Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to use OPT4 to access the pfSense firewall as an extra entry point

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 4 Posters 913 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wimvandorst
      last edited by

      Basic installation on my Netgate pfSense firewall. No VLANs or so, one WAN cable (external IP number, several NAT rules to mailserver on the LAN), one LAN cable (ip number 172.17.17.250/24).

      Works all OK. Now I want to mess with it, changing into VLANs and stuff. And I'm not an expert (yet :D), and have excluded myself now several times, with a factory reset needed to undo my mess. Oops. Instead, I now want to create an alternatively entry point into the firewall that is not to be affected by my messing with the WAN and LAN settings.

      Idea: I renamed OPT4 to MLAN (Management LAN), gave it IP number 172.17.18.250 (not in the normal LAN range), set up a firewall rule allowing everything TCP/UDP, and another rule allowing ICMP. (I think). Using the laptop, I turn off wifi, put an ethernet cable in the OPT4 port and the laptop, assign laptop 172.17.18.16/24 address, add default routing and try to access the firewall: cannot ping, cannot access the http://172.17.18.250.

      What am I missing? Please help?

      Regards, Wim van Dorst

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        That should work as described. Maybe a typo somewhere?

        Check the firewall logs in Status > System Logs > Firewall tab. Is anything blocked?

        Can you ping the laptop from pfSense in Diag > Ping?

        Does the Laptop appear in Diag > ARP Table?

        Is the interface actually up at the correct speed with the laptop connected? Check Status > Interfaces.

        If you get locked out again you can always roll back the last config change from the console rather than reset entirely.

        Steve

        W 1 Reply Last reply Reply Quote 1
        • W
          wimvandorst @stephenw10
          last edited by

          @stephenw10 Thanks for the confirmation that I don't miss out something significant. And good tips. I'm gonna do them all.

          1 Reply Last reply Reply Quote 0
          • W
            wimvandorst
            last edited by

            Update: RESOLVED.

            The kind confirmation by Stephen that I was on the right way did really help. Instead of searching for yet more things to add, setup, etc, I went searching for problems in this existing setup.

            Network speed seemed a potential problem, as I am using an USB-to-Ethernet dongle that can only do 100 Mb/s. That wasn't it. With ethernet up on both sides, indicated by the blinkenlichten, it was routing. And conscientiously checking each and every setting revealed the erroneous setting: netmask /32 instead of /24 on the firewall side. Correcting that made everything work.

            Thanks to Stephen!
            Regards, Wim van Dorst

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @wimvandorst
              last edited by

              @wimvandorst said in How to use OPT4 to access the pfSense firewall as an extra entry point:

              blinkenlichten

              Flashing led ?! ;)

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • W
                wimvandorst
                last edited by

                I"m Dutch, and have been around many years in IT world. So it is allowed for me to use the original German term for this :D.

                GrimsonG 1 Reply Last reply Reply Quote 1
                • GrimsonG
                  Grimson Banned @wimvandorst
                  last edited by

                  @wimvandorst said in How to use OPT4 to access the pfSense firewall as an extra entry point:

                  So it is allowed for me to use the original German term for this :D.

                  The original German term is "Blinklichter". ;-)

                  1 Reply Last reply Reply Quote 0
                  • W
                    wimvandorst
                    last edited by

                    @grimson I don't want to do anything off regarding your Germany knowledge, as indeed the real German word is die Lichter. Du hast voellich recht.

                    But read this this internet folklore:
                    http://www.blinkenlichten.info/origin.html

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.