Nas4Free behind pfsense
-
I have a problem, need to setup a way to access nas4free from the pfsense.
I have 4 ports Ethernet
1. WAN
2. LAN 192.168.0.1
3. OPT1 192.168.100.1
4OPT2 192.168.2.1Nas4Free is on LAN interface
DVR on same LAN interface
Opt1 and Opt1 are available if required.My question:
I am unable to access DVR on my lan 192.168.0.1/24
I am unable to access Nas4Free from LAN 192.168.0.250can anybody guide me if I need to configure NAT and Rules though I tried but fail.
this is my first time I am doing so.
-
If you are accessing it internally, you wouldn't need a NAT, you just need firewall rules to allow traffic from the LANs to each other.
-
can you give example?
-
In Firewall, Rules, LAN add the following pass rules above any blocking rules:
Interface LAN, TCP/IP Version IPv4, Protocol Any, Source LAN net, Destination IP-address of DVR
Interface LAN, TCP/IP Version IPv4, Protocol Any, Source LAN net, Destination IP-address of Nas4FreeNo NAT as you're on internal networks and not going out on the internet.
Rules are always only acting on traffic coming in on the respective interface.
Obviously when you've understood how rules work you can refine them to be stricter regarding what protocols are allowed or even broader if you want to allow more inside your network. However doing the latter would eventually defeat the concept of having multiple internal interfaces at all.
-
The out of the box rules on lan should allow lan to talk to any of your other networks/vlans since it defaults to any any.
Out of the box opt interfaces have not rules - so if you want create connections from opt or vlan interface networks into lan or elsewhere you would need to create rules.
You sure its not firewall on nas or dvr blocking access from other networks? Or possible your dvr wants to use multicast or something that doesn't pass network boundaries.
Are you just having issue with resolving the nas or dvr names? Have you modified the lan rules? What rules do you have on your opt interfaces? What protocols are in use when talking to your nas or dvr?
-
Thank you for your help
-
I am still not been able to run Nas4free behind firewall for remote access
I have static ips for firewall, Nas4free and DVR I can access DVR remotely as well as local but still unable to access Nas4Free from remote location.
I know all of you recommend openVPN but I don't know how to setup openvpn as I tried but confused fr example I dont know how to make certificate and the name of server host or address in openvpn clients.
can anybody help me for step by step configuration.
-
you click he wizard tab and will have openvpn up and running in 30 seconds..
Does your nas4free have a gateway set pointing to pfsense? How exactly are you trying to access this nas4free? http? ftp? Smb?? What protocol??
-
i am using owncloud on nas4free and smb
on pfsense (options on wizard local user access/ldap or radius)
on pfsense I understand Local User Access is for user who access locally but to allow remote access outside of my network which shouid I use LDAP or Radius? am I right?
-
"local user access/ldap or radius)"
Really dude??? Do you have ldap or radius for your users to auth too?
So you want to access smb across the public internet.. Yeah good luck with that ;)
-
no i was asking you what is local user access?
I do not want to use samba as well because i am using owncloud -
Its a user you create on pfsense, so that this user can access your vpn, etc.
-
@irs:
no i was asking you what is local user access?
Are you sure this is not over-your-head at the moment? Start small, tinker with your setup and get used to how pfSense works. Then you can configure it reasonably without shooting yourself in the foot.
Put "learn OpenVPN configuration" on your to-do list as well. -
I am looking a guide to do configure a DVR behind pfsense?
I tried several attempts port forward but no luck.
I am now trying to build a openVPN but i have few questions.
1.) I have static public ip where should I put that static IP? though already configured on WAN
2.) should I need to port forward even in openVPN?how I am going to access DVR remotely?
Thanks in advance -
- you wouldn't put it anywhere in openvpn..
- No
You would access your dvr via its fqdn you resolve once you have connected to your vpn or via its IP address.
-
i successfully completed openVPN but can only access firewall nothing else.
what wrong i am doing?
still can not access nas4free from remote login.
? -
And do you have any firewall on your nas4free device that would limit access to the local network. And now your coming from your vpn network.
Can you ping the pfsense IP on the lan interface your nas4free is connected too? Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel? Did you place any firewall rules on your vpn connection..
-
i can ping with pfsense the ip address of my nas4free but when ever i tried to ping from my remote computer it wont
-
"Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel? Did you place any firewall rules on your vpn connection.."
How to traceroute? I can not see any traceroute command in vpnclient
i hav no firewall rules for vpn -
And do you have any firewall on your nas4free device that would limit access to the local network.
From the NAS4Free release notes:
Login error 403
Do you have WebGUI Login error 403? Make shure the pc is in the same network! by default the System|General Setup Hosts allow field is empty so any one on the same network of LAN interface can access the WebGUI allowed. With a space delimited set of IP or CIDR notation you can add computers from outer network. As an example the outer IP address and LAN address for remote access. -
And do you have any firewall on your nas4free device that would limit access to the local network. And now your coming from your vpn network.
Can you ping the pfsense IP on the lan interface your nas4free is connected too? Do a traceroute from your vpnclient to the nas4free IP do you see the trace go down your tunnel? Did you place any firewall rules on your vpn connection..
here is traceroute
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * * -
how I can figure out the error?
-
Do you get the 403 error.. Then biggsy already pointed you to the problem..
As to your traceroute.. you got something wrong there.. Do the traceroute to the IP you can ping?
Here is a normal traceroute through a vpn tunnel
C:\>tracert -d 192.168.9.100 Tracing route to 192.168.9.100 over a maximum of 30 hops 1 93 ms 92 ms 96 ms 10.0.8.1 2 105 ms 100 ms 97 ms 192.168.9.100 Trace complete.
I hit the end of the tunnel (pfsense) then I hit the client.
What network behind pfsense, your local network. What is your tunnel network, what is the local network your on when your connecting into the vpn.
So for example my box I am on now is
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : snipped.com
IPv4 Address. . . . . . . . . . . : 10.56.153.210
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.56.153.1My vpn interface
Ethernet adapter Local Area Connection 2:Connection-specific DNS Suffix . : local.lan
IPv4 Address. . . . . . . . . . . : 10.0.8.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :Here is my route table when connected to vpn
C:\>route print | find "10.0.8.100" 10.0.8.0 255.255.255.0 On-link 10.0.8.100 276 10.0.8.100 255.255.255.255 On-link 10.0.8.100 276 10.0.8.255 255.255.255.255 On-link 10.0.8.100 276 192.168.2.0 255.255.255.0 10.0.8.1 10.0.8.100 276 192.168.3.0 255.255.255.0 10.0.8.1 10.0.8.100 276 192.168.9.0 255.255.255.0 10.0.8.1 10.0.8.100 276 224.0.0.0 240.0.0.0 On-link 10.0.8.100 276 255.255.255.255 255.255.255.255 On-link 10.0.8.100 276
I would of just given full output - but there are just a shitton of routes in the route table since at work..
-
Microsoft Windows [Version 6.1.7601]
Copyright 2009 Microsoft Corporation. All rights reserved.C:>ping 192.168.0.250
Pinging 192.168.0.250 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.Ping statistics for 192.168.0.250:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),C:>ping 192.168.0.137
Pinging 192.168.0.137 with 32 bytes of data:
Reply from 192.168.0.137: bytes=32 time=41ms TTL=63
Reply from 192.168.0.137: bytes=32 time=42ms TTL=63
Reply from 192.168.0.137: bytes=32 time=43ms TTL=63
Reply from 192.168.0.137: bytes=32 time=55ms TTL=63Ping statistics for 192.168.0.137:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 55ms, Average = 45msC:>tracert -d 192.168.0.1
Tracing route to 192.168.0.1 over a maximum of 30 hops
1 151 ms 204 ms 222 ms 192.168.0.1
Trace complete.
C:>tracert -d 10.0.7.254
Tracing route to 10.0.7.254 over a maximum of 30 hops
1 45 ms 70 ms 46 ms 10.0.7.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * ^CC:>tracert -d 10.0.7.1
Tracing route to 10.0.7.1 over a maximum of 30 hops
1 526 ms 632 ms 191 ms 10.0.7.1
Trace complete.
C:>tracert -d 192.168.0.1
Tracing route to 192.168.0.1 over a maximum of 30 hops
1 351 ms 700 ms 437 ms 192.168.0.1
Trace complete.
C:>tracert -d 192.168.0.250
Tracing route to 192.168.0.250 over a maximum of 30 hops
1 773 ms 736 ms 970 ms 10.0.7.1
2 * * * Request timed out.
3 * ^C
C:>tracert -d 192.168.0.137Tracing route to 192.168.0.137 over a maximum of 30 hops
1 197 ms 263 ms 365 ms 10.0.7.1
2 257 ms 203 ms 105 ms 192.168.0.137Trace complete.
-
My settings are as follows:
OpenVPN on pfsense router
access nework 192.168.0.0/24
NAS4FREE 192.168.0.250 port 12000
Tunnel Network: 10.0.7.0/24
client network 192.168.10.0/24I can connect my DVR but can not connect owncloud and nas4free
C:>route print | find "10.0.7.1"
0.0.0.0 128.0.0.0 10.0.7.1 10.0.7.2 276
128.0.0.0 128.0.0.0 10.0.7.1 10.0.7.2 276
192.168.0.0 255.255.255.0 10.0.7.1 10.0.7.2 276 -
Well this says vpn is working
C:>tracert -d 192.168.0.137
Tracing route to 192.168.0.137 over a maximum of 30 hops
1 197 ms 263 ms 365 ms 10.0.7.1
2 257 ms 203 ms 105 ms 192.168.0.137So your issue is on your nas box – most likely the firewall as already pointed out multiple times!
-
thanks for your help.
Firewall?
inside my Nas4free firewall is not checked it is not configured. -
@irs:
NAS4FREE 192.168.0.250 port 12000
In the very first post of the thread you say that the NAS4Free is on the OPT1 interface.
Now you're saying NAS4Free have the address 192.168.0.250.
Have you moved the NAS4Free to the LAN interface now?
-
Actually it was beginning as i am new i wast knew many things than suggested in this post to protect well must do that on openvpn.
so now I am on openvpn but still am unable to access my nas4free from remote on openvpn.?
I hope explain it well?
-
Is NAS4Free connected to the LAN network 192.168.0.0/24?
Does it have the address 192.168.0.250/24?
-
yes my nas4free is connected to my pfsense network address 192.168.0.0/24
and my NAS4FREE ip is 192.168.0.250
my DVR is also connected on the same network 192.168.0.137
and I am able to use it with that local networkmy openvpn is connected on tunnel 10.0.7.0/24
my remote ip 192.168.10.0/24 windows machine
I can connect owncloud locally but can not connect through vpn.
![openVPN diag.png](/public/imported_attachments/1/openVPN diag.png)
![openVPN diag.png_thumb](/public/imported_attachments/1/openVPN diag.png_thumb) -
Go to System, General, WebGUI, Hosts allow in NAS4Free admin GUI.
If you have only 192.168.0.0/24 configured there, change it to 192.168.0.0/24 192.168.10.0/24
Also in NAS4Free admin GUI:
Check that on Network, LAN Management, IP address you have the network set to /24
Check that you have Network, LAN Management, Gateway set to whatever address your pfsense have on it's LAN interface (in your first post it was 192.168.0.1).
-
thx for the suggestions I will try and let you know the results.
Onece again Thank you for the help you and all other extended to me.
-
@P3R:
Go to System, General, WebGUI, Hosts allow in NAS4Free admin GUI.
If you have only 192.168.0.0/24 configured there, change it to 192.168.0.0/24 192.168.10.0/24
Also in NAS4Free admin GUI:
Check that on Network, LAN Management, IP address you have the network set to /24
Check that you have Network, LAN Management, Gateway set to whatever address your pfsense have on it's LAN interface (in your first post it was 192.168.0.1).
You will also have to add 10.0.7.0/24 (your VPN network) to the NAS4Free hosts allow.
-
You will also have to add 10.0.7.0/24 (your VPN network) to the NAS4Free hosts allow.
Will that be the source address of the traffic from the VPN?
If so, no reason to allow 192.168.10.0/24 then?
I don't know OpenVPN as you can see, I use IPSec.
Anyway, there must be something else that's very wrong since not even ping works…
-
Yes, the OpenVPN tunnel IP will be needed.
In fact, I tried to access the Web UI of my own NAS4Free over OpenVPN (for the first time, I guess). It didn't work until I added the tunnel network to System, General, WebGUI, Hosts allow.
I agree that there is something more serious going on if PING doesn't work. Hard to tell what the OP has done though.
-
"I agree that there is something more serious going on if PING doesn't work. Hard to tell what the OP has done though."
so you need my config file?
-
I tried with the suggested webgui ip address but no luck.
Hosts Allow
192.168.10.0/24 10.0.7.0/24 192.168.0.0/24
Space delimited set of IP or CIDR notation that permitted to access the WebGUI. (empty is the same network of LAN interface)Network, LAN Managment
IP Address 192.168.0.250/24
Gateway 192.168.0.1