Problems setting up



  • I downloaded the RC 1.2.3RC1 if I remember right and installed it on a Dell GX60 SFF computer.  Had no problems installing and it installed the correct drivers for everything. Got into setup and had it running and had the VPN tunnels connected to the netgear hardware at our remote sites and about 20 maybe 30 minutes later my desktop lost internet.  I tried to login to pfsense and it told me I was not authorized. >:( I could ping the pfsense computer and ping all my other servers and workstations on the network but no computer had any internet access. ???  So thinking I screwed something up I hooked a monitor and keyboard back up and told it to reset to factory defaults and went thru setting it back up again ubt this time i didnt set any firewall rules. Internet came back up and was running for about 40 mintues when it did it again. >:(  I switched back to my original netgear router to get internet access back up so that exchange could keep running but Im not sure what is going on.

    My network consists of the main site and 3 remote site all connected thru VPN using Netgear FVS114 routers. Internet at the main site is thru cable modem from Suddenlink Communications with 1 external IP address. There are 3 Microsoft Servers running (Windows 2008 DC, Windows 2003 R2 DC, and Exchange 2003), and an Asterisk/Elastix VoIP pbx server.  The computer I will be using for pfSense is a Dell Optiplex GX60 1.8GHz, 512Mb ram, 20Gb HDD, Onboard 10/100 nic (WAN) and a new Dynex Gigabit PCI nic (LAN).

    Also….. because we run an exchange server all web traffic goes to it, so port 80 and 443 forward to the exchange server for OWA and RPC over HTTPs. Is it possible to setup pfSense so that I can have several webservers running and pfSense pass it off to the right webserver or is that not possible to do?



  • Did you remember to change the default password?  It sounds like somebody else found it with the default login and made changes.

    pfSense by itself can't do what you're after with web servers.  The Squid package may be able to do that (it's known as a reverse proxy) - check the packages sub-forum.



  • I did change the default password when I did the setup wizard. And the first time it told me I was not authorized I thought maybe I typed it wrong so i purposely mistyped it and it came back invalid username or password.. something like that. When i type the password right it was telling me I was not authorized. Thats why I was confused why it was doing that. It would not even let me in thru SSH Shell.  Its like pfSense went into Lockdown for some reason.

    Did I miss something or setting something wrong?  Also when I set it up and put my firewall rules in no traffic was going to the exchange server. It wasnt until I put the ports for NAT to port forward was it passing traffic.  Can I not setup just a firewall rule or do I have to have NAT port forward to exchange?

    I had my firewall rules for any source and any port to forward to my exchange server at 10.25.18.xx on port 80 for http and 443 for https and it would not pass any of that traffic.  When I setup port fowarding in NAT it allowed traffic thru.

    Im used to working with netgear so pfSense is new to me, and Ive been trying to follow the Wiki.



  • Never seen that before.  It may be related to the fact that you're running a beta version, not the best choice for your first delve into anything ;)

    When doing port forwarding it consists of 2 parts, NAT and firewall rules.  Your experience is to be expected and you should set up port forwarding from the Port Forward tab under NAT.



  • Thats what I was thinking.  I was also switch back to the stable version and go from there.

    Also do you know anything about setting squid up? I know that I may have to do another forum topic but figured I would ask.

    What I have is our exchange server has OWA running but our asterisk/elastix server has the ability for users to check their voicemail online but since OWA has the web ports forwarded to it I can not give users outside access to the voicemail server.



  • Take a look at the packages forum (and search it - the question of using Squid as a reverse proxy has come up before) and the documentation for Squid (www.squid-cache.org from memory).  I've never used it that way, I just remember reading that it can do that.


Log in to reply