Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound NAT for chillispot network by line command

    Scheduled Pinned Locked Moved NAT
    12 Posts 2 Posters 8.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hoba
      last edited by

      Firewall>NAT, outbound. Enable manual outbound nat and add the missing items there. Also make sure your firewallrules allow traffic on the incoming interface for that subnet.

      1 Reply Last reply Reply Quote 0
      • S
        saso
        last edited by

        I tried with your suggestion but still not work. Always I can reach the WAN interface but not the GW.

        Just to avoid mistake I'm going to describe what is my test bench:

        GW (100.100.100.1) –--- (100.100.100.11) WAN Pfsense Machine LAN (192.168.5.1 ) + TUN0_Chilli (192.168.182.1) ------Client_Chilli (192.168.182.x)
                                                                                                      |
                                                                                                      |
                                                                                                      |
                                                                                                      |
                                                                                                    Client LAN(192.168.5.5)

        By Client LAN (192.168.5.5)  I can ping WAN interface and GW too, but from Client Chilli I can ping LAN interface of Pfsense machine and WAN interface too, but I cannot reach the GW and Client LAN as well.

        In the attachment the picture about the NAT settings made after your suggestion.
        Any idea??

        Thanks

        outboundNAT.JPG
        outboundNAT.JPG_thumb

        1 Reply Last reply Reply Quote 0
        • H
          hoba
          last edited by

          What's that in the alerter? That looks like you have some kind of error. Please paste the complete line of the error. You'll find it in the systemlogs as well. It's easier to copy/paste from there.

          1 Reply Last reply Reply Quote 0
          • S
            saso
            last edited by

            That is what I see in the system log

            –------------------------------------------

            Apr 5 11:59:03 check_reload_status: reloading filter
            Apr 5 11:59:04 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 11:59:04 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 11:59:09 check_reload_status: reloading filter
            Apr 5 11:59:10 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 11:59:10 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 16:00:00 check_reload_status: check_reload_status is starting
            Apr 5 16:30:01 check_reload_status: check_reload_status is starting
            Apr 5 16:35:00 check_reload_status: check_reload_status is starting
            Apr 5 17:12:57 check_reload_status: reloading filter
            Apr 5 17:13:00 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 17:13:00 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 17:13:55 check_reload_status: reloading filter
            Apr 5 17:13:56 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 17:13:56 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 17:15:53 check_reload_status: reloading filter
            Apr 5 17:15:54 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 17:15:54 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 17:35:00 check_reload_status: check_reload_status is starting
            Apr 5 20:06:07 sshd[48227]: error: PAM: authentication error for root from 192.168.5.5
            Apr 5 20:06:07 sshd[48227]: error: PAM: authentication error for root from 192.168.5.5
            Apr 5 20:06:07 sshlockout[48240]: sshlockout starting up
            Apr 5 20:06:07 sshlockout[48240]: sshlockout starting up
            Apr 5 20:06:13 sshd[48227]: Accepted keyboard-interactive/pam for root from 192.168.5.5 port 2484 ssh2
            Apr 5 20:06:50 chillispot[48268]: ChilliSpot 1.0. Copyright 2002-2005 Mondru AB. Licensed under GPL. See http://www.chillispot.org for credits.
            Apr 5 20:06:51 chillispot[48268]: chilli.c: 3083: New DHCP request from MAC=00-50-56-C0-00-01
            Apr 5 20:06:51 chillispot[48268]: chilli.c: 3083: New DHCP request from MAC=00-50-56-C0-00-01
            Apr 5 20:06:51 chillispot[48268]: chilli.c: 3053: Client MAC=00-50-56-C0-00-01 assigned IP 192.168.182.2
            Apr 5 20:06:51 chillispot[48268]: chilli.c: 3053: Client MAC=00-50-56-C0-00-01 assigned IP 192.168.182.2
            Apr 5 20:06:54 chillispot[48268]: chilli.c: 3083: New DHCP request from MAC=00-0C-29-00-37-83
            Apr 5 20:06:54 chillispot[48268]: chilli.c: 3083: New DHCP request from MAC=00-0C-29-00-37-83
            Apr 5 20:06:54 chillispot[48268]: chilli.c: 3053: Client MAC=00-0C-29-00-37-83 assigned IP 192.168.182.3
            Apr 5 20:06:54 chillispot[48268]: chilli.c: 3053: Client MAC=00-0C-29-00-37-83 assigned IP 192.168.182.3
            Apr 5 20:09:09 chillispot[48268]: chilli.c: 3327: Successful UAM login from username=sasso IP=192.168.182.3
            Apr 5 20:09:09 chillispot[48268]: chilli.c: 3327: Successful UAM login from username=sasso IP=192.168.182.3
            Apr 5 20:14:48 check_reload_status: reloading filter
            Apr 5 20:14:50 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 20:14:50 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 20:15:24 syslogd: exiting on signal 15
            Apr 5 20:15:25 syslogd: kernel boot file is /boot/kernel/kernel
            Apr 5 21:06:50 chillispot[48268]: chilli.c: 864: Rereading configuration file and doing DNS lookup
            Apr 5 22:06:50 chillispot[48268]: chilli.c: 864: Rereading configuration file and doing DNS lookup
            Apr 5 22:20:48 check_reload_status: reloading filter
            Apr 5 22:20:50 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 22:20:50 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 22:38:07 check_reload_status: reloading filter
            Apr 5 22:38:08 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 22:38:08 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
            Apr 5 23:06:50 chillispot[48268]: chilli.c: 864: Rereading configuration file and doing DNS lookup
            Apr 6 00:06:50 chillispot[48268]: chilli.c: 864: Rereading configuration file and doing DNS lookup

            –--------------------------------------------------

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by

              As the webgui doesn't know anything about the tun interface created by chilispot the generated ruleset is somehow broken. This is not supported. Don't know how to help you here.

              1 Reply Last reply Reply Quote 0
              • S
                saso
                last edited by

                I supposed something like that, but can I make any opertaion manually by line command via console ?
                Is there a place (script or something else) where can I look in Pfsense?

                However, many thanx for your support

                1 Reply Last reply Reply Quote 0
                • H
                  hoba
                  last edited by

                  Everything you do at the console level will be replaced and regenerated sooner or later (bootup, changes in webgui, statuschange when using policybasedrouting/multiwan,…). Fwiw go to diagnostics>edit file and open /tmp/rules.debug. That is the autogenerated ruleset. For everything else (modifying the code that generates the rulesfile) check out our cvs at http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/ . If you come up with something it wold be nice if you could create a chilispot package  ;)

                  1 Reply Last reply Reply Quote 0
                  • S
                    saso
                    last edited by

                    Ok, thanks for this tip, can I ask some more info how is generated the rules.debug? 
                    What is the file which generates the rules.debug, one more: once the file is generated, what is the command to reload the new rules included in the file?
                    I'm asking that because I would like to start changing the rules.debug file manually and reload the new rules just to understand what is the right setting to include in the file and after I will try to generate it automatically  :)

                    1 Reply Last reply Reply Quote 0
                    • H
                      hoba
                      last edited by

                      I'm not that familiar with that part of the code. You have to do your own investigation in our cvs-web.

                      1 Reply Last reply Reply Quote 0
                      • S
                        saso
                        last edited by

                        ok, I found the command to reload the rules.debug file. It should be pfctl -f /tmp/rules.debug 
                        However I solved the problem since I deleted the third interface, because before in my configuration I created a second LAN2 which never was used but until was there I got always an error when I tried to run pfctl command manually. After I deleted it pfctl worked fine without error and also the NAT.
                        Obviously needs the outbound NAT rule set like in the picute I sent before.

                        If you want I can try to create a package for chillispot, but I need some more details how to build the package under pfsense. If you can give me some indication I will be happy to try to arrange the package.  ;)

                        1 Reply Last reply Reply Quote 0
                        • H
                          hoba
                          last edited by

                          Check http://devwiki.pfsense.org/PfSenseDevHome for some developement related info. Also Try to learn from one of the other packages. You can check them out here: http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/tools/packages/

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.