Can't get PFSense Working
-
Well can you even ping pfsense lan IP of 192.168.10.18?
did the lan computers update their dhcp to reflect your change. When you do a traceroute to say a public IP of 4.2.2.2 where do you go from your lan computers, is dns working? How do you have your dc setup to do dns - is it still forwarding to your old 10.1? Are you looking up from roots?
-
Thanks for your help Johnpoz,
I sort of have it going now but something else weird is happening.
I plugged the Dlink DAP-1650 into the lan side and set it to AP mode, it has an IP of 192.168.10.20 and gateway is 192.168.10.18.
It seems to work for a min or so and then stops, need to reset it to get it working again which is really strange.
I also can't seem to get NAT port forwards working, I need to forward port 80 to my webserver for my exchange OWA.
Is there a way to use the wifi in the Billion 7800vdox instead of plugging in a separate AP? , it supports Vlan if this helpsCheers
Jamie -
It seems to work for a min or so and then stops, need to reset it to get it working again which is really strange.
Sounds like you have something else on your LAN on 192.168.10.20
-
Hi Derelict,
Thanks for your reply, I can still bring up the dlink AP GUI when entering this IP so I wouldn't have thought that's the problem but I will investigate further.Cheers
Jamie -
Maybe you have something else on 192.168.10.18. Really hard to tell from here. ;) But something working for a minute then not is indicative of a duplicate IP address somewhere.
-
Hi 192.168.10.18 is my pfsense box lan ip, I think something is maybe wrong in my server, if I tell the dlink AP to get it's IP via DHCP it get's an IP ok but sets the gateway to 192.168.10.1 which is my ip for the Billion modem/router
if I set the tplink to a static IP like 192.168.10.20 and gateway to 192.168.10.18 it doesn't seem to work either.
Do I need to configure something in pfsense when I connect a wifi ap to it?.
My DC is doing DNS & DHCP, do I need to change the gateway setting in the DC and if so where is this setting?Thanks in Advance
Jamie
-
If, by DC, you mean Domain Controller I have no idea. You're probably asking for help with that in the wrong place.
You can generally put as many DNS servers on your network as you want and they won't hurt each other. Not so with DHCP servers. You need one and only one DHCP authority on each segment.
-
Hi,
Yes I'm referring to my Domain Controller, the AP is getting an IP ok it's just setting its gateway address to 192.168.10.1 which is the old gateway not 192.168.10.18 pfsense.
Maybe it's something weird with the dlink AP point, I might try on of the airport expresses as the AP and see if that works.
Thanks for your help anyway it's appreciated.Cheers
Jamie -
I'm sure it's getting whatever the DHCP server is giving it.
-
Maybe it's something weird with the dlink AP point…
I doubt that it is a hardware problem but it's configuration may be incorrect.
…I might try on of the airport expresses as the AP and see if that works.
It's never a good idea to add other things to the equation until you have solved the basics. It will add to your confusion and solve nothing.
1. Make sure you only have one (1) DHCP server on the network.
2. Configure it correctly (yes the DHCP server hands out the gateway address, and most likely other things, to it's clients as well). If you don't know how, then learn it. Buy a book, seek help in an appropriate forum or something.
3. Go through EVERYTHING connected to your internal network and make sure it is either configured to use DHCP (with a reservation in the DHCP-server for equipment that need to be on the same ip address always) OR with a static ip address outside of the DHCP pool. Reboot everything.When you have done the above, confirm everything works. If it doesn't, start over at #1 above.
The above may seem ridiculous to you but it is very easy to make a small mistake somewhere that will come back and haunt you later. It is also good if it seems to you that I have underestimated your knowledge, as that will only make the above to be so much simpler and faster for you.
Only at this point you should start to consider to add more things to your network. Add only one thing at a time, applying the ip addressing strategy mentioned in #3 above and confirm it works as expected before adding anything else.
-
Hi P3R,
Ok I've got it working now, I hadn't changed the router IP in the DHCP Scope options to point to Pfsense.
Next problem I can't get my exchange server working
nat rules as followsWAN TCP * * WAN address 80 (HTTP) 192.168.10.2 80 (HTTP) Webserver
WAN TCP * * * 443 (HTTPS) 192.168.10.2 443 (HTTPS)
WAN TCP * * * 25 (SMTP) 192.168.10.2 25 (SMTP)open outlook and it tries to connect to the exchange server and can't.
-
Hi P3R,
Ok I've got it working now, I hadn't changed the router IP in the DHCP Scope options to point to Pfsense.
Next problem I can't get my exchange server working
nat rules as followsWAN TCP * * WAN address 80 (HTTP) 192.168.10.2 80 (HTTP) Webserver
WAN TCP * * * 443 (HTTPS) 192.168.10.2 443 (HTTPS)
WAN TCP * * * 25 (SMTP) 192.168.10.2 25 (SMTP)open outlook and it tries to connect to the exchange server and can't.
So what I stated in the first reply was your issue then.. Your welcome ;)
So is web working? Do you have the firewall off on the exchange server? Whre are you clients at that they would need to go through the firewall to talk to your exchange server - shouldn't they be on the same local network? Did you set those up on port forwards and let it create your firewall rules for you?
Post up your port forwards and your wan firewall rules. Where are these clients? Outside pfsense? Public internet - are they trying to use name resolution or IP?
Again this is so drop dead simple it just.. Did you follow the troubleshooting the port forward issue.. In the many years I have been on this forum - not once have I see an issue with port forwarding that was not layer 8.. https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
-
Hi Johnpoz,
I appreciate your help so thank you kindly.
Most things seem to be working ok.My exchange is on the same box as my DC so it is using the same IP 192.168.10.2
Some port forwards don't appear to work, like port 80 or port 25 (check in open port checker), so I though my ISP could be blocking them but if I remove the pfsense box and and unbridge my modem/router and connect normally like i have in the past DSL ppoe
it functions correctly ???
I'm using a pc inside my network to open outlook and it can't connect to exchange, checking with mxtool box also fails.
I set them up through port forwards and yes it setup firewall rules by itself.
I use phones to connect to exchange as well so they are not always on the same local network.
To me it appears like the ISP is blocking the ports as random ports i.e not 25 or 110 show up as open so port forward seems to be working fine.
if I connect to OWA (walhouse.net.au/ow) from outside network using port 443 it works ok but using port 80 fails.
Everything worked ok before in the past it's not a new internet connection, just connecting through PPOE in PFsense with modem/router bridged.
I'm confused, probably bit off more than I can handle. -
"I'm using a pc inside my network to open outlook "
What does pfsense have to do with box on the same network talking to each other? Oh yeah nothing ;) Are you trying to hit your public IP to get forwarded back in - this is nat reflection and would have to be setup if you want to use that.
I show that working for https, I get your owa page. Is it listening on http? Normally you would not want your owa on http - since its not secured. You might want to put up a redirect from http to https for people that don't hit https off the bat.
So that forward is working. As to 25, many an ISP block this both in and out of their network. They only allow their smtp servers to talk on it, this helps cut down spam, etc. Are you on a business connection and have validated. I tested it from outside and it does not work. You sure that when you use your old router its just not doing nat reflection?
What I can tell you is from the outside I can not hit 25 to your IP that fqdn resolves to, and I see your mx record pointing too. I would sniff on pfsense wan via the port forwarding troubleshooting doc and see if 25 is even making it to pfsense wan.. Pfsense can not forward what it does not see.
-
Hi Again,
My DSL connection is a business connection.
If I remove PFsense box and connect to ISP normally using my billion router exchange works again, this I can't figure out.
I have a http to HTPS redirect on my server which worked ok before setting up pfsense.
I will call my ISP but can't see how it works one way but not the other, it's the same connection ???? -
so your sure you put your router in bridge mode and pfsense gets public IP on its wan?
If so its simple enough to sniff and see if your seeing traffic to the ports you have forwarded. Under diag, packet capture - you can then open them in wireshark.,
-
Next problem I can't get my exchange server working
nat rules as followsWAN TCP * * WAN address 80 (HTTP) 192.168.10.2 80 (HTTP) Webserver
WAN TCP * * * 443 (HTTPS) 192.168.10.2 443 (HTTPS)
WAN TCP * * * 25 (SMTP) 192.168.10.2 25 (SMTP)open outlook and it tries to connect to the exchange server and can't.
This doesn't look like proper service allowance. Kinda mix-up ?
TODO:
1st you create NAT rules for all server machine/ports [Firewall: NAT: Port Forward] 3 rules
2nd you allow WAN entrance for services [ Firewall: Rules (WAN)] 3 rules -
You would not need to create the wan rules - those are created for you, unless you unchecking the default which WHY would you do that. Create your port forward, let pfsense create the correct firewall rule on the LAN.
But to those rules where is the wan interface for the dest? You have any selected? It is always much better to post an actual picture of your rules vs copy and pasting text from the gui. It take 2 seconds to take a screenshot showing such things..
see attached. This makes it easy to see the forwards are linked to the firewall rules
-
…
My Windows server (..) it's IP is 192.168.10.2 and Billion modem/router (In Bridge Mode) using 192.168.10.1I've setup PFSense LAN to use static IP 192.168.10.18
...LAN Static on 192.168.10.18/32, ??? Doesn't ring nice with me.
You want the Billion to be transpant for pfSense<>ISP.
So then, your pfSense LAN should have address 192.168.10.1/24, to be able to talk with the Windows Server (25,80,443).
Set DHCP server pool like 192.168.10.101 tru 192.168.10.200.N.B.
If Billion-MoDem is in bridge or PPPoE pass-tru (MoDem only), its IP doesn't matter when using pfSense with public IP on WAN. there is no Billion router function for use. So either you use Billion exclusive OR pfSense as the master router, not both. -
I will change pfsense onto Lan 192.168.10.1 if you think this will help.
Do I need to configure some sort of DNS forwarding.
my local domain is walhouse.local and my external domain is walhouse.net.au
my local dns server is on my windows server 2012 DC - 192.168.10.2
I have dns records setup locally for walhouse.local and walhouse.net.au both pointing to 192.168.10.2
I hope this makes some sort of sense, I would love to get this all working but at this stage I've had to remove pfsense from my network and connect to internet using my original setup otherwise I have no mail.Regards
Jamie
