Putting my pfSense Home Lab on an Extender
-
@stephenw10 I dont think that extender has the ability to NAT, its settings are pretty basic.
One one rule on the pfSense at the moment:
5.6 is an iDrac, but with the host powered on (192.168.5.12) I cant access it either.
The rule above allows one host to access the pfSense GUI, I cant get to to allow any client from 192.168.1.0 to access it, only works with a single host/IP.
When I check the MAC of the WAN interface and the MAC that the extender is picking up, they do match.
If I go a tracert from a client on the 192.168.5.0 to the router, it hits the pfSense router, then the Asus 192.168.1.1
-
Do you have port forwards for that traffic on the pfSense WAN?
If not, and it was working before, it must be all routed. So that would mean no NAT on pfSense and a static route in the Asus router to the 192.168.5.X subnet?
Most SOHO routers have no static route capability so....The fact you are seeing traffic hitting the pfSense WAN for 192.168.5.6 implies either it is routed or that you have a port forward (or 1:1 NAT) and that may be preventing you reach the pfSense gui.
-
Sorry @stephenw10 I was away on vacation.
The Asus router did have a static route to route 192.168.5.0 network traffic to the pfSense router (192.168.1.2).
Then the pfSense router had rules to allow 192.168.1.0 network traffic though.
I have tried to disable NAT on the pfsense router, but this made no difference.
-
@the_director Maybe you could use Powerline or MoCA adapters instead of that extender?
-
@robh-0 Powerline was actually my first choice, but the bedrooms are not on the same circuit. One room is on one breaker, and another room is one a different breaker
-
@the_director Actually it is OK if they are on separate breakers, they just have to be in the same phase in the panel. In other words, they need to be on the same vertical row.
-
Ok, if you have a static route and no NAT then you need a firewall rule on the pfSense WAN to allow traffic from 192.168.1.X to 192.168.5.X. Otherwise it will just be blocked there.
Also make sure the pfSense WAN does not have 'block private networks' set since that traffic is from a private subnet
Steve
-
@robh-0 Really! Ok then I may need to give this a try!
-
Thanks @stephenw10! Haven't had much time to play around with this (some unfortunate life events have been underway), but should get some thing this week! Ill test out all your suggestions and update the thread.
-
So I got a little time tonight to play around with it, but unfortunately still getting blocked. Below are some screenshots.
Even though I (believe) I set the firewall to all anything though, its still blocking it, which makes no sense to me.
The pfSense firewall rules:
The pfSsense firewall logs:
Current NAT settings:
-
Hmm, that certainly seems like it should pass with that allow all rule on WAN.
Do you see any alerts in the GUI?
Go to Status > Filter Reload and reload the filter with the button there. Make sure it loads cleanly without any errors.
Steve
-
@stephenw10 will do when I get home from work this evening
-
@stephenw10 This is what I get from the Filter Reload:
-
Looks fine. And you are still seeing blocked traffic in the firewall log on WAN like that?
-
@stephenw10 So if I try to access 192.168.5.6 (an iDrac that sits behind the pfSense box) I get "192.168.5.6 took too long to respond." but I dont see the firewall logging anything like it did before (see below). The 5.6 address is perfectly accessable by a laptop sitting behind the pfSense box, and the laptop can access the external web just fine.
