pfSense n00b (Smoothwall user)

  • Hello there

    I've decided to look at pfSense as an alternative to Smoothwall.

    Got it installed as a VM on Hyper-V. The installation itself was straightforward, and I'm able to access the web frontend via HTTPS from the internal LAN.

    The external LAN is where my problem lies.

    At the moment I have a Huawei B315 router for LTE access as we do not have any ADSL access at our premises.

    Smoothwall do work, I have internet access everything.

    But pfSense, for some reason, refuses to see the Huawei router.

    The internal LAN runs on whilst the section between the WAN port and the LTE router runs on

    I'm at a loss where to proceed now, or what to do.

    If anybody can point me into the right direction, I'll be grateful.

    FWIW I want to filter the Internet and block certain websites so that I know my kids won't wander by accident onto such sites.



  • Hi,

    @The_Librarian said in pfSense n00b (Smoothwall user):

    Smoothwall do work, I have internet access everything.

    This "Smoothwall" runs also on a Hyper-V VM ? If so, setup the VM the same way. Although, you won't be able to run them both at the same time.
    If not, well, your issue is a VM issue - not a general pfSEnse question, more a Virtualization question.

    @The_Librarian said in pfSense n00b (Smoothwall user):

    The external LAN is where my problem lies.

    I'm not a VM expert, running myself pfSense on a Hyper-V myself just @home. Works great btw.
    The 'external ' LAN is called WAN from a pfSense point of view. This interface should be 'bound'to a NIC that the host OS (Windwos 10 Pro ?) isn't using. I'll post a screenshot this evening of my settings.

    Your router is a device with a RJ45 port ? Then it should communicate with pfSense.

    What are your WAN settings ? It should be 'DHCP' and that's it. The defautl values will do fine.

    Check the logs : DHCP client request are send out over the WAN ? Your Huawei replies ? You now the IP of the Huawei ? You can ping it ?

  • @Gertjan That's the funny thing.

    The Huawei do have an RJ45 port (4 of them).

    I can get a DHCP IP, but I cannot ping the Huawei.

    However, the Smoothwall also do get a DHCP IP and can ping the Huawei AND the pfSense firewall. (they're not using the same IP).

    So it must be something on the pfSense that freaks out when it sees the Huawei, although it do get a DHCP IP from it. I cannot understand this. (probably Trump messing around).



    PS : I've successfully run a lot of virtual things, smoothwall included, and never had any issues, until I've decided to give pfSense a whirl...

  • @The_Librarian said in pfSense n00b (Smoothwall user):

    .. that freaks out when it sees the Huawei

    As far as I know, Netgate is not business related to Google ;)

    Your router hs a DHCP server, so it hands out IP's. But always check if the rest also came over.
    A DHCP client quests asks for an IP, everybody knows that, but also a DNS (important) and a gateway (very important ! check tjat you got one in pfSense).

    Your router refuses to reply on ICMP so check your router.
    You declared a DMZ on your router ?

  • Netgate Administrator

    @The_Librarian said in pfSense n00b (Smoothwall user):

    Huawei B315

    That should be fine.

    If you did not add a firewall rule to allow it I would not expect the Smoothwall in the 192.168.8.X subnet to be able to ping pfSense in that same subnet. Pings to the WAN are blocked by default.

    Check that it is really the Huawei device handing pfSense a DHCP lease if you can and not some other rogue DHCP server.

    Check the pfSense ARP table (in Diagnostics) make sure the MAC address it has for the Huawei gateway IP is correct.

    It sounds like something may not be connected as you intended.


  • Ah ... I thought he was pinging from pfSense console or some pfSense LAN device to the Huwai router.
    That should pass out of the box.
    I can ping my (ISP) upstream router just fine - a RFC 1918 device : (WAN IP pfSense

    Pinging from "smoothwall", a LAN device for the Huwai router to the WAN pfSense interface - another LAN device for the Huwai is, ofcourse, by default, not possible.
    Default, the "smoothwall" wouldn't reply to a ping neither (I'm pretty sure here).

  • So you should be getting a 192.168.8.x address for the Wan interface of your PFSense box/VM?

    If so. It might be a setting. Under interfaces/wan - is the block private networks and ....... Selected? Try deselecting it

  • @Mats said in pfSense n00b (Smoothwall user):

    is the block private networks and ....... Selected? Try deselecting it

    I thought the same thing, because my upstream router uses RFC 1918 - but, no, setting that option, or not, doesn't change anything related to the 'Internet' access.
    Mine is set now (my WAN IP is - gateway and that didn't change anything.

  • Netgate Administrator

    Indeed that blocks inbound traffic from private IPs, which would not normally be coming into a WAN.

    Except in situations like this. With that checked pings to the WAN IP from Smoothwall would still be blocked even with an allow pings rule on WAN.


  • Hi Guys

    I have a suspicion that the B315 router is not playing well.

    To test this, I will replace it with a Mikrotik + 3G dongle. If it indeed is the B315 then pfSense will connect etc.

    Will keep you updated on this, as I've struggled yesterday evening without any success.

    So it either is the LTE router or the LAN NIC. One of these two is playing silly buggers with me. Bah.



  • @Mats Have tried that as well, no joy. See my post above as I think the issue may be with the B315.

  • Netgate Administrator

    Are we correct in thinking both pfSense and Smoothwall have a WAN IP in the subnet in your test setup?


  • Hi Guys

    It was the RED NIC playing silly buggers. Weird.

    I have since then replaced the whole PC with another one, and things are looking quite well.

    Will take a shufty at SSL filtering since that is what I need to do with the pfSense installation.



Log in to reply