Nas4Free behind pfsense

johnpoz

The out of the box rules on lan should allow lan to talk to any of your other networks/vlans since it defaults to any any.

Out of the box opt interfaces have not rules - so if you want create connections from opt or vlan interface networks into lan or elsewhere you would need to create rules.

You sure its not firewall on nas or dvr blocking access from other networks?  Or possible your dvr wants to use multicast or something that doesn't pass network boundaries.

Are you just having issue with resolving the nas or dvr names?  Have you modified the lan rules?  What rules do you have on your opt interfaces?  What protocols are in use when talking to your nas or dvr?

irs

Thank you for your help

irs

I am still not been able to run Nas4free behind firewall for remote access

I have static ips for firewall,  Nas4free and DVR I can access DVR remotely as well as local but still unable to access Nas4Free from remote location.

I know all of you recommend openVPN but I don't know how to setup openvpn as I tried but confused fr example I dont know how to make certificate and the name of server host or address in openvpn clients.

can anybody help me for step by step configuration.

johnpoz

you click he wizard tab and will have openvpn up and running in 30 seconds..

Does your nas4free have a gateway set pointing to pfsense?  How exactly are you trying to access this nas4free? http? ftp? Smb??  What protocol??

irs

i am using owncloud on nas4free and smb

on pfsense (options on wizard local user access/ldap or radius)

on pfsense I understand Local User Access is for user who access locally but to allow remote access outside of my network which shouid I use LDAP or Radius? am I right?

johnpoz

"local user access/ldap or radius)"

Really dude???  Do you have ldap or radius for your users to auth too?

So you want to access smb across the public internet.. Yeah good luck with that ;)

irs

no i was asking you what is local user access?
I do not want to use samba as well because i am using owncloud

johnpoz

Its a user you create on pfsense, so that this user can access your vpn, etc.

jahonix

@irs:

no i was asking you what is local user access?

Are you sure this is not over-your-head at the moment? Start small, tinker with your setup and get used to how pfSense works. Then you can configure it reasonably without shooting yourself in the foot.
Put "learn OpenVPN configuration" on your to-do list as well.

irs

I am looking a guide to do configure a DVR behind pfsense?

I tried several attempts port forward but no luck.

I am now trying to build a openVPN but i have few questions.

1.) I have static public ip where should I put that static IP? though already configured on WAN
2.) should I need to port forward even in openVPN?

how I am going to access DVR remotely?
Thanks in advance

johnpoz

1. you wouldn't put it anywhere in openvpn..
2. No

You would access your dvr via its fqdn you resolve once you have connected to your vpn or via its IP address.

irs

i successfully completed openVPN but can only access firewall nothing else.

what wrong i am doing?

still can not access nas4free from remote login.
?

johnpoz

And do you have any firewall on your nas4free device that would limit access to the local network.  And now your coming from your vpn network.

Can you ping the pfsense IP on the lan interface your nas4free is connected too?  Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel?  Did you place any firewall rules on your vpn connection..

irs

i can ping with pfsense the ip address of my nas4free but when ever i tried to ping from my remote computer it wont

irs

"Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel?  Did you place any firewall rules on your vpn connection.."

How to traceroute? I can not see any traceroute command in vpnclient
i hav no firewall rules for vpn

biggsy

@johnpoz:

And do you have any firewall on your nas4free device that would limit access to the local network.

From the NAS4Free release notes:

Login error 403
Do you have WebGUI Login error 403? Make shure the pc is in the same network! by default the System|General Setup Hosts allow field is empty so any one on the same network of LAN interface can access the WebGUI allowed. With a space delimited set of IP or CIDR notation you can add computers from outer network. As an example the outer IP address and LAN address for remote access.

irs

@johnpoz:

And do you have any firewall on your nas4free device that would limit access to the local network.  And now your coming from your vpn network.

Can you ping the pfsense IP on the lan interface your nas4free is connected too?  Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel?  Did you place any firewall rules on your vpn connection..

here is traceroute
1  * * *
2  * * *
3  * * *
4  * * *
5  * * *
6  * * *
7  * * *
8  * * *
9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *

irs

how I can figure out the error?

johnpoz

Do you get the 403 error.. Then biggsy already pointed you to the problem..

As to your traceroute.. you got something wrong there..  Do the traceroute to the IP you can ping?

Here is a normal traceroute through a vpn tunnel

C:\>tracert -d 192.168.9.100

Tracing route to 192.168.9.100 over a maximum of 30 hops

  1    93 ms    92 ms    96 ms  10.0.8.1
  2   105 ms   100 ms    97 ms  192.168.9.100

Trace complete.

I hit the end of the tunnel (pfsense) then I hit the client.

What network behind pfsense, your local network.  What is your tunnel network, what is the local network your on when your connecting into the vpn.

So for example my box I am on now is

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . : snipped.com
  IPv4 Address. . . . . . . . . . . : 10.56.153.210
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 10.56.153.1

My vpn interface
Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix  . : local.lan
  IPv4 Address. . . . . . . . . . . : 10.0.8.100
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :

Here is my route table when connected to vpn

C:\>route print | find "10.0.8.100"
         10.0.8.0    255.255.255.0         On-link        10.0.8.100    276
       10.0.8.100  255.255.255.255         On-link        10.0.8.100    276
       10.0.8.255  255.255.255.255         On-link        10.0.8.100    276
      192.168.2.0    255.255.255.0         10.0.8.1       10.0.8.100    276
      192.168.3.0    255.255.255.0         10.0.8.1       10.0.8.100    276
      192.168.9.0    255.255.255.0         10.0.8.1       10.0.8.100    276
        224.0.0.0        240.0.0.0         On-link        10.0.8.100    276
  255.255.255.255  255.255.255.255         On-link        10.0.8.100    276

I would of just given full output - but there are just a shitton of routes in the route table since at work..

irs

Microsoft Windows [Version 6.1.7601]
Copyright 2009 Microsoft Corporation.  All rights reserved.

C:>ping 192.168.0.250

Pinging 192.168.0.250 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.250:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:>ping 192.168.0.137

Pinging 192.168.0.137 with 32 bytes of data:
Reply from 192.168.0.137: bytes=32 time=41ms TTL=63
Reply from 192.168.0.137: bytes=32 time=42ms TTL=63
Reply from 192.168.0.137: bytes=32 time=43ms TTL=63
Reply from 192.168.0.137: bytes=32 time=55ms TTL=63

Ping statistics for 192.168.0.137:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 55ms, Average = 45ms

C:>tracert -d 192.168.0.1

Tracing route to 192.168.0.1 over a maximum of 30 hops

1  151 ms  204 ms  222 ms  192.168.0.1

Trace complete.

C:>tracert -d 10.0.7.254

Tracing route to 10.0.7.254 over a maximum of 30 hops

1    45 ms    70 ms    46 ms  10.0.7.1
  2    *        *        *    Request timed out.
  3    *        *        *    Request timed out.
  4    *        *        *    Request timed out.
  5    *        *        *    Request timed out.
  6    *        *        *    Request timed out.
  7    *        *        *    Request timed out.
  8    *        *        *    Request timed out.
  9    *        *    ^C

C:>tracert -d 10.0.7.1

Tracing route to 10.0.7.1 over a maximum of 30 hops

1  526 ms  632 ms  191 ms  10.0.7.1

Trace complete.

C:>tracert -d 192.168.0.1

Tracing route to 192.168.0.1 over a maximum of 30 hops

1  351 ms  700 ms  437 ms  192.168.0.1

Trace complete.

C:>tracert -d 192.168.0.250

Tracing route to 192.168.0.250 over a maximum of 30 hops

1  773 ms  736 ms  970 ms  10.0.7.1
  2    *        *        *    Request timed out.
  3    *    ^C
C:>tracert -d 192.168.0.137

Tracing route to 192.168.0.137 over a maximum of 30 hops

1  197 ms  263 ms  365 ms  10.0.7.1
  2  257 ms  203 ms  105 ms  192.168.0.137

Trace complete.