Can't get PFSense Working
-
Hi P3R,
Ok I've got it working now, I hadn't changed the router IP in the DHCP Scope options to point to Pfsense.
Next problem I can't get my exchange server working
nat rules as followsWAN TCP * * WAN address 80 (HTTP) 192.168.10.2 80 (HTTP) Webserver
WAN TCP * * * 443 (HTTPS) 192.168.10.2 443 (HTTPS)
WAN TCP * * * 25 (SMTP) 192.168.10.2 25 (SMTP)open outlook and it tries to connect to the exchange server and can't.
So what I stated in the first reply was your issue then.. Your welcome ;)
So is web working? Do you have the firewall off on the exchange server? Whre are you clients at that they would need to go through the firewall to talk to your exchange server - shouldn't they be on the same local network? Did you set those up on port forwards and let it create your firewall rules for you?
Post up your port forwards and your wan firewall rules. Where are these clients? Outside pfsense? Public internet - are they trying to use name resolution or IP?
Again this is so drop dead simple it just.. Did you follow the troubleshooting the port forward issue.. In the many years I have been on this forum - not once have I see an issue with port forwarding that was not layer 8.. https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
-
Hi Johnpoz,
I appreciate your help so thank you kindly.
Most things seem to be working ok.My exchange is on the same box as my DC so it is using the same IP 192.168.10.2
Some port forwards don't appear to work, like port 80 or port 25 (check in open port checker), so I though my ISP could be blocking them but if I remove the pfsense box and and unbridge my modem/router and connect normally like i have in the past DSL ppoe
it functions correctly ???
I'm using a pc inside my network to open outlook and it can't connect to exchange, checking with mxtool box also fails.
I set them up through port forwards and yes it setup firewall rules by itself.
I use phones to connect to exchange as well so they are not always on the same local network.
To me it appears like the ISP is blocking the ports as random ports i.e not 25 or 110 show up as open so port forward seems to be working fine.
if I connect to OWA (walhouse.net.au/ow) from outside network using port 443 it works ok but using port 80 fails.
Everything worked ok before in the past it's not a new internet connection, just connecting through PPOE in PFsense with modem/router bridged.
I'm confused, probably bit off more than I can handle. -
"I'm using a pc inside my network to open outlook "
What does pfsense have to do with box on the same network talking to each other? Oh yeah nothing ;) Are you trying to hit your public IP to get forwarded back in - this is nat reflection and would have to be setup if you want to use that.
I show that working for https, I get your owa page. Is it listening on http? Normally you would not want your owa on http - since its not secured. You might want to put up a redirect from http to https for people that don't hit https off the bat.
So that forward is working. As to 25, many an ISP block this both in and out of their network. They only allow their smtp servers to talk on it, this helps cut down spam, etc. Are you on a business connection and have validated. I tested it from outside and it does not work. You sure that when you use your old router its just not doing nat reflection?
What I can tell you is from the outside I can not hit 25 to your IP that fqdn resolves to, and I see your mx record pointing too. I would sniff on pfsense wan via the port forwarding troubleshooting doc and see if 25 is even making it to pfsense wan.. Pfsense can not forward what it does not see.
-
Hi Again,
My DSL connection is a business connection.
If I remove PFsense box and connect to ISP normally using my billion router exchange works again, this I can't figure out.
I have a http to HTPS redirect on my server which worked ok before setting up pfsense.
I will call my ISP but can't see how it works one way but not the other, it's the same connection ???? -
so your sure you put your router in bridge mode and pfsense gets public IP on its wan?
If so its simple enough to sniff and see if your seeing traffic to the ports you have forwarded. Under diag, packet capture - you can then open them in wireshark.,
-
Next problem I can't get my exchange server working
nat rules as followsWAN TCP * * WAN address 80 (HTTP) 192.168.10.2 80 (HTTP) Webserver
WAN TCP * * * 443 (HTTPS) 192.168.10.2 443 (HTTPS)
WAN TCP * * * 25 (SMTP) 192.168.10.2 25 (SMTP)open outlook and it tries to connect to the exchange server and can't.
This doesn't look like proper service allowance. Kinda mix-up ?
TODO:
1st you create NAT rules for all server machine/ports [Firewall: NAT: Port Forward] 3 rules
2nd you allow WAN entrance for services [ Firewall: Rules (WAN)] 3 rules -
You would not need to create the wan rules - those are created for you, unless you unchecking the default which WHY would you do that. Create your port forward, let pfsense create the correct firewall rule on the LAN.
But to those rules where is the wan interface for the dest? You have any selected? It is always much better to post an actual picture of your rules vs copy and pasting text from the gui. It take 2 seconds to take a screenshot showing such things..
see attached. This makes it easy to see the forwards are linked to the firewall rules
-
…
My Windows server (..) it's IP is 192.168.10.2 and Billion modem/router (In Bridge Mode) using 192.168.10.1I've setup PFSense LAN to use static IP 192.168.10.18
...LAN Static on 192.168.10.18/32, ??? Doesn't ring nice with me.
You want the Billion to be transpant for pfSense<>ISP.
So then, your pfSense LAN should have address 192.168.10.1/24, to be able to talk with the Windows Server (25,80,443).
Set DHCP server pool like 192.168.10.101 tru 192.168.10.200.N.B.
If Billion-MoDem is in bridge or PPPoE pass-tru (MoDem only), its IP doesn't matter when using pfSense with public IP on WAN. there is no Billion router function for use. So either you use Billion exclusive OR pfSense as the master router, not both. -
I will change pfsense onto Lan 192.168.10.1 if you think this will help.
Do I need to configure some sort of DNS forwarding.
my local domain is walhouse.local and my external domain is walhouse.net.au
my local dns server is on my windows server 2012 DC - 192.168.10.2
I have dns records setup locally for walhouse.local and walhouse.net.au both pointing to 192.168.10.2
I hope this makes some sort of sense, I would love to get this all working but at this stage I've had to remove pfsense from my network and connect to internet using my original setup otherwise I have no mail.Regards
Jamie -
Ok Exchange appears to be working ok but only from computers not on my LAN, I can connect to an exchange account from another office OK.
Would this be an internal dns problem?
I have dns records for walhouse.local and also walhouse.net.au , both pointing to my internal IP for my server.
Thanks in advance for any help…..... I'm getting close now :-)
-
:) Finally got it all working, turned out to be wrong settings in my servers dns.
Thanks everyone for your help
Cheers
Jamie
