General questions

Gertjan

@deanfourie said in General questions:

Here is a shot of my setup without the interface setup

Your image is not what you said :

@deanfourie said in General questions:

I created a firewall rule to allow all TCP

Your firewall rule accepts all protocols. There is more (way more) as just "TCP".
Just TCP would be very problematic.

As your rule shows, it is used :

so all incoming traffic passes by this rules, and as everything matches, it is not that rule that has an issue.

Check your DNS server - the one in the cloud.
Is it aware of your local clients ? How does it know about the local devices and Ip addresses ?
When you connect to this cloud thing, from there, can you 'ping a device on your LAN ? Resolve a device that is on your LAN(s) ?

@deanfourie said in General questions:

I dont see any translation table here

Means you have no NAT rules.

deanfourie

@gertjan Yea sorry, my bad not just TCP but all traffic.

So, my problem is only when I create a interface binding that everything goes downhill. If I leave it with the default interface binding then everything is fine but I am limited as I cant see the default interface in all functions, that why I want to create a new binding.

So, now I go to interface / assignments and assign ovpnc1 to a new interface, lets say OVPNTEST save it, and enable the interface. Everything grinds to a halt. I dont really even know where to start problem solving on this one as its not firewall related I dont think.

Also, regarding NAT, I have 20 odd interface LAN clients connecting to the internet, there has to be NAT entries. Maybe I should say something more like PAT entries for the port translations.

johnpoz

@deanfourie said in General questions:

Maybe I should say something more like PAT entries for the port translations.

They are in in the state table.

You can see where my client 192.168.7.99 talking to 54.87.189.215:2350 was natted, or correctly NAPT (Network Address Port Translation).. it was changed to my public IP using different source port 27449 vs the original 59297.

When you created the new interface did you put rule on it? this opvntest

stephenw10

Yup that. There is no separate table for translation states they are created by pf as part of the state table.

When you assign or unassign an OpenVPN interface you must restart the OpenVPN service. No traffic will flow until you do.

Steve

deanfourie

@johnpoz I can't see this anywhere? Where is this table located in pfSense?

I have checked everywhere under NAT and I have no such entries. Why could this be?

That's what I'm looking for

Cheers

stephenw10

The state table is in Diag > States.

deanfourie

@stephenw10 ahhh thank you! I have found it now. That's what I'm looking for.

Will try the ovpn interface again and restart the service when I am home.

Thanks for the help guys!

deanfourie

Quick question is there anyway to add that (diag >> states) to the pfSense Dashboard?

Thanks

stephenw10

There is no states widget, no. Many systems have millions of states at any one time which would be difficult to accommodate.

deanfourie

@stephenw10 very true. Thank you anyway