Setup issues 6p Protectli Firewall
-
I am working through a new install with a VPN. Needs tweaking for the Roku I am writing about in a different thread. During this process, I decided to move the firewall down a level so the data flow goes CABLE MODEM=SWITCH1=6P FIREWALL=SWITCH2. This is instead of the firewall next to the switch. For the first night, life was good. I was able to get to the firewall setup page, and get regular network traffic. By morning, I had no internet access at my PC in switch2. I tried rebooting, restarting services, more rebooting. So I recalled the firewall back to the lab, and re-set it up on the laptop only in the LAN port. And nothing. wont ping. The laptop has a different class B address and the firewall is 192.168.1.1. Fine I fixed that but why didnt it change back when I connected tot he firewall?
I suspect that all the IP's in the network were re-assigned by switch 1 to a Class B address overnight. This caused me to not have access to the switch, and my printers to disconnect because they didnt get their assigned addresses from the firewall, but instead from Switch 1. Another interesting thing at this time, under status/gateways, the wan/dhcp gateway's status showed as good, but it didnt work, and the VPN gateway's status as bad, but it worked
How do I fix this ? One think that I did do was to try un checking the box Services/dhcp server/lan "enable dhcp server on lan interface. I dont know if this worked or messed it up more.
Thanks
-
@bill1 said in Setup issues 6p Protectli Firewall:
I suspect that all the IP's in the network were re-assigned by switch 1 to a Class B address overnight.
Switches do not do that. Unless your 'switch' is actually a router and still has DHCP enabled.
What IP/subnet was on the clients when they failed to connect?
Steve
-
The router plugged into the cable modem changed the IP's of my network. How do I keep the DHCP for the devices behind the firewall from being over written by the router ahead ?
-
So your connection there is actually?:
Cable Modem --- ISP Router --- switch1 --- (WAN)pfSense(LAN) --- switch2 --- clients
If that is the case clients on switch2 could never pull a lease from the ISP router. If they are there must be another link directly between switch2 and switch1 or the router. Something over wifi perhaps?
Steve
-
Here is what I have, but its not working yet because of issues with Roku and the VPN.
The NG17 shown was previously the DHCP router for the network. In this config, I probably have to turn it off, possibly change other settings.
In a mean time, I tried putting the NG17 back into the cable modem, and the firewall into the NG17. Then there was a DHCP fight and the NG17 took over.
Aside from disabling the DHCP in the NG17, is there anything else I should change? -
That's the only thing that is actually required:
https://docs.netgate.com/pfsense/en/latest/wireless/use-an-existing-wireless-router-with-pfsense.htmlIf it has an actual 'access point mode' though you should use that.
It looks like you have the same subnet on three interfaces in pfSense, I assume those are bridged?
You have 2 devices labeled 192.168.1.1 which would obviously conflict.
Steve
-
Thanks,
I am making progress. As of now, everything works except for the wifi router. I think the AP mode is the key. I checked that box but there may be more that I have to do because it still isnt working. -
The kinda depends on exactly what that does on your router. On some it adds the WAN port top the other switch ports. On other it just disables the WAN and you need to connect to the one of the LAN ports. Connecting to a LAN port is the safe option there as long as the dhcp server is disabled.
Steve
-
The key, at least for yesterday was finding the "AP Mode" setting for the switch. The hard part was getting in there to do it. (into the Netgear router setup) I also left it as DHCP assigned. ************ Speaking of that, after my 12 hour marathon debugging session yesterday, by last night everything was working, the VPN, the VPN bypass for Roku, and the wifi router in AP mode. I power cycled most everything and it seemed good. But this morning after I get to work I get a call from my wife (working from home), she says NO INTERNET, but the Roku works. I have her power cycle the firewall and cable modem, but nothing. I tell her to use her hotspot. This is not ideal, I am still in trouble for racking up a big excess data usage charge. She winds up calling her company IT guy and it turns out that the firewall isn't giving her laptop a DHCP IP addr. I don't even know where to start to find the problem. Any ideas? Thanks.
-
Later: I get home and my PC connects, no problems except for power cycling the wifi AP. Wife's computer reboots and picks up a DHCP lease, so problem solved? Then this morning before work. I power up my PC and it wont connect. Not getting a dhcp lease. I power cycle the firewall only, then my PC. Still no dhcp lease. I use my laptop to get into the LAN port and restart the DHCP server. Bam, my PC connects. I will have to look into DHCP issues. Any ideas?
-
Check the dhcp and system logs. Was the dhcp server actually running?
-
OK, I will check. It happened again. I set up the time zone so I can make sense of it, and added GATEWAYS and SERVICES status windows to my dashboard. Can it have anythng to do with DHCP lease times? I am on the default.
I cant figure out why the openvpn service is up, but the gateway shows its offline. By the way, the VPN is working as far as I know. I checked my IP online, and the firewall shows data flow. -
The OpenVPN gateway IP may not respond to ping. Try setting some other external IP to monitor across it.