Pfsense on esxi - Rules not working
-
Hi,
I'll start by saying i'm new to pfsense, and this is my first post.
I'm having problems getting pfsense working on a private network. This is not the first time I've come across this issue but I cant seem to find it online, last time I had this problem I ended up using a different firewall / router OS.
I have pfsense installed on my esxi box, with three adapters, WAN, LAN and OPT1.
WAN sits on a private network, lets say 192.168.0.0/24 and LAN and OPT1 are also 172.16.x.x networks.Firstly, on setup I have unchecked the box thats allows access to the webui from RFC1918 addresses, but still the only way I can access the webui from the 192.168.0.0 network is to disable the firewall. I've even added the following rule too:
easyrule pass wan tcp 192.168.0.50 192.168.0.51 443where 192.168.0.50 is my home PC and 192.168.0.51 is the WAN interface.
Secondly, I have created another VM which connects to OPT1 on the 172.16.0.0 network, this VM can ping (when disabled) both the OPT1 and WAN interface IPs but not the gateway I have set up in my WAN configuration so it cannot access the 192.168.0.0 network (and so cant access the internet). I have gateway set to none on the OPT1 interface as per the docs.
Am I missing something? I'd like to stick with pfsense as I love the functionality of it but i'm unable to get this fundamental setup completed. I have also installed the Open VM Tools package in the hope that it would solve my problem, and it hasn't.
Any suggestions would be greatly appreciated, last time this happened I gave up (admittedly too early) and installed I think opnsense which worked straight away with a similar setup.
Thanks!
-
Post a screenshot of your WAN rule. It's usually a simple thing to allow this, although its always recommended to VPN in instead. That doesn't matter for your test config.
Have you seen this?
https://doc.pfsense.org/index.php/Remote_firewall_Administration
-
I went back and looked at the WAN rule before I was going to screenshot it and I saw my mistake, under destination I had manually put in the WAN IP address. I changed it to "WAN address" and its working now, so thanks for that.
I'm still having issues with getting the VM connected. I've pretty much left everything default with regard to this, I'm not sure if I need some NATing rule?
I had a look through the doc you send me, I appreciate that in a normal setup using a VPN would be better but this is purely to separate my VM network from my home network so i'm not fussed about the security hole of having the webui accessible from my home network, i'll never be accessing it from public address space.
Thanks