Access webui need to open 443?

SteveITS · Jul 16, 2023, 9:48 PM

@nadvig23 LAN has an allow to any rule out of the box. If that was removed then yes a rule is needed for DNS and Internet. All Interfaces have a hidden deny all rule.

nadvig23 · Jul 16, 2023, 10:09 PM

@SteveITS

I have done no change yet

nadvig23 · Jul 17, 2023, 12:32 AM

If the rules by default :
Firewall- rules - lan:
Default allow Lan to any rule

Will permit to my laptop from the Lan to go out well i can’t go out to internet
My laptop is 192.168.1.99 with gateway and dns 192.168.1.1
I have put this Mac addr and ip of this laptop in Dhcp server- static mapping….

SteveITS · Jul 17, 2023, 6:41 PM

@nadvig23 said in Access webui need to open 443?:

Webui - diagnostics- ping:

Yes !
Host 8.8.8.8
Source wan

No!
Host 8.8.8.8
Source Lan

I was working on a problem router today that I think has a bad WAN port. I reinstalled, and I had this behavior until I finished the setup wizard. I don't recall having to do that in the past.

You might reset to factory defaults and start over just to see.

nadvig23 · Jul 31, 2023, 11:02 PM

@SteveITS

hello i was in vacation....

i have bought Netgate sg-2100...it is really great! my network is working now!
just a question...can i plug the wifi router (netgear) in the LAN2 port of Netgate??
thanks

SteveITS · Jul 31, 2023, 11:29 PM

@nadvig23 you can use any port. On the 2100 the 4 LAN ports are a switch.

stephenw10 · Aug 1, 2023, 1:15 PM

Or if you want the WIFI AP on a different subnet so you can filter traffic differently you can set on the ports to be a discrete interface:
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html

Steve

nadvig23 · Aug 1, 2023, 1:15 PM

@stephenw10
good idea i prefer to have the wifi on another subnet that the local network. i will folow this documentation, thanks! i have netgear wifi router, i will see how to set up this one too (probably that i need to put this one on static ip 192.168.100.1)?

stephenw10 · Aug 1, 2023, 1:49 PM

The netgear router/ap could pull a lease from pfSense in the new subnet. I would set it to static mapping so it always gets the same IP address if you do. But, yes, setting it statically will also work.

nadvig23 · Sep 10, 2023, 5:38 PM

@stephenw10

hello i have finaly have time to configure my wifi to Netgate on OPT1.

i have follow your link. everything go well thanks!

but i have to do some firewall rules...because none of my laptop go out to Internet. here what i have configured:

can youhelp?

nadvig23 · Sep 10, 2023, 5:46 PM

i have just add the gateway...i have forgot that !

wifi OPT1 192.168.100.1 192.168.100.1

nadvig23 · Sep 10, 2023, 6:03 PM

but still not go out:

from a laptop 192.168.100.201:

cyber@cyberlaptop:~$ ping 192.168.100.1
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
From 192.168.100.201 icmp_seq=1 Destination Host Unreachable
From 192.168.100.201 icmp_seq=2 Destination Host Unreachable

stephenw10 · Sep 10, 2023, 6:44 PM

That should pass anything but you can see it has not opened any states or passed any traffic on any of those rules.

I assume the OPT1 interface is where you have the WIFI connected? And that is using the 192.168.100.1/24 interface address?

Do wifi clients pull a dhcp lease in that subnet correctly?

nadvig23 · Sep 10, 2023, 8:46 PM

@stephenw10
oh my god!!!! the probleme was :

wifi 6 netgear nighthwak ....yellow port ....was connected to the netgate lan 4 (opt1). i have unpluged it, put the cable in the lan 1 port of the netgear (not the yellow one) and it's working!!!!!!!!!!!!!

Gertjan · Sep 11, 2023, 7:04 AM

@nadvig23 said in Access webui need to open 443?:

i have unpluged it, put the cable in the lan 1 port of the netgear

The "yellow" (single) port on the AP Netgear router is a so called WAN port.
You've created a Router (Netgear) after Router ( pfSEnse) setup.
That could be just what you want, but is often totally not understood. (read = you've complicated your live)

What you probably want : using your Netgaer as a "Access Point" only, and not as a router (and not a DNS, not a firewall, not a DHCP server) == just as an AP.

The basic setup for such a device is :

Your pfSense LAN (== OPT1) uses 192.168.100.1 / 24

Set your LAN IP of you Netgate like :
192.168.100.2 /24 (= 255.255.255.0) = =a static IP setup.
Set the Netgear gateway to 192.168.100.1
Set the DNS of Netgear as 192.168.100.1

Disable the DHCP server on Netgaer !

Done.

nadvig23 · Sep 11, 2023, 6:01 PM

@Gertjan

that's what i have done sunday! i was surprised that it didn't worked, but i saw the cable was still in the yellow of port of the netgear....i put it in the right port and everything goes well!