Pfsense on Virtualbox's Guest + Emby(Plex) on VirtualBox's Host
-
Hello, This is my problem :
i've installed pfsense in virtualbox in a windows 10 host, bridge configuration. On same that computer I've also install Emby (which is media server).
The captive portal in pfsense is working just fine. But now I want to allow my friends to access my media server (Emby), which is on the host.- Pfense WAN IP : 192.168.1.73
- Media Server (on host) IP wih port : 192.168.1.68:8096
- Pfsense LAN adress : 192.168.100.1 - 255
So what can I do to allow IP like 192.168.100.23 to access 192.168.1.68:8096 ?
Sorry for my bad english.
thank you for the help. -
So how are your friends accessing pfSense? VPN? Some port forward?
pfSense does not appear to be filtering traffic to Emby there, it's in the pfSense WAN subnet, so you could probably just port forward to Emby in your upstream router.
If it's is via VPN though you just need to be passing a route to the Emby IP and have a firewall rule to allow it.
Steve
-
They use the captive portal that i've enabled for them.
I've not test port forward because I can't even reach that IP with port 80.
Tell me how to do the port forward, I'll try.Thank You.
-
I confirm access to Emby, if Emby is in LAN (192.168.100.), but if it's in no access WAN (192.168.1.).
there is no way to access ip 192.168.1.* from 192.168.100.* ?Plz help.
-
So the clients trying to access it are coming from the 192.168.100.0/24 subnet? Is that not internal to VBox only?
Which subnet is inside VBox? Usually it would be the LAN.
Steve
-
Yes they are coming from 192.168.100.0/24 subnet and is internal to the virtualBox. and that subnet is the LAN. You get it correctly.
-
I've tried to access via internet (Emby) but I think Pfsense do not like loopback. I'm out of ideas.
-
pfSense will route traffic from LAN to WAN by default and will NAT the traffic to the WAN IP. Any host on LAN should be able to connect to 192.168.1.68 as long as there is a firewall rule on LAN to allow it.
I'm still unsure how your 'friends' are connecting from the LAN subnet when it's an internal VBox subnet.
Steve
-
In the config of my VBox, I've enabled 2 Network adapters, the first one is in brigde mode with the wifi physical adapter, and the second with the RJ45 physical adapter. So Internet is coming from the wifi and the RJ45 is the LAN for my friends. RJ45 is connnected to a router as simple AP (DHCP disabled).
Maybe my config is not good for such thing ? But it's working to share internet access.
-
Ah OK, I see now!
So, yes, that should work with the default config. The Emby server is WAN side so pfSense will route/NAT all LAN traffic to it as long as the firewall rules allow it.
If it is not reachable it's probably a problem with the captive portal setup.
Check for blocked traffic in the firewall logs.
Check for states opened to the Emby server in Diag > States.
If you're using policy routing you might be bypassing local networks which would break that.
Steve
-
I've tried again just now, see what log shows me :
IP 192.168.1.65 is the target, but as you see, it's blocked.
I've checked also states, i've seen no reference to that IP.Thank you.
-
That's incoming netbios broadcasts from Emby. That should be blocked on WAN.
If you see no states when you are trying to connect to it from LAN then you have something misconfigured. Probably captive portal. Maybe DNS if you are not trying to connect by IP address.
Steve
-
I know its a long image, but please let me show you my CP settings :
I'm using DNS Resolver :
What can I change ? since I'm using Pfsense, I did not touch DNS settings.
-
What are your LAN firewall rules?
How exactly are clients trying to connect to Emby?
-
here is my LAN firewall rules :
I will like to let them access my media server after logged via the Captive Portal.
For now they're just using it for internet. -
Right, but how are they trying to access it? What error are they seeing?
-
The browser says Adress Unreachable...
-
What address are they trying to go to? What does Emby expect?
If there are no states it looks like the clients are not even trying so I would guess what's happening is clients are tryting to fo to emby.local.lan or some such but that is not resolvable behind pfSense.
Steve
-
Emby is on 192.168.1.65:8960 so I tried to connect to it from browser with that IP, no hostname. About states, I swear that I've tried with my phone. Clients are not trying because Its not working yet to tell them.
How can I make that IP to be resolvable behind pfsense ? Its too weird for me... -
OK if you're trying to connect by IP address that should work. pfSense will route that traffic to the WAN because it is in that subnet directly.
It sounds like maybe clients are not using pfSense as the route to that subnet? You should be seeing states opening from clients if they were.Steve
