Installing on server's VM - Controlled environment

luke1018

Hi all, I have some question to ask with regards the setting up of PFsense.

Firstly, may I know the IP we used to key in on the WAN part should obtain from the ISP? (WAN), and is it can be identified from the website "whatismyip.com.au"?

Secondly, how do we identify which IP to be used on the the LAN side? Is it the next empty port on the server port or switch? But after I put in an empty / unused IP, still cant load the login page.

from the scenario above, how can troubleshoot and what are the steps to take?

stephenw10

The IP obtained from your ISP would usually be shown on the console or on the WAN status in the webgui. If your install is a VM though you may have something else in front of pfSense NATing it.

If you use an external IP checker like that it will show you the public IP your connection comes from but that may not be the pfSene WAN address if something else is NATing the connection.

Steve

luke1018

Hi, stephenw10

Let say I have already identified the internal IP after the NAT, how can I or is there any ways I can verify it?

because after I put in the WAN IP (Internal IP), it still not working on pfSense. Any suggestion?

stephenw10

Not sure I understand what you're asking here entirely.

You can see the WAN and LAN addresses on the console just above the menu.

Where are you putting in the WAN IP and what exactly is not working?

If you have configured pfSense with 2 interfaces by default all traffic from the WAN side will be blocked. If you are trying to access the webgui you will be able to do it from a VM on the LAN. If you need to access it on the WAN IP you will need to add a firewall rule to do that. You can do that using 'easyrule' from the command line. You can also temporarily disable the firewall to allow access while you add the rule.

https://doc.pfsense.org/index.php/Locked_out_of_the_WebGUI#Remotely_Circumvent_Firewall_Lockout_by_Temporarily_Changing_the_Firewall_Rules

Steve

luke1018

Hi Steve,

1. "You can see the WAN and LAN addresses on the console just above the menu. "
Maybe you get me wrong, what I meant is that how can I identify the WAN and LAN IP to entered into the system using the menu option 2: Set Interfaces IP Address.

2. "Where are you putting in the WAN IP and what exactly is not working?"
I set it under menu option 2, WAN and LAN IPV4 section. and the IPV6 section I leave it blank.

3. I am accessing from the server itself. So let say if I set the LAN at 10.0.10A.xx, then I have to access within the server IP 10.0.10A.xx, or can access through any ip within 10.0.10A.xx?

Thanks for your sharing.

Updates:

• There are 4 NIC ports and one is currently in used.

(Server:
                                                    10.0.10A.xx)
–------- Vswitch ------------[NIC1] –- pfSense ---- [NIC2] –---- Internal Network
                                        (WAN)                        (LAN)

stephenw10

When you say the 'server itself' do you mean the VM host?

If the WAN NIC the pfSense VM is using is passed through then it should have an IP in the subnet that NIC is attached to. If there is a DHCP server on that subnet it can pull an IP automatically if set to DHCP.

The LAN subnet would usually be some other unused subnet. I have no idea what subnets you're using on your network so I can't really make a suggestion there. It's often the first IP on that subnet such as 10.100.0.1/24.

10.0.10A.xx is not a valid IPv4 address. It cannot contain an 'A'.

How is your VM configured?

Steve

luke1018

When you say the 'server itself' do you mean the VM host?

meaning i am running on the same remote server. Browsing the login page using firefox.

If the WAN NIC the pfSense VM is using is passed through then it should have an IP in the subnet that NIC is attached to. If there is a DHCP server on that subnet it can pull an IP automatically if set to DHCP.

So we need a server with DHCP configuration? How about if we are just receiving static IP? How can we go about it?

The LAN subnet would usually be some other unused subnet. I have no idea what subnets you're using on your network so I can't really make a suggestion there. It's often the first IP on that subnet such as 10.100.0.1/24.

But if I used an ununsed subnet (server IP?) then I cant ping the host. To check which subnet am I in on Ubuntu, is it running the command "netstat -rn" and the IP under Gebmask is my subnet?

10.0.10A.xx is not a valid IPv4 address. It cannot contain an 'A'.

No la, just giving an example. but how come my subnet is showing 255.255.255.0?

How is your VM configured?

Adapter 1: NAT / Adapter 2: Internal Network.

stephenw10

You don't need to use DHCP. You can statically assign an IP to the pfSense WAN. It will meed to be an IP in whatever subnet is on the WAN side vswitch and have a gateway set to whatever device is the gateway for that subnet.

Is the Ubuntu machine a client VM on the internal network? That should be receiving it's IP from pfSense via DHCP then by default. Otherwise everything on the internal subnet can be statically assigned also if needed.

255.255.255.0 is the subnet mask, the same as /24 or 10.0.10.xx for example.

If the WAN adapter is NAT'd to the external subnet then it could be anything but it will be defined in the VM host setup somewhere.
You provavly want to have that bridged to the external subnet instead to avoid (at least) to layers of NAT.

Steve