DCS Server

kenhans

Hi there,
I'm having a heck of a time understanding how to allow traffic in for my DCS server (port 10308).
My setup is a cable modem, into the pfsense appliance (1-WAN and 1-LAN ports, with 2 more ports still free to use), then into a wifi router which was configured previously to port forward 10308 to that DCS box (Win 10) in my LAN.

I've read and re-read the documentation from pfsense, and attempted several configs but nothing lets that port come thru pfsense to my DCS box. I even saw the WAN traffic in the system log and created an 'easy rule' to allow 10308 from any to any. Nothing works!

Any kind geniuses care to point me to the right solution? I'm a lifetime IT guy, but no firewall guru and the pfsense docs read like stereo instructions to me. :(

I still have 2 extra ports on my appliance, so next I'm thinking of just plugging the DCS box into one of those spare ports instead of running that system thru my LAN wifi router.

Thanks

Ken

Gblenn

@kenhans I think you may have set up your wifi router in the wrong way. Sounds like your pfSense appliance is replacing it so you need to change it into simply acting as an AP, not a router.

Log into the wifi router UI and turn off DHCP. Change the cable over from WAN to only using the LAN ports. The cable should go pfSenseLAN(your actual router) > wifiaccesspointLAN > DCS box.

Port forward 10308 in pfSense using the DCS box IP (which it will now get from pfSense DHCP).

kenhans

@gblenn Makes perfect sense. Thanks!

Gblenn

@kenhans Did it work?

kenhans

@gblenn Hi Glenn,

I made things worse by mucking about and trying too many things at once.

I'll start from scratch doing one step at a time, but at a later date.

Thanks for your attention.

Ken

Gblenn

@kenhans said in DCS Server:

@gblenn Hi Glenn,

I made things worse by mucking about and trying too many things at once.

Ken

That happens some times...
Which is why it's good to backup the settings, in both pfsense and wifi-router.
When you set up your router to act as an AP, you need to make sure to give it an IP that does not conflict with pfsense (192.168.1.1). And you need to do that before turning of DHCP or at least before it reboots. Otherwise you have to connect to it with a PC configured with a static IP.

kenhans

@gblenn Roger that and thanks! I'm just not as smart a firewall guy as I thought I was.

Instead of going full network firewall I'm going to set up a side subnet and work on things there for a while as I teach myself how to set things up right.

Gblenn

@kenhans I'm pretty sure you have things set up as they should be in pfsense already. I mean the only thing you need is the port forward of 10308 to the DCS appliance (which needs to be on the pfsense subnet and under it's DHCP server).

If I read things correctly the issue was that you had your wifi-router set up and connected as a router still...?

You need to treat it like a switch, and give it an IP in the same range as your pfsense (within the static range preferably). Unlike a managed switch it will probably not pick up an IP handed out by pfsense.
AND you need to dumb it down and turn off the DHCP server which would otherwise be conflicting with pfsense. After that you can call it an AP basically... and all you need then is to move the cable you had coming from pfsense, from the WAN to one of the LAN ports, and you are all set to go...
Some wifi-routers allow bridging of WAN to LAN when used as an AP. This would give you 5 switch ports instead of 4...