Watchguard Firebox X1000 2.0.2 Booting Slow
-
What do you mean by 'LAN gateway'?
The pfSense LAN interface should not have a gateway assigned.Steve
If i go to the gatway status page it shows all my gateways, it shows a LAN gateway(online) and an WANGW gatway(offline), what did i setup incorrectly? Should it not have one even if its DHCP? I am used to routers running openwrt or dd-wrt, im trying to move up.
-
Nope. Only WAN connections should have a gateway in most conditions.
Any connection that has a gateway applied will be treated as a WAN by pfSense which can cause all sorts of problems. The only time you might want a gateway on LAN is if you have some other subnet that is only accessible via another internal router. I'm assuming you don't. ;)When you say 'it's DHCP' do you mean it is running a DHCP server handing out addresses to your internal clients? That is the normal setup. If you mean you have another dhcp server internally that is giving the pfSense LAN interface it's IP I'd have to reconsider but that would be very unusual.
Steve
-
Nope. Only WAN connections should have a gateway in most conditions.
Any connection that has a gateway applied will be treated as a WAN by pfSense which can cause all sorts of problems. The only time you might want a gateway on LAN is if you have some other subnet that is only accessible via another internal router. I'm assuming you don't. ;)When you say 'it's DHCP' do you mean it is running a DHCP server handing out addresses to your internal clients? That is the normal setup. If you mean you have another dhcp server internally that is giving the pfSense LAN interface it's IP I'd have to reconsider but that would be very unusual.
Steve
After seeing your post i though that maybe the issue so i deleted all my gateways except the one for my ISP and also the one that was already there for WAN DHCP, after rebooting with my WAN cable from my modem plugged in i still cannot access the internet from any of the LANs i have setup and also the WANGW still shows offline under status. Any ideas will be great, i am about to consider to factory default my install and then start from scratch.
-
I have a feeling we are talking about two different things with 'gateway'. :-
Please post your NIC setup for each interface and and your WAN type.
If you have only one WAN connection you should see only one gateway in Status: Gateways:Basically the more information you put up about what you are trying to end up with and what you have done the easier and quicker it will be to resolve whatever error is occurring. :)
Steve
-
I have a feeling we are talking about two different things with 'gateway'. :-
Please post your NIC setup for each interface and and your WAN type.
If you have only one WAN connection you should see only one gateway in Status: Gateways:Basically the more information you put up about what you are trying to end up with and what you have done the easier and quicker it will be to resolve whatever error is occurring. :)
Steve
Maybe that the issue, it came with the WAN settings setup for dynamic, under Status: Gateways: i have 2 Gateways, one shows offline and the other show Gathering Data, would reset to factory be a good starting point? Im guessing i messed up somewhere
-
Thanks for all the help BTW ;D
-
it came with the WAN settings setup for dynamic
So you have got hold of this box already configured?
Steve
-
it came with the WAN settings setup for dynamic
So you have got hold of this box already configured?
Steve
The CF Card i bought that had PFsense 2.0.2 on it had already been configured with the following
WAN : Dynamic
LAN : 192.168.5.100 - no DHCPI added
WAN switched to static and added a gateway
LAN2 (OPT2) : 192.168.1.1 w/DHCP
LAN3(OPT3) : 172.21.42.1 no/DHCPCreated a NAT Forwarding rule to allow me to access the webGUI on 192.168.5.100 on the 192.168.1.1 network (fwd port 443 and 22)
Created rules on the LAN2 to allow my web server, IMAP, SSH, FTP, and HTTPS/HTTP throughi think thats all i added.
-
OK.
The WebGUI listens on all interfaces so there is no need to forward anything. You just need a rule on LAN2 to allow access to 192.168.1.1 on ports 80/443. Same for SSH.What do you have upstream of your WAN? You mentioned a modem before, is it in bridge mode? Is your WAN in a private network? You have changed your WAN to static IP, I assume you have a reason for doing that, that means you need to enter the gateway and DNS servers manually. Have you done that?
pfSense will attempt to discover if the WAN is online by pinging it's gateway. Some ISPs have gateways that don't respond to pings. In that case you would have to change the address used to monitor the connection.
Steve
-
OK.
The WebGUI listens on all interfaces so there is no need to forward anything. You just need a rule on LAN2 to allow access to 192.168.1.1 on ports 80/443. Same for SSH.What do you have upstream of your WAN? You mentioned a modem before, is it in bridge mode? Is your WAN in a private network? You have changed your WAN to static IP, I assume you have a reason for doing that, that means you need to enter the gateway and DNS servers manually. Have you done that?
pfSense will attempt to discover if the WAN is online by pinging it's gateway. Some ISPs have gateways that don't respond to pings. In that case you would have to change the address used to monitor the connection.
Steve
I have a business connection at home and was given a static IP as part of the package, i did enter the settings, .213/28, i ended up getting it working last night, it was a stupid thing to get the gateway to come online, thanks for the info about the rules, since i never used this system before i thought only the first LAN would allow access to the webGUI(it did seem like a weird config) so i forwarded the ports to the LAN2, so woul dit be correct in assuming like most enterprise grade firewalls it blocks everything by default which would cause me not being able to access the gui on 192.168.1.1?
-
Yes. Everything is blocked unless you allow it.
The only exeception to that is that the LAN interface has a default rule to allow everything out. Saves on forum questions. ;) Also the anti-lockout rule to prevent you blocking GUI access on every interface.Steve
-
Since having the WAN connected it boots quicker and the webGUI itself is much more responsive which per another thread i knew would happen, but its still a nice change
