How to use OPT4 to access the pfSense firewall as an extra entry point
Basic installation on my Netgate pfSense firewall. No VLANs or so, one WAN cable (external IP number, several NAT rules to mailserver on the LAN), one LAN cable (ip number 172.17.17.250/24).
Works all OK. Now I want to mess with it, changing into VLANs and stuff. And I'm not an expert (yet :D), and have excluded myself now several times, with a factory reset needed to undo my mess. Oops. Instead, I now want to create an alternatively entry point into the firewall that is not to be affected by my messing with the WAN and LAN settings.
Idea: I renamed OPT4 to MLAN (Management LAN), gave it IP number 172.17.18.250 (not in the normal LAN range), set up a firewall rule allowing everything TCP/UDP, and another rule allowing ICMP. (I think). Using the laptop, I turn off wifi, put an ethernet cable in the OPT4 port and the laptop, assign laptop 172.17.18.16/24 address, add default routing and try to access the firewall: cannot ping, cannot access the http://172.17.18.250.
What am I missing? Please help?
Regards, Wim van Dorst
That should work as described. Maybe a typo somewhere?
Check the firewall logs in Status > System Logs > Firewall tab. Is anything blocked?
Can you ping the laptop from pfSense in Diag > Ping?
Does the Laptop appear in Diag > ARP Table?
Is the interface actually up at the correct speed with the laptop connected? Check Status > Interfaces.
If you get locked out again you can always roll back the last config change from the console rather than reset entirely.
@stephenw10 Thanks for the confirmation that I don't miss out something significant. And good tips. I'm gonna do them all.
The kind confirmation by Stephen that I was on the right way did really help. Instead of searching for yet more things to add, setup, etc, I went searching for problems in this existing setup.
Network speed seemed a potential problem, as I am using an USB-to-Ethernet dongle that can only do 100 Mb/s. That wasn't it. With ethernet up on both sides, indicated by the blinkenlichten, it was routing. And conscientiously checking each and every setting revealed the erroneous setting: netmask /32 instead of /24 on the firewall side. Correcting that made everything work.
Thanks to Stephen!
Regards, Wim van Dorst
Gertjan last edited by
Flashing led ?! ;)
I"m Dutch, and have been around many years in IT world. So it is allowed for me to use the original German term for this :D.
Grimson last edited by
So it is allowed for me to use the original German term for this :D.
The original German term is "Blinklichter". ;-)
@grimson I don't want to do anything off regarding your Germany knowledge, as indeed the real German word is die Lichter. Du hast voellich recht.
But read this this internet folklore: