LAN GUI not accessible!
-
Sorry - Wasn't trying to insult you. Sorry if I offended. But you can't completely understand this and it be so difficult.
Something very basic is missing and its nothing to do with pfsense in all likelihood.Its more likely a problem in the way the network cards on the VMs are being assigned and probably a basic understanding of network issues also.
Neither should be considered the end of the world. Took me a while to really get at all the networking of VMs. Alot still gets by me.
However, basically. The pfsense VM and the client VM should have at least 1 virtual interface on the same virtual network. Both of the VMs must be installed on the same REAL machine.
The pfsense LAN and the Client Lan should be on the same virtual network. The Wan of the pfsense card should be bridged.
At that point, pfsense should be a basic install with no special rules at all and should just work. You should see the pfsense GUI from the other VM if you are typing the correct IP.
I apologize if I offended, but you sound a little confused and better to get to the point than to tip toe around it.
You will be much closer to an answer this way.
-
Once you have you pfsense VM and your client VM (hopefully ubuntu or something basic) on a common virtual network for LAN and the other pfsense interface (WAN) bridged, you will have a correct basic setup. I can pretty much guarantee the client can see the pfsense gui set up this way.
What I can't guarantee is that whatever network you are on will grant the pfsense WAN an IP or allow its traffic. If the network is running simple DHCP, and you have done nothing at all to the basic pfsense configuration, it will simply grab an IP and work immediately and have internet access.
-
I am fully aware that it should be as simple as:
However, basically. The pfsense VM and the client VM should have at least 1 virtual interface on the same virtual network. Both of the VMs must be installed on the same REAL machine.
The pfsense LAN and the Client Lan should be on the same virtual network. The Wan of the pfsense card should be bridged.
At that point, pfsense should be a basic install with no special rules at all and should just work. You should see the pfsense GUI from the other VM if you are typing the correct IP.
But it simply is not.
I get that PFSense basic install should work when these details are true, but all of the information you stated above is already true and no its not that I am just clueless, although I wont claim to fully understand as I had never ever seen this software until about 3 weeks ago!
I have installed PFSense on a personal machine at home, as has my lecturer and both our setups work by default when the network information is bridged correctly.
However, when I attempt to do in on the University network it doesn't work so I already know its something to do with a rule that's missing or the way the network is setup.
My issue is finding where the problem is and how to fix or bypass it, if its even possible. I don't know if its something my university has put in place as a "fix" that is more of a hindrance than a fix or if its just something obvious I have missed out
Essentially I have PFSense installed in a virtualbox that is bridged to the universities physical network and then I have it linked via an internal network between the other 3 virtual boxes which have various different operating systems installed on them.
My WAN setup works and my LAN setup through the internal network is also working correctly. I can access PFSense both from the physical network and from the virtual network.
I can also ping out from my virtual network to ANY computer within the physical network, not just the host I am running the virtual boxes on but if at any point I try to ping from the physical network into my virtual network, I am not able to do so, so I already know there is a bottleneck there, the question is just where?
My NAT is set to Automatic and I have no IPv4 Upstream as you can see from the screenshots provided, however, when you look at the gateway streams for some reason its now displaying as offline, when I checked this last time I was in the lab at uni they werent displaying as either off or online, they were just displaying as being there (if that makes any sense) so I'm guessing this is part of the problem!
-
I see no errors in you screen shots. Don't change anything yet.
It could be that the gateway is broken or could be that they have banned your VM's MAC or a few other problems outside pfsense or your control.
Can you post a pic of pfsense interface > WAN page so we can see the setup? -
Here are my WAN settings
-
Do you need IPV6? Can you change IPV6 to "none" and leave IPV4 as it is?
Remember to click save when you do that, assuming yo do that.
After you do that can we see you WAN firewall rules list?
-
Wait - I do see a POTENTIAL problem on the interface > LAN. Its given a /16. Shouldn't it get a /24?
Assuming you are aiming for a simple configuration.
-
Wait - I do see a POTENTIAL problem on the interface > LAN. Its given a /16. Shouldn't it get a /24?
Assuming you are aiming for a simple configuration.
I'm thinking that /16 setting is enough to break pfsense on a WAN NETWORK of 192.168.x.x
Previously to the issue of having no internet, I was unable to access my webgui via LAN (even with the anti lock option disabled) and apparently the reason why was because WAN and LAN cant run on the same subnet, so I had to change it?
I have attached my wan and lan firewall rules
189/24 is PFSense
107/24 is the host machine on the physical networkAny 192.168.2.x is a virtual box
-
Wait - I do see a POTENTIAL problem on the interface > LAN. Its given a /16. Shouldn't it get a /24?
Assuming you are aiming for a simple configuration.
It is a definite problem - LAN 192.168.2.10/16 is a router sitting in the middle of the whole of 192.168.0.0-192.168.255.255
Then the WAN IP that you "happen" to be given by DHCP on WAN is 192.168.1.n with gateway 192.168.1.1 - that is inside LAN, so the routing will not work properly.
When connecting a private-address-space LAN to an upstream "WAN" that is actually another chunk of private address space, you do have to engineer it to make sure the 2 subnets do not overlap.Change LAN /16 to /24 and I expect it will all go.
-
A /24 includes, for example, 192.168.1.x
A /16 includes, for example, 192.168.x.xSo, unless I'm groggy headed today (It happens often) your LAN net is somewhat inclusive of your WAN net. But if you changed the /16 to a /24 it shouldn't be.
What can it hurt to change it? If you don't like what happens, change it back.
-
I'm trying to be soft and cuddly vs. my abrasive direct self… haha
-
Right so I've changed the subnet on my LAN back to /24 and changed my firewall rules from /16 to /24 and everything is working the same way as it was.
I have access to the webgui via WAN and LAN, I can ping out but not in and my gateway is still apparently offline.
Still no internet :(
Name = WAN_DHCP
Gateway = 192.168.1.1
Monitor = 192.168.1.1
RTT = 0ms
Loss = 100% -
Perhaps, but you are now closer to a working configuration. Did you turn off IPV6 for now?
And can I see your WAN firewall settings?
-
Perhaps, but you are now closer to a working configuration. Did you turn off IPV6 for now?
And can I see your WAN firewall settings?
Just incase i'm being really stupid, I've attached a picture of my network adapter IPv4 settings within my virtual machine aswell.
-
I'm sorry - I see your LAN and WAN rules. My internet is abit slow here.
WAN look OK (for now)
LAN has ALOT of rules that seem to me are totally not needed and doing about nothing.I'd get rid of them except the 1st grey one and the last 2 default rules.
The rest seem to not belong.
After that, I'd reboot pfsense.
-
I'm sorry - I see your LAN and WAN rules. My internet is abit slow here.
WAN look OK (for now)
LAN has ALOT of rules that seem to me are totally not needed and doing about nothing.I'd get rid of them except the 1st grey one and the last 2 default rules.
The rest seem to not belong.
After that, I'd reboot pfsense.
Again, same situation. Everything works apart from the internet! :(
-
Well - 1st, I would let DHCP assign the IP and DHCP for windows VM.
But if you are going to assign it manually, put the IP of the windows machine outside the pfsense LAN DHCP range.
Then give the windows DNS server IP the LAN address of pfsense.So, 192.168.2.10 for your DNS Server (Assuming you will let pfsense forward DNS, which is a smart thing to do usually)
-
Well - 1st, I would let DHCP assign the IP and DHCP for windows VM.
But if you are going to assign it manually, put the IP of the windows machine outside the pfsense LAN DHCP range.
Then give the windows DNS server IP the LAN address of pfsense.So, 192.168.2.10 for your DNS Server (Assuming you will let pfsense forward DNS, which is a smart thing to do usually)
You sir, are fantastic!
All this hassle was simply because I had not allocated my secondary DNS as 192.168.2.10!
Thank you so much for the help :D
-
I'm thinking you don't quite get what is going on yet, but you are getting closer…
NAT comes in layers in your case and so can DHCP and DNS for that matter...
So your 1st layer, as far as we know is the university network. They are then assigning an IP to pfsense WAN via DHCP and DNS via DHCP (we hope)
So pfsense then becomes your second layer of NAT and it can then assign IPs via its DHCP server and DNS to anything on its LAN...
Or you can tackle it manually. Your call.
-
Ohhh - Glad it works now…
Us forum wreckers do what we can.... (-;
Sorry if I gave you the wrong impression with my comment earlier.
Just trying to find the core of the issue.
Let me know if you have more issues.