Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Setup issues 6p Protectli Firewall

    General pfSense Questions
    2
    13
    251
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bill1 last edited by

      I am working through a new install with a VPN. Needs tweaking for the Roku I am writing about in a different thread. During this process, I decided to move the firewall down a level so the data flow goes CABLE MODEM=SWITCH1=6P FIREWALL=SWITCH2. This is instead of the firewall next to the switch. For the first night, life was good. I was able to get to the firewall setup page, and get regular network traffic. By morning, I had no internet access at my PC in switch2. I tried rebooting, restarting services, more rebooting. So I recalled the firewall back to the lab, and re-set it up on the laptop only in the LAN port. And nothing. wont ping. The laptop has a different class B address and the firewall is 192.168.1.1. Fine I fixed that but why didnt it change back when I connected tot he firewall?

      I suspect that all the IP's in the network were re-assigned by switch 1 to a Class B address overnight. This caused me to not have access to the switch, and my printers to disconnect because they didnt get their assigned addresses from the firewall, but instead from Switch 1. Another interesting thing at this time, under status/gateways, the wan/dhcp gateway's status showed as good, but it didnt work, and the VPN gateway's status as bad, but it worked

      How do I fix this ? One think that I did do was to try un checking the box Services/dhcp server/lan "enable dhcp server on lan interface. I dont know if this worked or messed it up more.

      Thanks

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        @bill1 said in Setup issues 6p Protectli Firewall:

        I suspect that all the IP's in the network were re-assigned by switch 1 to a Class B address overnight.

        Switches do not do that. Unless your 'switch' is actually a router and still has DHCP enabled.

        What IP/subnet was on the clients when they failed to connect?

        Steve

        1 Reply Last reply Reply Quote 0
        • B
          bill1 last edited by

          The router plugged into the cable modem changed the IP's of my network. How do I keep the DHCP for the devices behind the firewall from being over written by the router ahead ?

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            So your connection there is actually?:

            Cable Modem --- ISP Router --- switch1 --- (WAN)pfSense(LAN) --- switch2 --- clients

            If that is the case clients on switch2 could never pull a lease from the ISP router. If they are there must be another link directly between switch2 and switch1 or the router. Something over wifi perhaps?

            Steve

            1 Reply Last reply Reply Quote 0
            • B
              bill1 last edited by

              Here is what I have, but its not working yet because of issues with Roku and the VPN.

              bcb51f52-7411-4a42-9cad-3eb6e46ad026-image.png
              The NG17 shown was previously the DHCP router for the network. In this config, I probably have to turn it off, possibly change other settings.
              In a mean time, I tried putting the NG17 back into the cable modem, and the firewall into the NG17. Then there was a DHCP fight and the NG17 took over.
              Aside from disabling the DHCP in the NG17, is there anything else I should change?

              1 Reply Last reply Reply Quote 0
              • stephenw10
                stephenw10 Netgate Administrator last edited by

                That's the only thing that is actually required:
                https://docs.netgate.com/pfsense/en/latest/wireless/use-an-existing-wireless-router-with-pfsense.html

                If it has an actual 'access point mode' though you should use that.

                It looks like you have the same subnet on three interfaces in pfSense, I assume those are bridged?

                You have 2 devices labeled 192.168.1.1 which would obviously conflict.

                Steve

                1 Reply Last reply Reply Quote 0
                • B
                  bill1 last edited by

                  Thanks,
                  I am making progress. As of now, everything works except for the wifi router. I think the AP mode is the key. I checked that box but there may be more that I have to do because it still isnt working.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10
                    stephenw10 Netgate Administrator last edited by

                    The kinda depends on exactly what that does on your router. On some it adds the WAN port top the other switch ports. On other it just disables the WAN and you need to connect to the one of the LAN ports. Connecting to a LAN port is the safe option there as long as the dhcp server is disabled.

                    Steve

                    B 1 Reply Last reply Reply Quote 0
                    • B
                      bill1 @stephenw10 last edited by

                      The key, at least for yesterday was finding the "AP Mode" setting for the switch. The hard part was getting in there to do it. (into the Netgear router setup) I also left it as DHCP assigned. ************ Speaking of that, after my 12 hour marathon debugging session yesterday, by last night everything was working, the VPN, the VPN bypass for Roku, and the wifi router in AP mode. I power cycled most everything and it seemed good. But this morning after I get to work I get a call from my wife (working from home), she says NO INTERNET, but the Roku works. I have her power cycle the firewall and cable modem, but nothing. I tell her to use her hotspot. This is not ideal, I am still in trouble for racking up a big excess data usage charge. She winds up calling her company IT guy and it turns out that the firewall isn't giving her laptop a DHCP IP addr. I don't even know where to start to find the problem. Any ideas? Thanks.

                      B 1 Reply Last reply Reply Quote 0
                      • B
                        bill1 @bill1 last edited by

                        Later: I get home and my PC connects, no problems except for power cycling the wifi AP. Wife's computer reboots and picks up a DHCP lease, so problem solved? Then this morning before work. I power up my PC and it wont connect. Not getting a dhcp lease. I power cycle the firewall only, then my PC. Still no dhcp lease. I use my laptop to get into the LAN port and restart the DHCP server. Bam, my PC connects. I will have to look into DHCP issues. Any ideas?

                        1 Reply Last reply Reply Quote 0
                        • stephenw10
                          stephenw10 Netgate Administrator last edited by

                          Check the dhcp and system logs. Was the dhcp server actually running?

                          1 Reply Last reply Reply Quote 0
                          • B
                            bill1 last edited by

                            OK, I will check. It happened again. I set up the time zone so I can make sense of it, and added GATEWAYS and SERVICES status windows to my dashboard. Can it have anythng to do with DHCP lease times? I am on the default. services.JPG
                            I cant figure out why the openvpn service is up, but the gateway shows its offline. By the way, the VPN is working as far as I know. I checked my IP online, and the firewall shows data flow.

                            1 Reply Last reply Reply Quote 0
                            • stephenw10
                              stephenw10 Netgate Administrator last edited by

                              The OpenVPN gateway IP may not respond to ping. Try setting some other external IP to monitor across it.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post

                              Products

                              • Platform Overview
                              • TNSR
                              • pfSense Plus
                              • Appliances

                              Services

                              • Training
                              • Professional Services

                              Support

                              • Subscription Plans
                              • Contact Support
                              • Product Lifecycle
                              • Documentation

                              News

                              • Media Coverage
                              • Press
                              • Events

                              Resources

                              • Blog
                              • FAQ
                              • Find a Partner
                              • Resource Library
                              • Security Information

                              Company

                              • About Us
                              • Careers
                              • Partners
                              • Contact Us
                              • Legal
                              Our Mission

                              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                              Subscribe to our Newsletter

                              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                              © 2021 Rubicon Communications, LLC | Privacy Policy