Wrong configuration, but it works partially
-
Hi everyone,
I am having a little problem with my configuration and dont know how i could mak it work without having more problems.
I set up a virtual network in Hyper-V. My Hyper-V machine has ip 10.3.17.27.
The thing is, when I installed pfsense I made a wrong installation and allowed dhcp ip for my wan (who is normally 10.3.17.27) so i am having an IP where i configured piratically everything and it works. And sometime it doesn't.
When I say it works, I mean, I have a website on my dmz and installed it from the ip 10.3.17.4:80 and all my redirections are to this ip. But sometimes the IP 10.3.17.4 doesn't respond anymore and cant do anything anymore.
I tried to change it to my initial ip 10.3.17.27, but nothings worked correctly.
Here is a picture of my network :
Is thought maye to add a nic with this ip and make a redirect of everything but seems not working and revert to initial setup.
Does someone have any idea how I could fix this ?
Thank you :) -
You can't use the same IP the hypervisor is using but you should use a fixed IP if you're port forwarding from that to the server.
Where is that dhcp lease coming from? Hyper-V?Either make that a static dhcp mapping so pfSense always gets the same IP on it's WAN from the server or set the WAN interface IP statically in pfSense.
Steve
-
@stephenw10 Thank you for your answer.
I actually tried to get that fixed IP, but i can't get that IP. this is an IP from above my hyper-V so if someone is using it in the network I wouldn't get any result. I either can't fix a static dhcp mapping because I only received the IP 10.3.17.27 to work on it.
-
So where is it pulling 10.3.17.4 from?
Some upstream dhcp server you don't control?
Can you connect to it by hostname if you resolve against the upstream gateway?
It sounds like you need to discuss this with whoever admins the network you're on.
Steve
-
@stephenw10 Yup indeed, its an upstream dhcp server that I don't control.
What seems weird is that sometimes it works and sometimes not.
So maybe i made a wrong configuration, but we agree that this is a correct setup ?
If i can not use the same IP of my Hyper-V and my IPv4 needs to be in the same range as my Wan IP this one should be good.
I'm trying to understand where i messed up or where "it" messed up :/
-
No, you have to use DHCP if that's how the subnet is configured.
If you set it static like that it will break when something else is assigned that IP by the DHCP server.
Steve
-
Im confused as to your listing for your inside interface? Looks like you have its gateway set to your wan IP?? 10.3.17.4??? Where are these 172.20.x.x dns servers?
The lan interface shouldn't have a gatway set at all..
-
@johnpoz Yes indeed sorry I made a mistake.
I am not 100% confortable with network diagrams sometimes I make mistakes.
So the IP 192.168.0.50 is the ip of my web interface and LAN.
The DNS are outside of my network / control. They are managed by my school.
And the Gateway I got on my Hyper-V is 10.3.17.1.
I dont know if this answers to your question ?
-
But your not showing on your diagram where this 172.20 network is - from your diagram there would be no way to get to those NS.
Is pfsense using those - how does it get to them? Or is pfsense just resolving, which is default?
-
Your HyperV server is using a static IP. Was that given to you to use by the network admin? Because if not that will break too if some other device uses it via DHCP.
Steve
-
Sorry for the late reply. I talked with an ICT guy in my native language. and he explained to me that it could not work properly.
I received my Hyper-V IP from the network admin and I should work only on that IP. I didn't notice that i could not use other IP's in this range.
Actually it was working so I didn't realize my config was wrong.The DNS 172.20 is not under my control and don' event know where it is
. I just received a machine with Hyper-V installed on it and 1 NIC (see below) 
With that I had to build on a virtual network. And as I said, I only received IP 10.3.17.27. Buy when I installed Pfsense received IP 10.3.17.4 in my configuration. It was working so I didn't notice that IP was not attributed to me.
I don't know if there is any solution to use IP 10.3.17.4 and redirect all the trafic to 10.3.17.27 like using 10.3.17.27 as gateway or something like that ?
-
If you can't get an additional IP to use you have few choices:
NAT that traffic in Hyper-V so the pfSense WAN is using some other subnet.
Assign the interface directly to the pfSense WAN so it uses 10.3.17.27 dircetly and Hyper-V does not have an IP in that subnet (or uses dhcp)
Leave the pfSense WAN as DHCP and find some other way of addressing it so you can access it on that. You never said if the upstream DNS servers can resolve local hostnames.
Steve
-
@stephenw10 I can't get an additional IP. I am trying to find out how to NAT my trafic in Hyper-V with the WAN interface but i'm not sure about how it works so i'm still reading som tutorials and forums. But I think this is what i am going to do.
I cannot assing the interface to my pfsense. I think there is a MAC filter who not allows me to send the trafic. I tried once, and lost my connectivity with the machine. the IT admins had to put my initial configuration back.
Should it work if I add a new vNIC with a fix ip and route all the network from the new vNIC to my WAN and using my vNIC as pfsense "WAN"
Its a bit tricky I know and i'm sorry for that.
Thank you for your answers
-
Yeah hyper-V can for sure nat.. So pfsense wan would be behind that nat as well as any other nats upstream.
If your saying there is a mac address filter, you could always have pfsense wan use that mac.. And don't put an address on that hyper-v interface.
-
This should probably work, but i'm afraid do to this. And losing my connectivity with the servers. All of this is visualized, so i will choose for Hyper-V NAT, but I am not sure about how it works I am still searching how to do it correctly.
I have a Little more question. should I use the mac spoof method on pfsense when use the nat or is it not needed ?
-
...and devices behind pfSense are behind it's NAT. Are you up to quad NAT at that point?
-
@stephenw10 what do you mean with "to quad NAT" ?
-
You have 4 devices all NATing the traffic between the inner clients and the public internet.
-
Which is just insane ;)
-
Yo dawg.....
