How can I access in home servers with pfsense as my router
-
@dlohrke said in How can I access in home servers with pfsense as my router:
I only started seeing the issues when I moved from my built in ISP router to a PFsense one
Something everybody sees, but actually few understand :
This :
as soon as you change your router, your PC (Windows, and soory, mine is french) will show you a dialog box here you have to chose.
This is because your PC doesn't 'know' the new router, pfSense. So it asks you if the 'new' network is a public one, like the one you use when you connect to a Wifi network @ Macdonalds, or if it is actually your home network, so you should trust it, and select Private.
If you select public, your PC will not be able to connect to any device on your LAN with one exception : the gateway, which is pfSense, so it can access the Internet.
Be sure that Plex doesn't do the same thing with 'new' networks, as if it does, you can't connect to it anymore. You have to tell it also to 'trust' the local LAN network and the devices on it. -
@gertjan Okay, my plex machine had private already selected, but my main machine did not. I changed that to private still shows indirect connection though, restart may fix that, but as far as the public one for computers outside of my network is that where I would need to at a port forward in PFsense?
-
@dlohrke said in How can I access in home servers with pfsense as my router:
I would need to at a port forward in PFsense?
That's the quick and dirty solution.
A huge medical event, during 2019, 2020 and 2021 made a new connection method popular.
It was actually known for decades already, but now everybody is using it :
VPN.If your PC, Phone etc needs to connect to your 'local' resources like your pfSense, your Plex or whatever, use a VPN. It has become a 'click and play' solution.
Opening ports : not needed anymore.That is : on the WAN interface there will be one (1) pass rule :
and on every device you install the OpenVPN app.
Done.When you want to connect to home, start the VPN connection, and now you can use local resources.
Be aware : your pfSense LAN is 192.168.1.x/24
Your VPN 'LAN' will be something like this 192.168.2.x/24 so, technically,you are still an 'another' network.So classic Windows Explorer Network browsing won't show your devices, but you could assign them host names (pfSense can help you with this) so you can access :
plex.yourlocalpfsensedomain.tld instead of using an IP.
You still have to inform plex that it should accept connections from everybody - and/or you change the firewall rule that it should accept connection from 192.168.1.x/24 and 192.168.2.x/24 so you're safe.
Do this for every PC and other device, if possible. -
This post is deleted! -
Also see: https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html
Likely your ISP router was doing NAT reflection by default and pfSense does not.
Steve
-
@stephenw10 What is Nat reflection. I think I got it all working, looks like the main issue stemed from my main PC being in public mode and not private when I connected the pfSense box. That and after port forwarding Plex it seemed to fix it, my last box forwarded that port automatically.
-
If clients behind the firewall are trying to access internal resources using the external IP, as if they were outside, NAT reflection allows that.
https://docs.netgate.com/pfsense/en/latest/nat/reflection.htmlSteve
-
@stephenw10 Interesting, still a lot I need to learn on the networking side of things. Gertjan's post help a lot with getting the inital things sorted this morning, but man it was taking me some time there. Are there any things you recommend to new pfSense users, this system has so much more advanced options than I have ever seen in any standard consumer product and it's so overwhelming but very interesting.
-
Do one thing at a time and make sure that's working as expected before moving on.
-
@gertjan Your main post about private/public network looks like it may have been the main thing, then I forwarded the ports for Plex, my old box forwarded them automatically which is odd, looks like that has fixed the main issues. Thanks for the help there, I was losing my mind.
