Vm-network conecting to home network

lars314

do i need to fil in upstreamgateway for my WAN en LAN 192.168.0.1 & 10.0.0.1 ??

curtisgrice

If I understand your question, yes. The pfSense WAN upstream gateway will be the TP-Link LAN address (192.168.0.1).

I hope your project is moving along well and let me know if you need anymore help.

lars314

how about the ustream for my LAN 10.0.0.1 do i need that one 2 ?

lars314

oke did is what i did:

Wan: 192.168.0.3/24 -
upstream: 192.168.0.1

Lan: 10.0.0.1/24
Upstream: 10.0.0.1
DHCP: 10.0.0.100 t/m 10.0.0.254

when i try on my server go to internet i get the message DNS not be found.
but got no yellow mark on my network icon.. :) so that is a good thing..

can tell we close to internet :P

Edit: if i give my server fix ip with DNS 8.8.8.8 and 8.8.4.4 internet is working
but i can ping 192.168.0.1 but i cant ping 192.168.0.100 (my workstation)

if i use: Diagnostics /ping and ping 192.168.0.100 it works <– need firewall rule ?

curtisgrice

Looks good, just remove the Upstream: 10.0.0.1.

In your DHCP for the 10.0.0.0/24 network, you should have the default gateway listed as 10.0.0.1 also make sure you have DNS servers listed in there.

As for pinging, check your firewall logs. That will tell you if thats why its getting blocked. If it is showing as blocked, make sure you have your allow rules on both pfSense LAN AND WAN. If it gets out it still needs to get back in ;)

When using the pfSense Diag. Ping tool, its important to select the from IP as the auto setting will choose the IP closest to the destination i.e. if your pinging 192.168.0.1 it will use 192.168.0.3 and not 10.0.0.1. This will cause it to bypass any firewall rules on the LAN (10.0.0.1) interface.

lars314

oke status update:

removed the upstream on LAN and added DNS 8.8.8.8 & 8.8.4.4 and default gateway 10.0.0.1 under services/ DHCP Server / LAN

Server: can ping to 192.168.0.100 (with CMD of MS)

workstation: cant ping to 192.168.1.100 (with CMD of MS)

i think i need some help with where to make the rules :-[

but we made some progress…. :D

--- off topic---

I resetted pfsense to factory default no worry i made a snap :P
and i found out that by default i able to ping both ways.. so was trying to found out why .... but did not find any.... :(

curtisgrice

@lars314:

Server: can ping to 192.168.0.100 (with CMD of MS)

workstation: cant ping to 192.168.1.100 (with CMD of MS)

What is 192.168.1.100? That's not in any of our mentioned/configured subnets.

So far I have:
TP-Link WAN: (DHCP? doesn't matter for this topic)
TP-Link LAN: 192.168.0.1/24

pfSense WAN 192.168.0.3/24
pfSense LAN:10.0.0.1/24

Server: ?
Workstation: 192.168.0.100/24

lars314

Sorry is a typo needs to be 10.0.0.100

10.0.0.100 vm cliënt Windows server 2012 R2 assigned by DHCP on LAN..

And gived a fix ip to WAN of 192.168.0.3 stil outsite of my DHCP of my Home Network.

Becauce 192.168.0.2 was used..

curtisgrice

ok so:
TP-Link WAN: (DHCP? doesn't matter for this topic)
TP-Link LAN: 192.168.0.1/24
Has route to 10.0.0.0/24 via 192.168.0.3

pfSense WAN 192.168.0.3/24
pfSense LAN:10.0.0.1/24

Server: 10.0.0.100/24
-Gateway 10.0.0.1

Workstation: 192.168.0.100/24
-Gateway 192.168.0.1

Server to Workstation - working
Workstation to Server - not working?

Can you show me your firewall rules on pfSense WAN and LAN?

lars314

Edit: Did some ping test with CMD and from the 10.0.0.1 network i'am able to ping all IP's on my home network…

other way i'am not home to vm-network...

do i need to turn on (see last attachment) i have read some thing about it but i didnt total understant it.... sorry still a noob :-[
##############################################################################

Under Firewall/NAT

Port Forward // 1:1 // Outbound // NPt

they are empty

Here some screens

hoop you can read them :)

Sorry not sure on witch page to add the rule

1.PNG_thumb

3.PNG_thumb

4.PNG_thumb

curtisgrice

Under NAT outbound, this MUST be disabled. That's why you can ping from 10.0.0.0/24 to 192.168.0.0/24. NAT will see the ping on its way out and map 10.0.0.100 to 192.168.0.3:[some port number] (This is actually called port address translation.)

If you ran a packet sniffer on 192.168.0.100 while pinging from 10.0.0.100, 192.168.0.100 would see the ping came from 192.168.0.3.

When you try to ping from 1923.168.0.100 to 10.0.0.100 that port map does not exist and will be blocked.

NAT (PAT - port address translation in most implementations) hides a network behind one or a set of IPs. This is why when you have a bunch of PCs connected to the internet you only get one public address. Your home router uses PAT to connect all of your devices to the internet and coincidentally that's also why you need port forwarding to connect to your computers from outside of your home network.

Long story short, disable NAT. Your rules look ok to me.

lars314

I did turn off the NAT function, but know i not able to ping like you sad.
so think we need some Firewall rules ?

My goal is to use MS WDS // MDT for study :)

curtisgrice

Can you send screenshots for your pfSense routes, gateways, and dhcp? Also the static route on your TP-Link.

lars314

The requested img…

1.PNG_thumb

2.PNG_thumb

curtisgrice

Remove GW_LAN. Also on the DHCP on pfSense make sure the default gateway is set to 10.0.0.1