Pfsense on Virtualbox's Guest + Emby(Plex) on VirtualBox's Host
-
pfSense will route traffic from LAN to WAN by default and will NAT the traffic to the WAN IP. Any host on LAN should be able to connect to 192.168.1.68 as long as there is a firewall rule on LAN to allow it.
I'm still unsure how your 'friends' are connecting from the LAN subnet when it's an internal VBox subnet.
Steve
-
In the config of my VBox, I've enabled 2 Network adapters, the first one is in brigde mode with the wifi physical adapter, and the second with the RJ45 physical adapter. So Internet is coming from the wifi and the RJ45 is the LAN for my friends. RJ45 is connnected to a router as simple AP (DHCP disabled).
Maybe my config is not good for such thing ? But it's working to share internet access.
-
Ah OK, I see now!
So, yes, that should work with the default config. The Emby server is WAN side so pfSense will route/NAT all LAN traffic to it as long as the firewall rules allow it.
If it is not reachable it's probably a problem with the captive portal setup.
Check for blocked traffic in the firewall logs.
Check for states opened to the Emby server in Diag > States.
If you're using policy routing you might be bypassing local networks which would break that.
Steve
-
I've tried again just now, see what log shows me :
IP 192.168.1.65 is the target, but as you see, it's blocked.
I've checked also states, i've seen no reference to that IP.Thank you.
-
That's incoming netbios broadcasts from Emby. That should be blocked on WAN.
If you see no states when you are trying to connect to it from LAN then you have something misconfigured. Probably captive portal. Maybe DNS if you are not trying to connect by IP address.
Steve
-
I know its a long image, but please let me show you my CP settings :
I'm using DNS Resolver :
What can I change ? since I'm using Pfsense, I did not touch DNS settings.
-
What are your LAN firewall rules?
How exactly are clients trying to connect to Emby?
-
here is my LAN firewall rules :
I will like to let them access my media server after logged via the Captive Portal.
For now they're just using it for internet. -
Right, but how are they trying to access it? What error are they seeing?
-
The browser says Adress Unreachable...
-
What address are they trying to go to? What does Emby expect?
If there are no states it looks like the clients are not even trying so I would guess what's happening is clients are tryting to fo to emby.local.lan or some such but that is not resolvable behind pfSense.
Steve
-
Emby is on 192.168.1.65:8960 so I tried to connect to it from browser with that IP, no hostname. About states, I swear that I've tried with my phone. Clients are not trying because Its not working yet to tell them.
How can I make that IP to be resolvable behind pfsense ? Its too weird for me... -
OK if you're trying to connect by IP address that should work. pfSense will route that traffic to the WAN because it is in that subnet directly.
It sounds like maybe clients are not using pfSense as the route to that subnet? You should be seeing states opening from clients if they were.Steve
-
Hello, Thank you for all our replies. I'm on the way o fix my issue but please, is that a way to hide the access to an IP (LAN) behind the captive portal ?
-
Yes, you can just block/reject connections from that IP to the server using a firewall rule on WAN. Just put of above the pass rule(s).
Steve
-
I finally fix IP to the LAN side of the host (WIN 10 - RJ45), the one I connect to the router that clients. So Now Emby is in the same network like the clients so, is now accesible via 192.168.100.135, and without Authentification, thats the problem now.
I dont want to block connection to that IP, I want them to log in before access to that IP, even if its in LAN -
If it's in the same subnet as the clients connecting to it that traffic never goes through pfSense so it cannot filter it. Or act on it in any way such as applying captive portal login.
Steve
-
Hello, thank you for your patience and replies.
Please is that a way to open a new web to client after authentificate ?
The problem is that, on mobile device, after authentificate, the redirect page closes itself.
Thank you
-
The 'After authentication Redirection URL' page from the captive portal?
If their browser closes it there's not much you can do. Once the CP is passing their traffic it does not redirect them again unless they are logged out.
Steve
-
@stephenw10 Ok, It's too bad....
For users, It's that a way to create a period of validity ? For exemple I create a voutcher of 1440 minute (24h) of internet access, which can be valid for 3 days. Means He can connect himself when he wants.