How can I achieve this with my current setup?
-
It's a Windows 7 running VirtualBox, there are 2 physical NIC's, 1 Wireless Card.
In the VM Side, Wan is bridged to 1st NIC, LAN is bridged to 2nd NIC. For now Wireless is isolated.
I haven't had time yet to keep testing, I will report as soon as possible.
-
You did show a virtual environment in your first diagram, it just wasn't clear to me how things were connected.
It's hard to say quite what the issue here is. How does Windows see the NICs? If the host is receiving an IP from the pfSense DHCP server but still cannot access the webGUI I would suggest it is defaulting to using the wrong NIC. It would not be able to do so via the pfSense WAN unless you have enabled firewall rules to allow it. If the other NIC is not setup in Windows correctly then that would explain why it cannot get internet access.
Steve
-
Let put that asides for a moment, do you know why after changing LAN from default (192.168.1.1) to anything else (ie. 10.0.0.0), I can't access WebGUI or have internet access.
-
From where?
Did you refresh any dhcp leases?
It's sometimes necessary to restart the pfSense box to flush any references to the old address, or at least that's the easiest way.
Steve
-
I solved it, I took out TCP/IP in host (Windows) and used internet connection to connect to WebGUI.
But I got another issue, Virtual IP and Nat 1:1 is working fine in all the computers, except a Ricoh Printer (MPC2050), every computer in Lan can ping it (10.0.0.99), but none can ping its external ip (xxx.xxx.xxx.99). Even the printer itself can't ping anything outside.
-
Hmm. Is the printer using DHCP or statically assigned? Has the printer previously been shown to work in this sort of setup? Can you print to it?
Steve
-
Before this setup, I could access it from anywhere (HTTP).
Printer has 10.0.0.99 assigned, every LAN computer is able to access it and print with it.
Public IP is linked through Virtual IP with NAT 1:1 to internal IP.
-
Stephenw10 is the most patient man I've never met. Its pretty much good to go now?
-
Thanks! I try not to get hostile, it really doesn't help anybody.
If the printer has a statically assigned IP perhaps it has incorrect gateway info or DNS or subnet. I assume the printer has no command line that might give a useful output when you try to ping. Does it have any error message other than 'ping failed'?
Steve
Edit: Typo
-
The IP's are assigned by mappings of the DHCP server, here is a photo of the printer network setup.
-
That gateway and DNS server IPs make no sense.
-
Why? What should I change them to?
-
10.0.0.0 is the network address. You should obviously change them to the proper gateway/DNS IPs.
-
Ah yes I saw earlier you talked about changing the LAN interface address from 192.168.1.1 to 10.0.0.0 but I assumed you were just giving an example subnet rather than the actual address. Are you actually using 10.0.0.0 as the pfSense LAN interface address? And that's working fine with the other LAN clients? With that /24 subnet it shouldn't! See:
https://en.wikipedia.org/wiki/IPv4#Addresses_ending_in_0_or_255Use 10.0.0.1 instead and you'll be good. :)
Steve
-
Damn, the network is all set up and in production LOL
Funny thing is only the printer is not working haha
I'll have to wait till the machines are inactive to change the settings.
-
That also explains why after changing my LAN, I couldn't access WebGUI lol
-
Better to find out now when it's just the printer not remotely accessible than tearing your hair out later trying to solve some client specific issue. ;)
Interesting that pfSense allowed you to use that address.Steve
-
The printer thing and interface are easy fixes. Sounds like you have a network now.
-
I'm splitting hair now. DHCP, Gateway and DNS have automatically assigned 10.0.0.1, yet I cannot access its web interface outside LAN network.
-
Why should you be able to access it unless you are inside your LAN? Thats the way its supposed to be unless you VPN into it or open ports.
I also really don't think that 10.0.0.1 or some really simple addresses are the best way to assign your subnets. The whole point of not giving it a 192.168.1.1 is to get away from a common and likely possible conflict. Moving to another simple address like 10.10.10.10 or 10.0.0.1 doesn't help much. Some, but not much.
