Need some basic networking help
-
Okay, so I've read through as many posts as I could find, and all the Google results I could handle, and I seem to be running into a wall. I set up pfSense with a WAN and LAN, I set the Lan net to intnet like all the guides suggested. I have a vm set to intnet that's able to communicate with the entire network (LAN, WAN, the host machine running the pfSense vm, and the router my home network is on, and all the computers connected to it). All of the vm's can communicate with everything. However, I have a separate computer on the home network that can communicate with the WAN web interface and the LAN web interface, it can't route to any computers on the intnet network.
The home network IPs are 192.168.0.x, the WAN is set to DHCP so it's getting a 192.168.0.x address, LAN is 192.168.1.x. The vm I have on the intnet is getting 192.168.1.95. Somehow my home networked computer can ONLY communicate with 192.168.1.1, but I can't add that to my route. The machine having the problems is Linux. I can add a route to 192.168.0.12 (the WAN web interface). I can ping 192.168.1.1 and access the interface.
All of the Firewall rules are set to allow all to LAN and LAN to all, allow all to WAN to LAN and LAN to WAN, and then all the WAN and WAN to all, just to get the paths clear. I disabled the pfSense firewall (pfctl -d) and ran "enableallowallwan".
What am I missing?
-
"I set the Lan net to intnet like all the guides suggested."
Huh?? What guide? There is nothing you need to do to lan out of the box.. It works!
"allow all to WAN to LAN and LAN to WAN,"
Huh?? You set your wan to any any?? Are you just wanting to use pfsense as router??
"I disabled the pfSense firewall (pfctl -d) and ran "enableallowallwan". "Why???
This is nothing required to do with pfsense other than connect it to your wan, and your lan networks. If your devices on lan are working to internet, then every device on that network would work to internet. If you have a device that is not working. Then its that device, or its not actually connected to your lan network, etc.
-
I was using a bunch of guides on how to set up a security lab with pfsense, and they all suggested using intnet as the internal network for those vms. I was hoping I could use pfsense as a router from the home network to the lan, which is why I set up those rules to allow all traffic in and out, but somehow I can only communicate with the lan DHCP address (192.168.1.1) but no other machines on the lan. I know the allow all to all rules are stupid, but I wanted to get it working first and then start to harden it later.
I understand this is more of a networking question than a pfsense question, but I was hoping to get some help here since I'm using pfsense. If I can't use it this way, then I'll find a virtual routing solution instead of a virtual firewall solution, but I was under the impression this would work. I could be peeing into the wind on this one.
I was messing with it some more last night, and the computers on the lan aren't able to communicate with each other. I had an XP vm that was able to ping every address on my network no problem, but then I fired up another machine on the intnet and the XP vm couldn't ping it at all and it couldn't ping any other machine.
I'm going to look into routers since I think that's more of what I'm looking for.
-
Start over with a fresh install and don't change anything. pfSense out of the box "just works" as @johnpoz already stated. You're shooting yourself in the foot trying to outsmart the default install.
I'm going to look into routers since I think that's more of what I'm looking for.
What exactly is it that you think pfSense does?
-
"intnet as the internal network for those vms"
This is gibberish… intnet? Not a term...
"but no other machines on the lan"
Pfsense would have ZERO to do with lan devices talking to each other.. Pfsense is a router/firewall - not a switch... Devices all on the same network 192.168.1/24 traffic would not go through pfsense unless it was setup as a bridge..
"but then I fired up another machine on the intnet"
Again not sure where you are getting this term "intnet" it is not a networking term.. Do you mean internal network? internet? What does intnet mean in your context?
Pfsense can for sure just route.. But why would you not firewall as well.. If you want to firewall/route between 2 networks and not NAT (network address translation)… Those would be how pfsense would do it between 2 lan networks.. It would really really help if you drew up your network as you want it to be so we could understand what your trying to accomplish vs using some nonsense term.. Been in the biz 30 some years and I not sure what you mean by intnet.. I would guess either internal network or internet.. But can not be sure from your context, etc.
