.

Since I wasn't able to access the main LAN router either, I tried to do the same thing with that one but I'm getting different results. I reset that router, and once again set my IP as static for something in the 192.168.0.0/24 subnet (I'm pretty sure this router should default to 192.168.0.1). This is the router that's plugged into the switch.

"ip address" command shows that I have 192.168.0.3, and "ip route" shows default via 192.168.0.1, but if I try to navigate to that page it does not find it.

I'm not sure right now why this one is behaving differently than the other router.

stephenw10

The most likely is that it isn't at that IP for whatever reason.

If you reset it I'd expect it to start handing out DHCP leases again in it's own subnet.

Steve

Viejo

@stephenw10 Thank you, you were exactly right. Turns out that router factory defaults to 192.168.1.1 - I really wish it had a sticker on the bottom or something that indicated that, didn't think to search it online yesterday just kept pinging the 192.168.0.0 network assuming it was somewhere there. Fixing the address for the main LAN router also resolved the port issues I was having with Jellyfin, so that's great :)

Thank you Stephen and everyone else who's offered help here as I stumble through this.

Edit: Also, I'm forgoing my plans for the trash network as far as any type of firewall bypassing. At most I may make it where the VPN isn't active on that interface, but otherwise I think I'm good on that too.

Thank you all!!