Can't port forward
-
If your wan is My wan is 192.168.159.122
Then your behind a NAT an your forwards are never going to work, unless you forward them on box doing nat in front of pfsense!
Why would you forward the port I used as an example?? is that the port you setup in utorrent??
So you bridged the interfaces in pfsense? What rules did you create for the lan to the bridge? Can you post up your rules for your lan and for your bridge.
What IPs are you wireless clients getting, and what are you wired machines getting? Can you give an example of each? ipconfig /all from each would be perfect.
Where is that black thing you gave a picture of? That is a POE injector ;) So the yellow gives power to whatever is on your roof, and the blue is just continuing the connection.. But if your pfsense has a PRIVATE IP on its wan, your not going to be able to do anything on pfsense to get forwards to work… Unless your ISP has put your pfsense wan IP into dmz, etc. I would contact your isp about port forwarding with a router connected to your blue wire.
-
I setup the port that you gave me on utorrent and i forwarded it. Now it's closed but to open it i must email my isp provider.
I made rules only on wifi interface: http://imageshack.us/photo/my-images/266/wifirules.png/
and i made in system turnables that: http://imageshack.us/photo/my-images/855/systemturnables.png/Wired machines are only one, my pc (192.168.1.100) Wireless machines are 192.168.2.x (my phone is 192.168.2.2)
This is my ipconfig: http://imageshack.us/photo/my-images/20/ipconfigmypc.png/
And this is from an wireless machine: http://imageshack.us/photo/my-images/832/ipconfigwirelesspc.png/The strange thing that i didn't understand why before i was able to play haxball fine and now i can't, my isp is the same.
P.S im using pfsense 2.1 because 2.0.2 didn't recognize my wireless card.
-
"Wired machines are only one, my pc (192.168.1.100) Wireless machines are 192.168.2.x (my phone is 192.168.2.2)"
Your on different SEGMENT there - bridging that is not going to allow them to talk to each other ;) If you want to talk to each other via bridging - then put them on the same address space. If you want to be able to talk to them on different segments that works too, pfsense will just route the traffic.
Well before you prob able to use UPnP to have your device on the roof open up the port, or if the nat is done upstream that devices. But you put a NAT device (pfsense) behind a NAT..
So you end up with this
public IP (1st nat) 192.168.159.x –- 192.168.159.122 (2nd nat device pfsense) 192.168.1.1 --- 192.168.1.100 (PC)
So something on the internet wants to send you unsolicited traffic to your public IP -- that 1st devices says I have no idea what to do with this traffic, its not in answer to anything I sent out from my 192.168.159.x network - DROP IT!!
So pfsense NEVER sees this traffic on your utorrent port to be able to forward that traffic to your 192.168.1.100 Pc running utorrent.
So never WORKS!
Contact your ISP and ask them to put your device into bridge mode, or set it up so that UNSOLICITED traffic an get to your router you connected IP. Then you can control the forwards you want on pfsense.
If not you would have to run pfsense as a bridging firewall if you still want to use it.
But as your wireless - why do you think you need to bridge the interfaces? Why can your wireless not be on a different segment? If you want them to be on the same network segment, then put them on the same network if your going to bridge traffic between the interfaces. you did not do a /all on that command so I can not tell if you set them up static or if they are dhcp from pfsense?
-
OK thank you very much, i understood that i need to contact my isp and ask them to put my device in bridge mode or to put my wan in a dmz.
Wireless, i bridged to lan just to make it work, before i bridged to lan i had limited connectivity and internet didn't work. Im not sure what made it work, bridging or making rules on firewall. I also have enabled dhcp server on both wifi and lan interface, but i had no idea that is a good or a bad thing. What should i do to see all pcs connected both in lan and wifi interface? -
What should i do to see all pcs connected both in lan and wifi interface?
-
What do you mean SEE?? Are you wanting them to be all on the same network, or different networks?
So you can either have lan/wired network say 192.168.1.0/24 and wireless segment 192.168.2.0/24 and route traffic between them via pfsense.
If you have a different interface in pfsense that your wireless AP is connected to I would use the routing method and just create firewall rules to allow the traffic you want. So wired would be 192.168.1 and wireless would be 192.168.2
If your going bridge then both wired and wireless need to be on the same network IP space if you want to "see" them - ie be able to connect to them. All devices need to be on 192.168.1.0/24 for example.
Why do you not just put your AP on the 192.168.1.0/24 network – do you not have a switch on this network you can connect the AP too?
-
I have a wifi card in pfsense box! Now i disabled bridge lan and wifi and wifi still work. I bridged them just to make wifi interface work, but the solution was putting rules and not bridging them. I want to be able to connect to wireless devices, but im wired connected to pfsense. I can't put wifi interface in the same subnet of lan (192.168.1.1) because there is an error saying that address is used by another interface.
-
I had forgotten your using a wifi card.. But sounds like you got i fixed.
So your wifi card in pfsense is 192.168.2.1 and your wired nic is 192.168.2.1 – yup that is how you normally would do it. Then just create your rules between your segments that you want to allow.
-
Nono, my wired nic is 192.168.1.1
-
My bad - typo ;) Yeah I meant 192.168.1.1 for the wired
-
ok, and now what rules i should make? Can you give me what i should put in rules please? thank you a lot man ;)
-
Well if you want full access then just any any, if not limit to what you want.. I would assume if wanted to bridge that you just want full access. I would think the default allow rules should give you full access.
-
Im a little confused, i want full access, i must bridge the interfaces or leave them unbridged?
-
Unbridged - what are you confused about?
You have 2 segments - forget that the 2nd network is wireless.. Why do you think you need to bridge?
You have 2 networks, what are lrules on these 2 interfaces? Guess I could fire up a picture if need be..
-
Now in windows in can see FreeBSD router, but not wireless devices.
Here's my rules in Lan: http://imageshack.us/photo/my-images/195/lanxt.png/
And Wifi: http://imageshack.us/photo/my-images/819/wifitl.png/Tell me what is wrong :)
-
What do you mean SEE – like in UPnP see, thats what pfsense shows up as if you enable UPnP (freebsd router)
You have this
pfsense
lan 192.168.1.1/24
wifi 192.168.2.1/24clients
lan 192.168.1.14 lets say with /24 mask, gateway is pfsense 192.168.1.1
wifi 192.168.2.52 lets say with /24 mask, gateway is pfsense 192.168.2.1Can you not ping from client 192.168.2.52 to 192.168.1.14??
When you say SEE do you mean do you see UPnP/DLNA server on the other network, or do you mean like showing up in some windows browse list? Explain your use of the term "SEE" -- in such setup has I have explained clients in both networks can "see" each other just fine via tcp/udp protocols that are routable across segments. If your wanting something that has to be in the same broadcast domain to work, then no that will not work with 2 different network segments, ie 2 different broadcast domains.
If you want all your devices to be in the same broadcast domain, ie all in 192.168.1.0/24 then your going to have to create a bridge and use the same network.
You can not create a bridge and use 192.168.1.0/24 on one side and 192.168.2.0/24 on other clients and expect them to talk to each other.
-
I mean showing it from windows browse, and have the ability to see public folder of any wifi connected pc and share files with them.
Just there: http://imageshack.us/photo/my-images/94/networkhf.png/ (sorry it is italian) -
You sure and the hell do not need browse list to access shares.
From your box on the wired 192.168.1.0/24 network access \192.168.2.x address of the box doing the sharing, or the other way as well from your wifi access \192.168.1.x the IP address of the box in your lan segment
That stupid windows browse list does not work across network segments without the use of a wins server. But its completely utterly a waste of time effort traffic on your network.. What you don't know the name of your computer you want to access via dns name, or its IP?
If you want to be able to broadcast for netbios names or have all your boxes show up in the same windows browse list then your going to have to put them all in the same broadcast domain, ie same segment 192.168.1.0/24
-
Ok, how can i put wifi interface and lan in the same segment? if i bridge wifi and lan in cannot put wifi interface on 192.168.1.1 because is already occupied by lan one.
I know all pcs names and pc but the windows browse list its ,for me, a simply way sharing files to pcs.
-
So create a shortcut on your desktop for \nameofserver.domain.tld or \ipaddress - can't get any simpler than that. Or just map a drive letter so shares on your computer look like the letter g:\ on your computer ;)
Bridge your interfaces and then give the bridge your IP of 192.168.1.1, the individual interfaces don't to have IPs in that sort of setup.
Or give them different IPs in the same segment, say 192.168.1.1 and 192.168.1.2 and create a bridge interface of 192.168.1.3
I personally would not use bridging and just map your shares to a drive letter of folder - much easier access that way ;) And you could even turn off the browse feature all together because its just sending unwanted traffic/noise on your network ;)