New to pfsense, cant access web from Lan.
-
also (unrelated) your 192.200.0.1/30 isnt a valid rfc1918 address for your transit network
-
If your creating a downstream network.. What are you lan rules, since 192.168.1 is not going to be included in "lan net"
Also you created the gateway that says to get to 192.168.1/24 talk to 200.0.2 ? Which as mentioned already is not rfc1918.
Also you didn't mess with outbound nat right? when you create your gateway and route to this 192.168.1 network it will auto adjust your outbound nat for the downstream network. Unless you set it to manual, etc.
-
@jahonix
I have now unchecked this. -
@jahonix
Tracert stops at my router. -
@heper
Hello, I have changed my pfsense lan IP to 172.16.0.1/30 and my router wan to 172.16.0.2/30.
Is this correct? -
@johnpoz
Hello, I have changed my pfsense lan IP to 172.16.0.1/30 and my router wan to 172.16.0.2/30.
Is this correct?
-
What do you have those rules on your wan? Did you turn off nat on pfsense?
Your rule to allow ping to wan net is pointless with that any any rule below it
And when ever would source be lan address into lan net?Where are you routes showing how to get to 192.168.1/24 and your gateway setup to it?
-
@johnpoz
Hello John, I appreciate your help, I would like you to know that.
I have deleted wan rules created by me.
I have now turned off nat on PfSense.
I think I now understand the ping rule and the any rule :-)
I dont get line 3, lan into lan?
I have poked around and cant find the routes/gateway you mention. -
@johnpoz
Is this what you want from me?
-
@simunf said in New to pfsense, cant access web from Lan.:
I have now turned off nat on PfSense.
NO... I didn't tell you to do that - I asked if you had because that would be the only reason for such rules on your wan.
Rules are evaluated as traffic enters and interface from the network, how would lan address EVER be a source of traffic entering the lan interface?
Did you create your gateway to your downstream router in
System / Routing / Gateways -
@johnpoz
I have found these. I have reenabled auto nat (as it was before)
Thanks in advance. My workday is over for now. -
And you have no gateway setup, so how is pfsense going to know to send traffic for 192.168.1/24 to your cisco? It will just send traffic with that dest out its wan..
WTF is the route for 192.168.1.0/32 doing in there?
-
@johnpoz
Good morning from Denmark :-)
I have removed the route you mentioned. and created this gateway.0_1533277253861_Udklip13.PNG
I'm sorry for the inconvenience. -
I have now removed the Cisco Router, changed the pfsense lan IP to 192.168.1.254/24.
And now I have net on all machines...
It is not the setup I wanted, but for now it is the setup that works. -
So the cisco is 172.16.0.1? Or is that pfsense itself?
Where is the route?
Seems basic routing is beyond your current skill set - so why you would want to complicate it with a downstream router is beyond me.
Cisco 2800 switch VLAN2 192.168.1.253, every used port is in no shutdown mode
Also you sway every port? The port connected to pfsense, ie your transit network wold not be the same layer 2 network as your 192.168.1 network..
