WebConfigurator is intermittent, shell pings out from WAN rather than LAN
I have installed the nanobsd-embedded 32-bit img on a usb, using win32 disk imager onto a supermicro containing Atom525 e-CPU. It boots just fine and it should be noted; I have previously installed and booted successfully on this machine.
The issue is thus:
I cannot access the webconfigurator and I can only ping my network from the WAN interface. I had gained access to the WC at one point, by not defaulting to http, but now it has once again become inaccessible for no particular reason. It became inaccessible directly after configuring from the webconfigurator. I had turned off blocking private ip from WAN, otherwise the rest of the settings were default.
I then completely factory defaulted the box and started again, but I cannot regain access to the WC. I also could never access the webconfigurator from the LAN interface.
Only one interface is plugged to the network at one time.
I have managed to ping other devices on the network from the pfsense shell, obviously ICMP response is off by default so naturally pinging pfsense gives no response.
What have I missed? Surely this is unexpected and rather odd behaviour.
Thanks in advance,
Why have you set the WAN and LAN IP addresses in the same subnet?
That does not work (and will give odd behavior). You need to put each interface in a separate subnet.
…ah yes I see, a schoolboy error I'm sure.
Perhaps you could offer some further advice. I wish to put this firewall inside my network i.e. behind my ISP controller router.
Would it be safe to assume, that it is within standard practice to set my router's internal subnet to say 10.0.1.0/24, that I could then set my WAN to 10.0.1.0/24 and route through to my LAN on 10.0.0.0/24?? I apologize if this is a rather obvious question but I cannot find a resource that answer my question directly and I'm in a bit of a hurry to get this up and running re: Australia's metadata laws...
What you suggest will work. If you do not want to offer any services on the public internet (e.g. an OpenVPN server for you to connect to from outside or…) then you do not need to do anything else. All connections/states originating from LAN side will be allowed out, including their packets flowing back in the reverse direction. You can then make the LAN rule(s) more restrictive if you wish, to prevent going out from LAN to places that you do not want to go to...
Of course LAN packets will be NAT'd out the WAN, then the router will NAT those out to the real upstream ISP address. So you are adding and extra NAT in the system. But actually that works for 99.*% of things.
If you want to offer some service to the public internet, then you need to either sort out on the router to forward through some ports to the pfSense WAN IP address, or put the router into "bridge" mode so it passes the external public IP to pfSense WAN.
oh ok cool.
I do want to setup a vpn server, but I also want to keep any NAT routing off the firewall, so I guess I will port forward through from my public router.
Thank you so much for your time and attention, really appreciate the input!!