Pfsense newbie - mobile me mail issue - go gentle please
-
Hi, thanks for taking the time to answer.
The Netgear DSL router has DGteam firmware on it and it has been set as modem only so it is not routing.
I think it is a NAT issue as SMTP mail works, but mobileme uses IMAP.
I will try removing the Xbox rules later, but at the moment it works and I can have 3 x Xbox's working at one time with Open NAT !! Yipeee
Regards
Ian -
I believe Mobile Me requires UPNP to work.
If your DSL modem can be configured to use bridge mode (that is, just bridging ethernet packets to ATM on the DSL side), you can eliminate the firewall in the modem and probably increase your performance. You might need to run PPPoE in pfSense to authenticate to your ISP.
-
the Netgear is bridging it is not routing and the Firewall is off.
UPNP is on on PFsense and working for my Xbox's.
I think I have an issue with IMAP or IMAP/S that is being blocked, but I have opened this port and still nothing.
-
Your pfSense router has a static IP to the Netgear? Does your ISP require authentication?
-
the Netgear is bridging it is not routing and the Firewall is off.
UPNP is on on PFsense and working for my Xbox's.
I think I have an issue with IMAP or IMAP/S that is being blocked, but I have opened this port and still nothing.
Out of curiosity, if your netgear is in true Bridge mode, then it shouldn't have a public IP assigned to it?
ie. If your ISP's BGP address is 78.xx.xx.176 then the pfsense should be having that as the next hop gateway address rather than 78.xx.xx.177 which apparently, your netgear is holding for some reason or another. -
the Netgear is bridging it is not routing and the Firewall is off.
UPNP is on on PFsense and working for my Xbox's.
I think I have an issue with IMAP or IMAP/S that is being blocked, but I have opened this port and still nothing.
Out of curiosity, if your netgear is in true Bridge mode, then it shouldn't have a public IP assigned to it?
ie. If your ISP's BGP address is 78.xx.xx.176 then the pfsense should be having that as the next hop gateway address rather than 78.xx.xx.177 which apparently, your netgear is holding for some reason or another.This is where I was going as well.
-
ok lets see if I can clear this up.
My Netgear has 78.x.x.176 on it's WAN 78.x.x.177 on it's LAN Subnet address is 255.255.248.0
My PFSENSE has 78.x.x.178 on its WAN and its Gateway as 78.x.x.177
My PFSENSE LAN is 192.x.6.254 and is my LAN gateway.
My Netgear is running DGteam firmware and has been switch to modem only and does not require authentication.
with PFsense setup I have internet access from all PC's on my LAN, all my Xbox's have 1:1 NAT and are now Open NAT.
My only issue is my Macbook Pro cannot collect mail from Mobileme - mobile me uses IMAP / IMAP/s and I guess maybe my firewall or NAT is blocking.
However, I cannot see it being blocked in system.
So as most things are working it cannot be an issue with the Netgear as it has no Firewall on it anymore and will pass all traffic.
I suppose I could assign a 78.x.x.x address and plug into the Netgear and try from their.Any other suggestions
Ian -
ok lets see if I can clear this up.
My Netgear has 78.x.x.176 on it's WAN 78.x.x.177 on it's LAN Subnet address is 255.255.248.0
My PFSENSE has 78.x.x.178 on its WAN and its Gateway as 78.x.x.177
My PFSENSE LAN is 192.x.6.254 and is my LAN gateway.
My Netgear is running DGteam firmware and has been switch to modem only and does not require authentication.
with PFsense setup I have internet access from all PC's on my LAN, all my Xbox's have 1:1 NAT and are now Open NAT.
My only issue is my Macbook Pro cannot collect mail from Mobileme - mobile me uses IMAP / IMAP/s and I guess maybe my firewall or NAT is blocking.
However, I cannot see it being blocked in system.
So as most things are working it cannot be an issue with the Netgear as it has no Firewall on it anymore and will pass all traffic.
I suppose I could assign a 78.x.x.x address and plug into the Netgear and try from their.Any other suggestions
IanEvidently, your netgear isn't operating in true bridge mode. It's still a router, just that it's supposed to allow all traffic through. Try this: Set your PFsense's gateway to the ISP's gateway address and see if your traffic actually goes through the netgear without RIP being enabled on either box. ;)
A real bridge will have no WAN IP to speak of. The LAN IP on the bridge is for configuring the bridge only and is usually a private subnet address. -
guys problem sorted.
You were right I did a capture of my MAC trying to get email and the Netgear interface was doing an ICMP redirect to the ISP's gateway.
Changed my WAN gateway to that IP rather than the Netgear and mail is working fine.
To be honest I was fooled by we and everything else working.
Thanks for your help and I must say Pfsense is some special software I am well impressed.
Regards
Ian -
guys problem sorted.
You were right I did a capture of my MAC trying to get email and the Netgear interface was doing an ICMP redirect to the ISP's gateway.
Changed my WAN gateway to that IP rather than the Netgear and mail is working fine.
To be honest I was fooled by we and everything else working.
Thanks for your help and I must say Pfsense is some special software I am well impressed.
Regards
IanGlad you solved the problem.
I'd still recommend that you ditch the Netgear for a true bridge since it would end up becoming the weakest link. As a router, even one that passes all connections through, it would cripple long before the pFsense box does.
A cheap and decent modem would be the Thomson Speedtouch ST516/ 536v6 set to bridged mode via the Residential CD. -
+1 on the advice for a standalone DSL modem in bridged mode. Forgive the thread creep, but where would one purchase a Speedtouch?
Thanks in advance.
PS: I'm using a Netopia 2241N-VGx purchased from http://costcentral.com
-
+1 on the advice for a standalone DSL modem in bridged mode. Forgive the thread creep, but where would one purchase a Speedtouch?
Thanks in advance.
PS: I'm using a Netopia 2241N-VGx purchased from http://costcentral.com
Don't think they sell it in the States but almost any modem will do the job.
A D-link DSL-2320B will do the job (possibly better reliability because it doesn't run as hot as the Speedtouch modems). Available on Newegg @ http://www.newegg.com/Product/Product.aspx?Item=N82E16825112003
It is capable of acting as a gateway but has the option to be switched into a bridge.