General questions
-
@gertjan said in General questions:
@deanfourie said in General questions:
So first q, where can I find all active NAT translations or Port Translations like a NAT table?Here :
@deanfourie said in General questions:
And lastly, I have pfSense connected as a OVPN client to OVPN, but when binding OVPN to a new interface under interface / assignments, I cannot reach any clients on the VPN anymore.
Explain 'reach'.
Your pfSense is an OpenVPN client, so your pfSense connects to an off site OpenVPN server.
It could be the admin of that OpenVPN server that admittedly forbids inter client communication.new interface under interface / assignments,
using what rules ?
@deanfourie said in General questions:
there is a default binding created under the firewall rules section called "OpenVPN"
The OpenVPN client doesn't create any rules. hat is created under "rules" ? What interface ? What rule ?
I dont see any translation table here. I can only see where to configure NAT here but cannot see any active mappings?
-
@deanfourie said in General questions:
Here is a shot of my setup without the interface setup
Your image is not what you said :
@deanfourie said in General questions:
I created a firewall rule to allow all TCP
Your firewall rule accepts all protocols. There is more (way more) as just "TCP".
Just TCP would be very problematic.As your rule shows, it is used :
so all incoming traffic passes by this rules, and as everything matches, it is not that rule that has an issue.
Check your DNS server - the one in the cloud.
Is it aware of your local clients ? How does it know about the local devices and Ip addresses ?
When you connect to this cloud thing, from there, can you 'ping a device on your LAN ? Resolve a device that is on your LAN(s) ?@deanfourie said in General questions:
I dont see any translation table here
Means you have no NAT rules.
-
@gertjan Yea sorry, my bad not just TCP but all traffic.
So, my problem is only when I create a interface binding that everything goes downhill. If I leave it with the default interface binding then everything is fine but I am limited as I cant see the default interface in all functions, that why I want to create a new binding.
So, now I go to interface / assignments and assign ovpnc1 to a new interface, lets say OVPNTEST save it, and enable the interface. Everything grinds to a halt. I dont really even know where to start problem solving on this one as its not firewall related I dont think.
Also, regarding NAT, I have 20 odd interface LAN clients connecting to the internet, there has to be NAT entries. Maybe I should say something more like PAT entries for the port translations.
-
@deanfourie said in General questions:
Maybe I should say something more like PAT entries for the port translations.
They are in in the state table.
You can see where my client 192.168.7.99 talking to 54.87.189.215:2350 was natted, or correctly NAPT (Network Address Port Translation).. it was changed to my public IP using different source port 27449 vs the original 59297.
When you created the new interface did you put rule on it? this opvntest
-
Yup that. There is no separate table for translation states they are created by pf as part of the state table.
When you assign or unassign an OpenVPN interface you must restart the OpenVPN service. No traffic will flow until you do.
Steve
-
@johnpoz I can't see this anywhere? Where is this table located in pfSense?
I have checked everywhere under NAT and I have no such entries. Why could this be?
That's what I'm looking for
Cheers
-
The state table is in Diag > States.
-
@stephenw10 ahhh thank you! I have found it now. That's what I'm looking for.
Will try the ovpn interface again and restart the service when I am home.
Thanks for the help guys!
-
Quick question is there anyway to add that (diag >> states) to the pfSense Dashboard?
Thanks
-
There is no states widget, no. Many systems have millions of states at any one time which would be difficult to accommodate.
-
@stephenw10 very true. Thank you anyway
