Can't access devices on WAN network
-
Not sure - It would depend on the age of the person and if this is a college or lower school.
My kids problem at his school is that EVERYTHING is blocked, including sites he needs to do research.
I imagine thats quite annoying. Its misguided to over do the sheltering if you ask me.
Broken internet is no internet at all.
-
Agreed, being nannied is annoying and sometimes troublesome. But the school/college are still the authorities concerning internet access and they still have the final say, right or wrong. Whether you're a college student or just a school kid, if you overstep the mark they have every right to punish you - it's their system after all.
-
If I were in college and that was my only ISP available, and I was paying the baill (I did pay my own way), I'd blow right through it with a VPN.
-
Well, good luck with that then. (And I paid my way through university too, btw)
-
"when i was experimenting with ICS through Windows i could connect"
Was this windows machine registered with the school.. I would assume they run some sort of NAC (network access control).. When my son's were in school they ran some cisco software on their machine - if that software was not running, no network access.
So while your windows machine could be registered in the nac, pfsense most likely is not. You could try cloning the mac of a registered machine on pfsense wan - but I don't school is using such basic form of nac.. If you want play and learn about nac, I would check out http://www.packetfence.org/
To be honest I would not mess with your school policies.. If you need unfettered internet access - run a hotspot off your phone or something. As mentioned circumvention of school network policies is good way to at min loose your access.
-
To be honest I would not mess with your school policies.. If you need unfettered internet access - run a hotspot off your phone or something. As mentioned circumvention of school network policies is good way to at min loose your access.
Exactly. Just because you pay for a room to rent doesn't mean you have the right to paint the walls if you don't like the colour. ;-)
-
I have talked with our network admin (prior to starting this project) and he gave me a special exception for using routing software to get around their access restriction for research purposes. On campus, we do use a NAC and the one we use is called Bradford, the agent required is Bradford Persistent Agent, and yes, the windows computer did have it installed and was registered. However, on our network i have my pfsense box's MAC address registered directly (as is necessary for all devices that run linux) meaning that I had our network admin put me past our Bradford requirement, and so I will never lose registration.
-
Then perhaps your problem is DNS?
-
Well then it should work..
Simple enough do a query to the dns servers on the
"our dns servers are on the academic vlan,"
This is no brainer with nslookup or dig or drill or host. drill and host are on pfsense.. From a cmd line on pfsense can you query these dns servers?
-
i tried adding rules that allow all traffic from lan to wan and wan to lan, so in theory, the firewall should have been "off" yet it made no difference.
Not really.
You need to understand fully what interface rules go on and why. Start here and ask away:
https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting
Do you get public IP addresses on your WAN? You also need to disable the private address filtering on WAN if not. This also might apply to receiving return traffic from the 172.24.0.0 172.26.0.0 networks. I'm not sure if that checkbox blocks states created going out. Bottom line is if it's not unchecked and you need to talk to private addresses outside, uncheck it.
ETA: I see the 12/8 public address scheme you get on WAN.