PfSense WAN/LAN settings not working
-
Hi one and all,
I am setting up pfSense 2.3.2 (guest) on virtualbox 5.0.24 on ubuntu (host) 16.04 LTS with 3 NICs plus 1 wifi network connections.
I had my system working for several months and then a calamitous failure on 2 machines (storm damage) meant I lost everything including configuration backups. I have rebuilt ubuntu with virtualbox and there is nothing else installed. The entire machine is generally dedicated to running pfSense.
The three NICs are set with static addresses 192.168.1.140/1/2 with wifi on 192.168.1.143 but disabled.
On the virtual machine the three interfaces are (1) Bridged using the system identifier enp0s25 with (2) and (3) both set to internal network with both identified as intnet.
In virtualbox I have set up a free BSD machine and then installed pfSense. pfSense loads fine except that the WAN interface (em0) has taken an address from my internal network (from DHPC) of 192.168.1.169. I have set the LAN interface (em1) to the static address of 192.168.1.200 (as in the previous system).
pfSense shows this:
WAN (wan) –> em0 --> v4/DHCP4: 192.168.1.169/24
LAN (lan) --> em1 --> v4: 192.168.1.200/24No matter what I try, I cannot get the WAN to set to an external address as i am sure it used to.
From inside the guest I can ping any IP address on my system. The two guest addresses of 169 and 200 as well as the host addresses of 140/1/2. I can also ping other machines in the network from here.
However, from outside the guest, be it from the host or a separate machine, I cannot ping 169 or 200 and so cannot see the web configurator to make progress.
For the complete picture, my router is set to recognise a series of fixed IP addresses from their Mac addresses in the fixed range of 192.168.1.2 to .200 plus .250 to 254 with DHCP having reserved addresses (for visitors) in the range 192.168.1.201 to .249.
I am sure that if I can get the WAN set correctly the rest should fall into place. Can anyone help direct me what to do please?
Thanks in advance.
Geoff
-
No, you cannot have WAN + LAN + WIFI on the same subnet.
-
Hi doktornotor,
I understand that they cannot all be on the same subnet (well, LAN and wifi can) but my problem is that I cannot get pfSense to find an external net address to make the outbound connection. Can you suggest any way to do it or let me know where I am going wrong?
Geoff
-
WAN (wan) –> em0 --> v4/DHCP4: 192.168.1.169/24
LAN (lan) --> em1 --> v4: 192.168.1.200/24That is not going to work!! As dok already stated..
If your pfsense VM is behind a nat and that network is 192.168.1/24 - then its LAN needs to be something other than that, say 192.168.2/24
-
Johnpoz
I do understand it will not work that is why I posted the question. What I need is someone to guide me through getting it set up properly. I am not a technician and things like NAT are beyond my understanding. I do know that I have not set up a NAT or a proxy.
I also know that I had similar problems the first time I tried to set this up but cannot recall how I eventually overcame the problem in order to get a proper WAN address set up but I did manage to do it and it worked for a long time (through several pfsense upgrades) until the storm blew out two of my machines and made the data unrecoverable.
What do I have to do to get pfsense to recognise that my WAN is through my router on a separate external address?
Geoff
-
Dude move the LAN somewhere else. And move everything that conflicts with WAN somewhere else. Dunno what's unclear about it. Each interface should use a separate subnet.
-
"are beyond my understanding"
So your saying your retarded?? We are not talking quantum entanglement, or quarks and their flavors for gosh sake.. Dude if you can not understand the basic concept of what a NAT is or NAPT (Network Address Port Translation) which is what pfsense does and every other soho router. And what a network or IP address is.. Sorry but pfsense is going to be beyond your understanding as well. Just use your isp gateway..
So you understand that they can not be on the same network.. So change your LAN to be a different network.. 192.168.2 for example.
-
I am not sure how one gets a Hero status unless it is by being incredibly demeaning and rude to people that have less knowledge (note I do not say intelligence as clearly you appear to lack some) than you?
If anyone is retarded I believe it must be you as you clearly cannot even read!
If you look at my post it is quite clear that I cannot use the web configurator that you so kindly put an image up of, viz (by the way, that's Latin for as follows or as you can see):
However, from outside the guest, be it from the host or a separate machine, I cannot ping 169 or 200 and so cannot see the web configurator to make progress.
I am amazed that pfSense maintains any users when they are treated so rudely by what I can only describe as an arrogant, disrespectful and bigoted "Hero". You may know a great deal about computing networks but you seem to fail when it comes to working with those of the human type.
If you are not prepared to be pleasant and helpful to someone that is struggling to get this useful piece of software working again, please keep your comments to yourself and let others of a more supportive nature intervene.
Geoff
-
Perhaps just hire someone to do the job? Because frankly I'm not seeing any progress here. There's no need for webconfigurator to set an interface IP, you can do that from console.
If unable, then simply flush the VM down the drain and reinstall. After that, kindly avoid this brainfart:
"I have set the LAN interface (em1) to the static address of 192.168.1.200".
-
If you can not get to the webgui.. What I suggest is you start over completely!!! And yes as dok stated you could use the console. Even when vm you can console..
Setup up a new pfsense - this time do not use the same network as your wan network..
Talk about being freaking rude – dude read your own post.. You stated that this stuff is beyond your understanding.. So how exactly are we suppose to help??
"I do know that I have not set up a NAT "
How is it you know this if you don't even understand what is it? Pfsense does nat out of the box.. Just like every other soho router or isp device.. But seems your more focused to call me out just asking you to clarify your own statement.. WTF dude really??
From your own statements - this seems beyond you.. All of it - so just use your isp device would be my advice to you.. That is a HERO's suggestion plain and simple, sorry its not what you want to here.. But sorry I don't give 2 shits to help someone that says the stuff they are trying to do is just beyond their understanding...
-
And on another note - after you've fixed the conflicting subnets, you'll soon notice that the whole network design is completely broken with the virtualization you put in place.
For the complete picture, my router is set to recognise a series of fixed IP addresses from their Mac addresses in the fixed range of 192.168.1.2 to .200 plus .250 to 254 with DHCP having reserved addresses (for visitors) in the range 192.168.1.201 to .249.
pfSense is supposed to be your router. And it will not do any useful job when all your LAN machines are on pfSense's WAN side. Also, double/multi-NAT sucks.
