Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound NAT for chillispot network by line command

    Scheduled Pinned Locked Moved NAT
    12 Posts 2 Posters 8.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      saso
      last edited by

      I tried with your suggestion but still not work. Always I can reach the WAN interface but not the GW.

      Just to avoid mistake I'm going to describe what is my test bench:

      GW (100.100.100.1) –--- (100.100.100.11) WAN Pfsense Machine LAN (192.168.5.1 ) + TUN0_Chilli (192.168.182.1) ------Client_Chilli (192.168.182.x)
                                                                                                    |
                                                                                                    |
                                                                                                    |
                                                                                                    |
                                                                                                  Client LAN(192.168.5.5)

      By Client LAN (192.168.5.5)  I can ping WAN interface and GW too, but from Client Chilli I can ping LAN interface of Pfsense machine and WAN interface too, but I cannot reach the GW and Client LAN as well.

      In the attachment the picture about the NAT settings made after your suggestion.
      Any idea??

      Thanks

      outboundNAT.JPG
      outboundNAT.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        What's that in the alerter? That looks like you have some kind of error. Please paste the complete line of the error. You'll find it in the systemlogs as well. It's easier to copy/paste from there.

        1 Reply Last reply Reply Quote 0
        • S
          saso
          last edited by

          That is what I see in the system log

          –------------------------------------------

          Apr 5 11:59:03 check_reload_status: reloading filter
          Apr 5 11:59:04 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 11:59:04 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 11:59:09 check_reload_status: reloading filter
          Apr 5 11:59:10 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 11:59:10 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 16:00:00 check_reload_status: check_reload_status is starting
          Apr 5 16:30:01 check_reload_status: check_reload_status is starting
          Apr 5 16:35:00 check_reload_status: check_reload_status is starting
          Apr 5 17:12:57 check_reload_status: reloading filter
          Apr 5 17:13:00 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 17:13:00 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 17:13:55 check_reload_status: reloading filter
          Apr 5 17:13:56 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 17:13:56 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 17:15:53 check_reload_status: reloading filter
          Apr 5 17:15:54 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 17:15:54 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 17:35:00 check_reload_status: check_reload_status is starting
          Apr 5 20:06:07 sshd[48227]: error: PAM: authentication error for root from 192.168.5.5
          Apr 5 20:06:07 sshd[48227]: error: PAM: authentication error for root from 192.168.5.5
          Apr 5 20:06:07 sshlockout[48240]: sshlockout starting up
          Apr 5 20:06:07 sshlockout[48240]: sshlockout starting up
          Apr 5 20:06:13 sshd[48227]: Accepted keyboard-interactive/pam for root from 192.168.5.5 port 2484 ssh2
          Apr 5 20:06:50 chillispot[48268]: ChilliSpot 1.0. Copyright 2002-2005 Mondru AB. Licensed under GPL. See http://www.chillispot.org for credits.
          Apr 5 20:06:51 chillispot[48268]: chilli.c: 3083: New DHCP request from MAC=00-50-56-C0-00-01
          Apr 5 20:06:51 chillispot[48268]: chilli.c: 3083: New DHCP request from MAC=00-50-56-C0-00-01
          Apr 5 20:06:51 chillispot[48268]: chilli.c: 3053: Client MAC=00-50-56-C0-00-01 assigned IP 192.168.182.2
          Apr 5 20:06:51 chillispot[48268]: chilli.c: 3053: Client MAC=00-50-56-C0-00-01 assigned IP 192.168.182.2
          Apr 5 20:06:54 chillispot[48268]: chilli.c: 3083: New DHCP request from MAC=00-0C-29-00-37-83
          Apr 5 20:06:54 chillispot[48268]: chilli.c: 3083: New DHCP request from MAC=00-0C-29-00-37-83
          Apr 5 20:06:54 chillispot[48268]: chilli.c: 3053: Client MAC=00-0C-29-00-37-83 assigned IP 192.168.182.3
          Apr 5 20:06:54 chillispot[48268]: chilli.c: 3053: Client MAC=00-0C-29-00-37-83 assigned IP 192.168.182.3
          Apr 5 20:09:09 chillispot[48268]: chilli.c: 3327: Successful UAM login from username=sasso IP=192.168.182.3
          Apr 5 20:09:09 chillispot[48268]: chilli.c: 3327: Successful UAM login from username=sasso IP=192.168.182.3
          Apr 5 20:14:48 check_reload_status: reloading filter
          Apr 5 20:14:50 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 20:14:50 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 20:15:24 syslogd: exiting on signal 15
          Apr 5 20:15:25 syslogd: kernel boot file is /boot/kernel/kernel
          Apr 5 21:06:50 chillispot[48268]: chilli.c: 864: Rereading configuration file and doing DNS lookup
          Apr 5 22:06:50 chillispot[48268]: chilli.c: 864: Rereading configuration file and doing DNS lookup
          Apr 5 22:20:48 check_reload_status: reloading filter
          Apr 5 22:20:50 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 22:20:50 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 22:38:07 check_reload_status: reloading filter
          Apr 5 22:38:08 php: : New alert found: There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 22:38:08 php: : There were error(s) loading the rules: pfctl: DIOCSETSTATUSIF - The line in question reads [ DIOCSETSTATUSIF]:
          Apr 5 23:06:50 chillispot[48268]: chilli.c: 864: Rereading configuration file and doing DNS lookup
          Apr 6 00:06:50 chillispot[48268]: chilli.c: 864: Rereading configuration file and doing DNS lookup

          –--------------------------------------------------

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            As the webgui doesn't know anything about the tun interface created by chilispot the generated ruleset is somehow broken. This is not supported. Don't know how to help you here.

            1 Reply Last reply Reply Quote 0
            • S
              saso
              last edited by

              I supposed something like that, but can I make any opertaion manually by line command via console ?
              Is there a place (script or something else) where can I look in Pfsense?

              However, many thanx for your support

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                Everything you do at the console level will be replaced and regenerated sooner or later (bootup, changes in webgui, statuschange when using policybasedrouting/multiwan,…). Fwiw go to diagnostics>edit file and open /tmp/rules.debug. That is the autogenerated ruleset. For everything else (modifying the code that generates the rulesfile) check out our cvs at http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/ . If you come up with something it wold be nice if you could create a chilispot package  ;)

                1 Reply Last reply Reply Quote 0
                • S
                  saso
                  last edited by

                  Ok, thanks for this tip, can I ask some more info how is generated the rules.debug? 
                  What is the file which generates the rules.debug, one more: once the file is generated, what is the command to reload the new rules included in the file?
                  I'm asking that because I would like to start changing the rules.debug file manually and reload the new rules just to understand what is the right setting to include in the file and after I will try to generate it automatically  :)

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by

                    I'm not that familiar with that part of the code. You have to do your own investigation in our cvs-web.

                    1 Reply Last reply Reply Quote 0
                    • S
                      saso
                      last edited by

                      ok, I found the command to reload the rules.debug file. It should be pfctl -f /tmp/rules.debug 
                      However I solved the problem since I deleted the third interface, because before in my configuration I created a second LAN2 which never was used but until was there I got always an error when I tried to run pfctl command manually. After I deleted it pfctl worked fine without error and also the NAT.
                      Obviously needs the outbound NAT rule set like in the picute I sent before.

                      If you want I can try to create a package for chillispot, but I need some more details how to build the package under pfsense. If you can give me some indication I will be happy to try to arrange the package.  ;)

                      1 Reply Last reply Reply Quote 0
                      • H
                        hoba
                        last edited by

                        Check http://devwiki.pfsense.org/PfSenseDevHome for some developement related info. Also Try to learn from one of the other packages. You can check them out here: http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/tools/packages/

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.