Noob needs help with pfsense

stephenw10

Yes, that's correct but if you're using the serial console you must use the serial image.
After it mounts root the majority of the console messages appear only on the primary console. Only a few messages, such as ports coming up, are shown on all consoles until it finishes booting.

Steve

Perseverance66

@stephenw10
Epic fail! on my part....
Wow, I'm betting I was trying to use the serial console image and should actually be using the VGA image instead...
I'll double check when I get home. Thanks stephen!

Perseverance66

Sorry for the late response, been a little busy with work.
I was able to reinstall v2.4.4, using the correct image this time. :) (Thanks Stephen!)
Gave the interfaces an IP, restarted the web configurator and PHP-FRM, just to make sure and still not able to access the web GUI, tried all of this with a continuous ping running. No such luck.
Obviously the request is being refused, which I'm guessing the other router on the other side of the pfsense machine.
I'm able to ping the router, 192.168.1.5, from the pfsense machine, 192.168.1.3, and vice versa.
Checked the firewall rules on the peplink router and even created both inbound and outbound rules to allow any connection from 192.168.1.3. Still no ping from me PC.
Tried running a tracert from my PC to the pfsense box, but it just times outs. I do have a dumb switch in between my PC and peplink router, so I tried plugging my laptop directly into the peplink router just to rule out the dumb switch.
This is definitely on the peplink side, just not sure what to try next. I know it's got to be something simple. Any ideas?

stephenw10

@Perseverance66 said in Noob needs help with pfsense:

I'm able to ping the router, 192.168.1.5, from the pfsense machine, 192.168.1.3, and vice versa.

How are you doing that? From the console directly?

If you have 192.168.1.X on the pfSense WAN what subnet do you have on the LAN side? It must be a different subnet and 192.168.1.X is the default.

Connections to the webgui from the WAN side are blocked by default and it sounds like that's how you're trying to connect.
Can you connect to it from the LAN side?
You will need to add a firewall rule on WAN to allow that traffic if you want to be able to access it fro WAN.

Steve

Perseverance66

@stephenw10

@stephenw10 said in Noob needs help with pfsense:

@Perseverance66 said in Noob needs help with pfsense:

I'm able to ping the router, 192.168.1.5, from the pfsense machine, 192.168.1.3, and vice versa.

How are you doing that? From the console directly?

Yes, from the console. Option 7, Ping Host

The WAN on the pfsense box is set to DHCP, it's pulling a private IP from my ISP.
The LAN on the pfsense box is set to 192.168.1.3, where the peplink router's WAN is set to a static IP of 192.168.1.5.
I have been trying to connect to the webGUI from the LAN side the whole time and still cannot connect, from the LAN side.
I definitely do not want to open that up on the WAN side.

stephenw10

Ah, OK. I misunderstood the connection order. I assume you mean a public IP on the pfSense WAN?

If you connect a client directly to the pfSense LAN can you connect to it?

What is the peplink using for it's internal subnet? That must also be different from it's external interface (192.168.1.5). If it's also using 192.168.1.X internally that is conflicting and must be changed.

Steve

Perseverance66

@stephenw10 said in Noob needs help with pfsense:

Ah, OK. I misunderstood the connection order. I assume you mean a public IP on the pfSense WAN?
Yep, public IP, my mistake. Sorry about that.

I more than likely could connect, but I only have 3 rj45 ports. The 3rd one is for my DMZ.
The LAN on the peplink side is set to 192.168.1.6 and the DHCP range is from 192.168.1.10 - 192.168.1.200. This is how it was setup before I screwed myself and it was actually working. I don't recall changing anything on the peplink side. Interesting...
I've got to run a couple of errands and will try changing the LAN IP on the peplink when I get back.
Thanks Steve! :)

stephenw10

No problem. Yeah that's definitely a subnet conflict. It will break routing.

Steve

Perseverance66

@stephenw10
Now this is interesting...
Changed the LAN setting to 192.168.2.5, on the peplink side.
Rebooted both pfsense box and peplink router. At the same time I had a continuous ping running, pinging 192.168.1.3, the pfsense machine and I was able to ping it for maybe 30 seconds. Then the ping went stopped again.
Was able to access the GUI for about 1 minute, even though I couldn't ping in, from my PC which is now static to 192.168.2.10. During that time I was able to configure the pfsense host name, click next, then nothing...
And I verified that the 192.168.2.X subnet was not in a VLAN. Getting closer here..

stephenw10

That kind of implies the Peplink might have just passed the traffic on the existing subnet while it booted.

I would not expect a continuous ping to work there. The client you are pinging from had the change it's IP so the ping source address would change. If you managed to open a firewall state in either router it might be held open by the pings preventing the correct NAT states being opened.
I would stop pinging, or connecting in any way, unplug the client and reconnect it so it pulls a new IP (or even reboot it) and then test from there.

Steve

Perseverance66

@stephenw10
HAHAHAHAHA
Have you tried turning it off and on again?... LOL

Wow, weird how releasing and renewing the IP didn't work correctly.
With that said, IT'S WORKING!!!!!
I'm in the GUI and I'm able to ping, with no issue!!!
Thank you sooooooo much Steve!! You are awesome!!!!

stephenw10

Ha, there's a reason that phrase is a meme!

Steve