No action on LAN
-
@akuma1x
It's possible that the Modem is balking at the use of a second port. Although I connected my laptop and set IP & gateway addresses and it worked concurrently with the house network.I HAVE A STATIC IP... no DHCP on the WAN is possible.
Will take your advice, and reconfigure the system once again. I can use the LAN off of the house network for WAN address, and can assign yet another 192.168.1.1 for the LAN.
I use 1.1.1.1 & 1.0.0.1 for DNS... it's faster than Google.
I'll clear all of the rules, but would still like to know how to set specific port rules... Port setting on Source or Destination... or both...
It's supposed to Rain Thursday... good day to spend futzing around with the firewall.
Many thanks to all who have come forward with comments and suggestions. I'm not totally stupid, only untrained. Been a Telecom Engineer for half of my career. But whoever said I was not too good with Firewalls hit the nail on the head. No experience except the Cisco RV-130
Will play as time permits.
-
@dhenzler said in No action on LAN:
Will take your advice, and reconfigure the system once again. I can use the LAN off of the house network for WAN address, and can assign yet another 192.168.1.1 for the LAN.
Be careful with that... you can not have 2 different interfaces using the same IP address space. You say "yet another" and it sounds like you've already got an interface using that 192.168.1.X network. For this exercise, set your LAN network to something like 192.168.8.X or 192.168.9.X, that way, you won't conflict with your WAN port, if it's getting a 192.168.X.X address from your ISP modem/router.
By the way, let's get that question out of the way... what is your ISP modem/router, make and model?
-
@akuma1x
I may be slow, but not stupid !
The LAN address is the same, but totally isolated from the house LAN. Just a CAT5 from pfSense to a computer.I considered that the modem may balk at another device using the same WAN address. However it was tested by connecting my laptop and using the SAME WAN address and Gateway.... worked fine. House network still alive, laptop alive...
Maybe that is insufficient ?
I'll get the modem make & model in a bit...
-
-
@akuma1x
WAN address is 24.172.?.? subnet mask 30 (255.255.255.252)
LAN address is 192.168.?.? subnet mask 24
pfSense is NOT connected to my home network at all.Home network uses the same address ranges. But may as well be on the moon.
I only have one computer connected to the pfSense LAN. It's set for DHCP and connects to the gui configurator.
The modem is in Bridging Mode as the ISP says this is the ONLY way they provide a STATIC IP.
So the connection to the modem is always STATIC. Never DHCP.
-
This post is deleted! -
This post is deleted! -
@akuma1x
Reboot ISP Modem is something I overlooked, but agree it's likely the problem.Well pfSense works well with the default settings and the new IP's assigned. Next will be a late night test... removing the Cisco, Putting pfSense in and rebooting the ISP Modem. See if we have JOY!
If so I imagine I can set up the required Port Forwarding and be on the air..
Thanks again EVERYONE... for the great encouragement and assistance.This was my first time doing Firewall... it's definitely tricky stuff.
-
I successfully migrated my pfSense over to the Cable Modem and my regular LAN IP. However I did have to reboot twice to get operational. I will reconfigure my rack and put it in use in a few days.
The Ubee modem DID need to be rebooted. I have NOT tried hooking up to an unused port now that it's working. Read the manual and apparently even in bridging mode, the extra ports can be active, however they are assigned a different IP, thus unlikely they would get to the Internet.
It's been REAL guys, and I believe much work is ahead of my tweaking the settings to minimize the complaints seen in the log.
-
@dhenzler said in No action on LAN:
The Ubee modem DID need to be rebooted. I have NOT tried hooking up to an unused port now that it's working.
If a single LAN port on the ISP modem works, you should not need to use any of the other ones. Only reason would be to test stuff, off of the pfsense network.
-
@akuma1x
I may try it once more, but only to prove that it doesn't work for the firewall. Funny thing it works for the laptop...I'm anxious to get the Port Forwarding set up for my servers. I have a couple surveillance camera systems and put the video out on the Internet for my remote viewing pleasure. I also built some Reverse Proxy servers to provide SSL access to Emby and other server stuff that I don't want to have man in the middle attacks on. Plus my web servers.
Everything is Virtualized so even if I get hacked I can be back alive in a matter of minutes. One hacker got in a few years ago, and I replaced the virtual machine, and he never came back. Didn't even change the password. I think they realized it was fruitless to try again.The pfSense system should provide a much safer environment. I'll be asking questions here and there when the issues arise.
Thanks again
Dave -
@dhenzler Rebooting between all tests?