With CP enable the following stop working



  • Hi
    now with the cp working i am not able to get qbittorrent or any torrent client to work nor whatsapp voice to work, ive got the nat and firewall disable and when i disable the cp all the above work fine and this is true for both the cp by it self or with freeradius enable. winamp and yes i am still using winamp wen nat is enable that will stop streaming.

    can you help
    thanks



  • Did you first open up a browser and authenticate with the CP?



  • Yes I am able to get to the urls in the browser I just enable the firewall and the Nat and try to make a WhatsApp call with the co disable and it worked it is only when the cp is enable that I am not able to make WhatsApp calls



  • Hi,

    WhatsApp, qbittorrent , whatever : these are programs running on devices that are hookup up to a LAN on pfSense, right ?
    If so, the NAT has nothing to do with your issue. NAT is a functionality used for connections, originated from WAN (probably the Internet) to some device hooked up into your LAN - or one of your LAN'S. Like a web server yo have on a LAN, that has to be reached from the Internet.

    When you authenticity against the Captive portal, the "internal firewall" 'ipfw) becomes completely transparent.
    The only rules that matter are the firewall rules you have placed on the Captive Portal Interface, in the pfSense GUI.
    What are these ?



  • Rules (Drag to Change Order)
    States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
    3 /19.55 MiB * * * LAN Address 443
    80 * * Anti-Lockout Rule
    0 /0 B IPv4 TCP * * LAN address 53 (DNS) * none dns
    basic setup rules
    0 /0 B IPv4 TCP * * LAN address 80 (HTTP) * none
    0 /0 B IPv4 ICMP
    any * * LAN address * * none
    0 /0 B IPv4 TCP * * LAN address 25 (SMTP) * none
    0 /0 B IPv4 TCP * * LAN address 21 (FTP) * none ftp
    0 /0 B IPv4 TCP * * LAN address 110 (POP3) * none
    0 /0 B IPv4 TCP * * LAN address 143 (IMAP) * none
    freerdcp
    0 /0 B IPv4 TCP/UDP * * LAN address 1812 (RADIUS) * none
    0 /0 B IPv4 TCP/UDP * * LAN address 1813 (RADIUS accounting) * none
    whatsapp
    0 /0 B IPv4 TCP/UDP LAN net * * 5060 (SIP) * none whatsapp
    0 /0 B IPv4 TCP/UDP * * * 5222 * none whatsapp
    0 /0 B IPv4 TCP LAN net * * 4244 * none whatsapp
    0 /0 B IPv4 TCP/UDP LAN net * * 5242 * none whatsapp
    0 /0 B IPv4 TCP LAN net * * 5228 * none whatsapp
    0 /0 B IPv4 TCP/UDP * * * 5223 * none whatsapp
    0 /0 B IPv4 TCP/UDP LAN net * * 59581 * none Whatsapp
    0 /0 B IPv4 TCP/UDP LAN net * * 59437 * none Whatsapp
    default lan rules
    0 /0 B IPv4 * LAN net * * * * none Default allow LAN to any rule
    0 /0 B IPv6 * LAN net * * * * none Default allow LAN IPv6 to any rule
    0 /0 B IPv4 TCP * * LAN address 1194 (OpenVPN) * none OpenVPN wizard
    0 /0 B IPv4 TCP/UDP * 8000 * 8000 * none winamp
    Add



  • Hi,

    Could you post something more readable like :

    0_1533637313949_83925513-9018-4f4e-89f7-a74fa1c4458e-image.png

    Btw : look at your "Status" colon.
    All these "0 /0 B" mean that the rule did never apply - is used.

    Put in place a (default !) pass all rule, and your troubles will be over in a split second.
    Also : if possible : consider activating the Captive Portal on a dedicated interface like OPTx.



  • @gertjan hi
    thanks for all your help. I am using 172.16.100.1/16 as the lan address and 172.16.10.1/16 as the wan address and these addresses the cp page dose not popup unless i go to the page url how ever if i were to change the wan ip to 173.16.10.1/16 the page will auto popup could this be part of what it is that i am doing wrong? what would be the correct ip to use
    i will try to setup an opt1 interface for the cp

    thanks again for all your help



  • @kramtw said in With CP enable the following stop working:

    I am using 172.16.10.1/16 as the wan address ......
    ... how ever if i were to change the wan ip to 173.16.10.1/16 the page will auto popup

    Normally, you should stick to a default LAN of 192.168.1.1 mask 24
    The WAN IP is normally assigned by a DHCP server up stream, or WAN really becomes a WAN IP, assigned by your ISP.
    Choosing yourself a WAN IP like "173.16.10.1/16" doesn't seem a normal thing to me.
    And if your really need to enter a static IP, it must be a /32 one. I don't understand your /16 WAN IP.

    Again : go for the OPT1 interface for your portal interface.
    Remember : when creating and activating an OPTx interface, no firewall rules will be present, so nothing comes in - nothing goes out (well ... not 100 % true, DHCP 'LAN' traffic will pass through).

    Btw : do not re invent the wheel. Chose OPT1 to be 192.168.2.1 mask 24.

    Pass rule :
    0_1533651125585_5fe69ddc-52e9-45e9-8f98-4cd029718cc6-image.png



  • @gertjan ok the modems lan ip address is 172.16.1.22/16 and that is what i ve been using for the longest the whole lan network is on /16 are you saying that i should change the modems ip to one that is 192.168.1.1 and stop it from doing all the port forwarding that is it doing and let the pfsense take that over? i've got a large net with ip cams, ip switches, along with servers and client pc and macs on the network i also have a very large wifi network client base so the /16 would gave me a lot of ip addresses to play with.
    so let me see if i get what you are saying
    set the modem to 192.168.1.1/32
    set the wan ip of pfs 192.168.1.2/32
    set the lan ip too ??
    set the opt ip to be 172.16.0.0/16 enable the cp and dhcp on that interface and set all the firewall rules to work with it



  • Don't touch the modem LAN Ip. I was taking about the LAN of pfSense 192.168.1.1/24 or 254 devices. If you want, make that a /16 and you'll be having place for 65535 devices
    Btw : if your modem is really (only) a modem then the WAN interface of pfSense would be set to your 'real' Internet IP.

    How is your interface WAN on pfSEnse set up ? Static ? DHCP ? Other ?



  • @gertjan the lan on the pfs is set to 172.16.100.1/16
    the wan is static and set to 172.16.10.1/16
    the modems ip address is set to 172.16.1.22/16



  • This can not work because you have the same subnet on the WAN and the LAN.
    You need to have different subnets.
    Are you sure you need a /16?
    It looks to me as if you'd want a /24.



  • Ok could you gave me an example of what it should look like as you would have seen from my comments above all of the equipment and users I have on the network I would need a large amount of IP address

    Thanks



  • Well the WAN and the LAN just need to be in different subnets.
    Doesn't really matter which.
    e.g. keep the LAN on 172.16/16 and move the WAN and Modem to 172.17/16.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy