Static IP issues
-
@Polar_Bear88 said in Static IP issues:
If Im just wanting to use my pfSense router as the DNS server, what IP address should I be using? Also what gateway address should I be using, Ive tried everything I can think of and leaving it blank
If you don't know those, it's no wonder you're struggling. Those would be whatever address is on that VLAN on pfSense. This is why you're probably better off with static mapped DHCP. DHCP will provide those addresses automagically.
-
@rcoleman-netgate That's what I thought but when it didn't work it made me wonder if I was mistaken and it should of been the address on the LAN instead of the VLAN.
Its also entirely possible that after s many hours of looking at the screen I was mistyping etc. In a few days when I have a chance to play with it again, Ill test and see what happens with the following:
Client device on VLAN Guest
Static IP 10.100.4.10
Subnet mask 255.255.255.0
DNS 10.100.4.1
Gateway 10.100.4.1 -
@Polar_Bear88 OK, good, now what are the rules on the Firewall for VLAN Guest?
-
@JKnott If I don't make things gradually harder on myself I wont learn, that's why I find some of the youtube videos less helpful than others. The ones that tell you what to do but not why you're ding it is great for getting it up and running but not for learning which helps you customize it to your own needs later on.
-
@rcoleman-netgate at the minute I just have 1 basic rule on each of my vlans to allow connections on any protocol to any destination.
I figured I was better using this until I have everything up and running so I then have a good basis to work from when I change a rule and something breaks
-
@Polar_Bear88 That is.
Now I'd ping from the guest network to the Guest Interface IP (10.100.4.1) and see if it responds. If it doesn't then start a packet capture on that interface looking for the traffic (filter to icmp only so you can limit the amount of garbage collected) and if it is coming in and not going back out it's something on your system. If it is not coming in at all then it is something on your network.
-
@rcoleman-netgate Thank you. Ill report back once Ive done all the above steps
-
Here are my guest WiFi/VLAN rules. Guests can only access the Internet and ping the interface.
-
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
If you are rejecting all RFC1918 requests then you cannot have an RFC1918 be the DNS or you have to give it a rule to pass to (this firewall) DNS traffic.
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@rcoleman-netgate said in Static IP issues:
@JKnott And Guests are always going to be on Static IPs?
No, guests are DHCP on IPv4 and SLAAC on IPv6.
What were the results of the ping?
????
As I mentioned, guests can ping the VLAN interface and nothing else on my network. Pings to the Internet are not blocked.
-
@rcoleman-netgate said in Static IP issues:
If you are rejecting all RFC1918 requests then you cannot have an RFC1918 be the DNS or you have to give it a rule to pass to (this firewall) DNS traffic.
I use DHCP to send guests to Google's DNS on IPv4, not mine. I also use RDNSS to provide Googles IPv6 DNS addresses. While guests have full access to the Internet, they can't do anything on mine, other than ping the guest interface.
-
@JKnott said in Static IP issues:
????
As I mentioned, guests can ping the VLAN interface and nothing else on my network. Pings to the Internet are not blocked.
Confused user posts.
-
Finally got a chance to play around a little more and its working as it should so all I can assume is that Im an idiot and after looking at the screen so long the other day I was misstyping and couldnt see it.
4 devices all set with their static IP's on the Home VLAN.
They can ping between each other, can ping 8.8.8.8 and can ping www.google.comNext time I get a chance to play around, I'll start trying t set up some better (more secure) firewall rules and other general security tweaks.
