No internet access, but webgui works
-
dude it will work just fine if you set it up correctly.
you have 2 networks, should be 192.168.1.0/24 LAN, 192.168.2.0/24 OPT
vmkern sits on your lan with 192.168.1.100/24. So all devices on LAN would be able to talk to it directly. Devices on OPT 192.168.2.0/24 would have to route through pfsense to get to the vmkern address on your lan network. So the firewall rules in OPT would have to allow that.
Again this is how you should have it setup.
pfsense
wan: public IP
lan: 192.168.1.1/24
opt: 192.168.2.1/24
dhcp running on both them them, say scopes 192.168.1.100-200, 192.168.2.100-200… This will point all dhcp clients to its interface in each network as dns and gateway.
For starters lets start with simple rules allow any any in both lan and opt.Once everything is working then you can get more restrictive with rules.
Esxi vmkern 192.168.1.100 with gateway and dns pointing to pfsense 192.168.1.1
There you go all working! You have to make sure you setup your old wifi router as Access point only. Turn off its dhcp server, give its "lan" IP 192.168.2.2/24 with gateway of 192.168.2.1 and dns if you want to 192.168.2.1 Connect it to the pfsense opt network.
You can reverse the lan and opt networks if you want.. Doesn't really matter.. But we need to be clear what is in what network and how its connected. Clients in both lan and opt should get an IP from the dhcp server running on pfsense.
Then ask pfsense for dns, ie when looking for www.pfsense.org they will ask pfsense. Pfsense will then either forward this (dnsmasq "forwarder) to your isp dns, or whatever else you setup in pfsense general settings for dns, say 8.8.8.8 Or look them up directly via the (resolver "unbound"). Pfsense defaults to using the resolver.
You really should have another switch if you want to connect more than 1 device (other than vm) to your lan network 192.168.1.0/24
-
dude it will work just fine if you set it up correctly.
you have 2 networks, should be 192.168.1.0/24 LAN, 192.168.2.0/24 OPT
vmkern sits on your lan with 192.168.1.100/24. So all devices on LAN would be able to talk to it directly. Devices on OPT 192.168.2.0/24 would have to route through pfsense to get to the vmkern address on your lan network. So the firewall rules in OPT would have to allow that.
Again this is how you should have it setup.
pfsense
wan: public IP
lan: 192.168.1.1/24
opt: 192.168.2.1/24
dhcp running on both them them, say scopes 192.168.1.100-200, 192.168.2.100-200… This will point all dhcp clients to its interface in each network as dns and gateway.
For starters lets start with simple rules allow any any in both lan and opt.Once everything is working then you can get more restrictive with rules.
Esxi vmkern 192.168.1.100 with gateway and dns pointing to pfsense 192.168.1.1
There you go all working! You have to make sure you setup your old wifi router as Access point only. Turn off its dhcp server, give its "lan" IP 192.168.2.2/24 with gateway of 192.168.2.1 and dns if you want to 192.168.2.1 Connect it to the pfsense opt network.
You can reverse the lan and opt networks if you want.. Doesn't really matter.. But we need to be clear what is in what network and how its connected. Clients in both lan and opt should get an IP from the dhcp server running on pfsense.
Then ask pfsense for dns, ie when looking for www.pfsense.org they will ask pfsense. Pfsense will then either forward this (dnsmasq "forwarder) to your isp dns, or whatever else you setup in pfsense general settings for dns, say 8.8.8.8 Or look them up directly via the (resolver "unbound"). Pfsense defaults to using the resolver.
You really should have another switch if you want to connect more than 1 device (other than vm) to your lan network 192.168.1.0/24
Alright, this too much as for me to do, seriously, maybe something start with something easier? I'm just beginner with networking and pfSense…
There is no option to disable NAT on that router, so the only way access ESXi is from my public IP, and somehow connect to it. But for now pfSense is overriding ESXi.
-
2 much?? Your setting up 2 networks… This very very very BASIC setup...
Who said anything about disabling nat on the router?? Dude your just not going to use its nat function because your going to connect it to your network via one of the LAN PORTS!! Just turn off its dhcp server, and assign its IP to something on your network your going to connect it too. If that takes you more than 30 seconds you must of taken a coffee break during the time ;)
What is confusing you??
If 2 networks is confusing to you.. Then start with just 1.. Your LAN in pfsense.. Connect your wifi router to that esxi nic that is on your lan switch, that your vmkern port group is on. But again just connect it via one of the wifi router LAN ports.. Disable the dhcp server on the wifi router and make sure its IP is on your lan segment say 192.168.1.2/24
Now all your devices be they plugged into other lan ports on your wifi router or wireless will all be on the lan network.. Getting dhcp from pfsense.
Once you get that working, then you can move to having 2 networks behind pfsense.
Anything on this lan network will be able to access your esxi vmkern via its IP 192.168.1.100
Why do you keep trying to hit the vmkern of esxi on some public IP??? It should NOT have a public IP.. The port group of vmkern is on your lan vswitch per your posted image.. The only thing that should have a public IP is the wan vnic in pfsense. That esxi physical nic would be directly connected to your modem.
-
2 much?? Your setting up 2 networks… This very very very BASIC setup...
Who said anything about disabling nat on the router?? Dude your just not going to use its nat function because your going to connect it to your network via one of the LAN PORTS!! Just turn off its dhcp server, and assign its IP to something on your network your going to connect it too. If that takes you more than 30 seconds you must of taken a coffee break during the time ;)
What is confusing you??
If 2 networks is confusing to you.. Then start with just 1.. Your LAN in pfsense.. Connect your wifi router to that esxi nic that is on your lan switch, that your vmkern port group is on. But again just connect it via one of the wifi router LAN ports.. Disable the dhcp server on the wifi router and make sure its IP is on your lan segment say 192.168.1.2/24
Now all your devices be they plugged into other lan ports on your wifi router or wireless will all be on the lan network.. Getting dhcp from pfsense.
Once you get that working, then you can move to having 2 networks behind pfsense.
Anything on this lan network will be able to access your esxi vmkern via its IP 192.168.1.100
Alright, here are the results when i plug my AP to that LAN port, somehow I can access pfsense from 192.168.2.1, but 192.168.1.1 don't work. And sadly, I cannot access ESXi 192.168.1.100.
-
ARggghhh DUDE your dhcp server is STILL enabled!!!!
And you have your WAN plugged in on the same network!!!
What part are you confused about connecting it to your network with a LAN port and turning off its dhcp!!!
Why are you trying to access pfsense on 192.168.2.1???
Does the attached help??
-
ARggghhh DUDE your dhcp server is STILL enabled!!!!
And you have your WAN plugged in on the same network!!!
What part are you confused about connecting it to your network with a LAN port and turning off its dhcp!!!
Why are you trying to access pfsense on 192.168.2.1???
Does the attached help??
Okay, small update. (This time for real)
I can access pfSense at 192.168.2.1, being connected to 192.168.1.0 subnet
-
update of what???? Dude your just showing shit not working but not showing how you fixed the BROKEN setup!!!
Show your router setting - see my 2nd attachment!!! And what is connected to what???
default gateway 192.168.1.254 is what was your wifi router lan was setup as..
Take a breath – look at my drawing! This is so freaking basic!!
-
Okay, made quite few photos…
-
And looking at first one its STILL WRONG!!!!
What is so freaking difficult to understand… UNPLUG the cable from the wifi router WAN port!!! There should BE NOTHING plugged in there - NOTHING!!! If you want to leave its lan on 192.168.1.254 that is fine..
Now a client wired to one of the other lan ports or wireless set for dhcp gets what??? Show its ipconfig /all
-
Outside world for what????
Dude your using it as a SWITCH/AP to connect to pfsense, which has your internet connection!
-
OH GOD, now i saw your scheme, that it connect's to LAN port, oh god.. So sorry I was so dumb…
Now I connect to pfSense and ESXi no problem, but we came back to DNS problem..
-
what is your client showing for dns?? Lets see ipconfig /all if your client is talking to 127.0.0.1 no then it would never work.
What are you using forwarder or resolver in pfsense?
Can pfsense look up stuff.. And I would assume so since it shows a new version.
To be honest I don't think you should be running 2.3 since your really new to this stuff… 2.3 can still be buggy.. I would suggest you use the stable 2.2.6 until you feel more comfortable with how this all works.
-
Here it is
-
And your pointing dns to your wifi router IP address 192.168.1.254… So NO dns is never going to work from that client..
And your dhcp server is still listed as your wifi router 192.168.1.254.... Did you not renew your lease?? Once you turned off the dhcp sever in your wifi router? Reboot the client so it gets dhcp from pfsense.
-
And your pointing dns to your wifi router IP address 192.168.1.254… So NO dns is never going to work from that client..
And your dhcp server is still listed as your wifi router 192.168.1.254.... Did you not renew your lease?? Once you turned off the dhcp sever in your wifi router? Reboot the client so it gets dhcp from pfsense.
Alright, nope, same issue, rebooted wifi router, my client pc.
-
so that hs not dhcp that is STATIC… Why don't you set it dhcp so you can actually verify dhcp is working off pfsense..
do you nslookup now from this client, this client can access pfsense right webgui... What are the firewall rules you have on pfsense post them!!!
edit: And if your going to run the beta, you for sure should be running the current one... But again who says that maybe the resolver is broken in your version of a BETA version of pfsense..
But lets see the firewall rules.. I recall something in the thread where you only had tcp for 53... Lets see the rules.. And do a to pfsense name.. Even if your outside dns is broken you should be able to query pfsense.yourdomain.tld
example..
C:>nslookup
Default Server: pfSense.local.lan
Address: 192.168.9.253pfsense.local.lan
Server: pfSense.local.lan
Address: 192.168.9.253Name: pfsense.local.lan
Addresses: 192.168.9.253And pfsense name should come back for your server name when you first do nslookup.
The answer you get back from the nslookup will tell us someinfo - did you time out talking to pfsense, did it fail to lookup what you were looking for, etc. etc..
www.sljdflsjfsljflslsfdj.com
Server: pfSense.local.lan
Address: 192.168.9.253*** pfSense.local.lan can't find www.sljdflsjfsljflslsfdj.com: Non-existent domain
-
so that hs not dhcp that is STATIC… Why don't you set it dhcp so you can actually verify dhcp is working off pfsense..
do you nslookup now from this client, this client can access pfsense right webgui... What are the firewall rules you have on pfsense post them!!!
edit: And if your going to run the beta, you for sure should be running the current one... But again who says that maybe the resolver is broken in your version of a BETA version of pfsense..
But lets see the firewall rules.. I recall something in the thread where you only had tcp for 53... Lets see the rules.. And do a to pfsense name.. Even if your outside dns is broken you should be able to query pfsense.yourdomain.tld
example..
C:>nslookup
Default Server: pfSense.local.lan
Address: 192.168.9.253pfsense.local.lan
Server: pfSense.local.lan
Address: 192.168.9.253Name: pfsense.local.lan
Addresses: 192.168.9.253And pfsense name should come back for your server name when you first do nslookup.
The answer you get back from the nslookup will tell us someinfo - did you time out talking to pfsense, did it fail to lookup what you were looking for, etc. etc..
www.sljdflsjfsljflslsfdj.com
Server: pfSense.local.lan
Address: 192.168.9.253*** pfSense.local.lan can't find www.sljdflsjfsljflslsfdj.com: Non-existent domain
Okay I restarted many times ESXi, pfSense, router, PC, now results are even worse. I can't even access pfSense webgui, seems like my router isn't connecting with pfSense. Only OPT1 works connected to WAN port of my AP router… Only combo that works right now.
Eth4 on photo is pfSense cable.
-
dude what part is so freaking hard to understand here… your ipconfig shows your gateway as 192.168.1.254... That is your wifi router IP so you can manage the wifi.. That is ALL that router is going to be now, its a Access Point nothing more... It allows your wifi to be connected to your wired network!!
Your rules for lan that now your calling PC only allow TCP... DNS is UDP… So NO shit its not going to work!!
Change that rule to ANY!!! And why do you have all those port forwards setup on wan when you don't have anything working???
Let me say this AGAIN!!! Let your clients be dhcp, so your SURE dhcp is working from pfsense.. and it will point to pfsense for gateway and dns... But its NOT going to ever work until you change that rule to ANY or at min tcp/udp since dns is UDP!!!
Do you have dhcp enabled on pfsense even?
-
dude what part is so freaking hard to understand here… your ipconfig shows your gateway as 192.168.1.254... That is your wifi router IP so you can manage the wifi.. That is ALL that router is going to be now, its a Access Point nothing more... It allows your wifi to be connected to your wired network!!
Your rules for lan that now your calling PC only allow TCP... DNS is UDP… So NO shit its not going to work!!
Change that rule to ANY!!! And why do you have all those port forwards setup on wan when you don't have anything working???
Let me say this AGAIN!!! Let your clients be dhcp, so your SURE dhcp is working from pfsense.. and it will point to pfsense for gateway and dns... But its NOT going to ever work until you change that rule to ANY or at min tcp/udp since dns is UDP!!!
Do you have dhcp enabled on pfsense even?
It says 192.168.1.254, cause DHCP server don't work, look at it ipconfig /renew, dhcp server problem, so it came back to default settings.
Okay so I changed that rule.
DHCP on client's don't work. But on pfSense it's enabled.
I was using tablet as wi-fi access, not working, can't even access pfSense says - Connection refused when accessing 192.168.1.1 -
Dude this is basic stuff here..
Did you change your firewall rule, because with your current rules you can not even ping 192.168.1.1, and not dns not going to work.
As to dhcp not working.. What does the log say, does it see the dhcp discover. And that was not actually a failure of getting and IP that was a failure on RENEW.. Which yeah renew of that lease could fail since you turned off the dhcp server it got it from. Pfsense has no lease of giving your mac that IP, so no it would not be able to renew it..
Reboot the dhcp client your playing with, or do a release and then renew. Then if not working look in the log of pfsense did it see a dhcp discover??
If you can not get to 192.168.1.1, then look in your arp table - if the mac of pfsernse is not there then you have a connectivity issue, etc. Or many you turned on static arp in pfsense? Have no freaking idea what other stuff you changed.. What I would suggest you do is grab 2.2.6 and deploy that vs 2.3 beta.. Its quite possible the version you have has some issues.
Can tell you for sure that installing 2.2.6 with defaults and you will be up and running in clickity clickity… If it takes more than 2 minutes I would think your drinking coffee on the job again ;)