Having trouble accessing server's services on my LAN.
-
Hello everyone, I'm new here and recently put pfSense on my home network, but having some troubles.
Here are the things I did to establish my network. I've turned my ISP provided router into bridged mode and the wan passes to my pfsense router just fine. I've also pushed my LAN port to a switch that also goes to my desktop as well as my home server that runs plex/sonarr/radarr and various other services.
My opt1 port on my router has been bridged to my LAN and connectes to a unifi AP for wireless in my house.
here are the troubles I'm having
-
My desktop can ssh into my server just fine as well as access it's plex port on 32400... However every other services is completely unreachable.
-
None of my wiif services can connect to my server via SSH or any other port. I've tried pinging the IP and still nothing. Even though my wireless devices are on the same subnet.
-
My plex is periodically available to the outside net but then randomly won't have any video playback saying it can't access the home server.
Now, I haven't made any other changes to the home server as well.. I'm hoping someone has some insight into what I'm experiencing. Thank you in advance.
-
-
@garric said in Having trouble accessing server's services on my LAN.:
My opt1 port on my router has been bridged to my LAN and connectes to a unifi AP for wireless in my house.
Router = pfSense ?
You connected OPT1 and LAN interface together ? You've created big troubles indeed. -
Mmm, how have you configured the bridge? What firewall rules do you have and where?
Do you see any traffic blocked in the firewall logs?
Traffic between the desktop and server just goes directly through the switch. pfSense never sees it so cannot block it. So if that's failing it's probably the desktop trying to access it in some unexpected way like using a URL that resolves to the pfSense WAN IP.
Steve
-
Thank you for your responses. I will try to address you both.
@Gertjan To clarify, I have my ISP provided modem/router (combo) in bridge mode that connects to my Pfsense router that has a 2port NIC.
ISP router -> to pfsense gives the wan. The lan port goes to a switch and opt1 goes to a unifi AP.
When I said bridged interfaces I mean the screenshot below
Here is my firewall rule and Firewall logs. It looks like something is blocking but I'm not quite sure how to interpret these.
As for the server. It's very odd. I can access it via ssh with zero issues from my desktop under the same switch but can't access anything else under a different port.
-
@garric hey there,
just how do you try to reach your devices...meaning: do you enter your IP or do you try by entering a hostname or a domainname (i.e https://plexserver or https://garrics.plexserver.whatever)?Could it be possible you try reaching your devices under your ddns...then indeed your traffic might go out of your home...just to try getting in again to your server/devices...depending on other settings. In that case traffic does go thru pfsense (or rather not). Otherwise (since everything seems to be on the same LAN), as stated before, should not even be routed by pfsense...
Then: what rule is that for a WAN interface? And how are your rules for lan / opt1 interface(s)?
Since your log shows blocked traffic on ever interface you activated...might be interesting as well..But first: how exactly do you try to reach your devices? :)
edit again (sorry): in case you do not really use ipv6...you can deactivate it under your interface settings... ;)
yet another one: you write 2 Port NIC...but have WAN, LAN, OPT1? -
@garric said in Having trouble accessing server's services on my LAN.:
I can access it via ssh with zero issues from my desktop under the same switch but can't access anything else under a different port.
How exactly are you testing it?
Those logs all show traffic blocked by the default rule. What rules do you have on LAN and OPT?
Steve
-
@stephenw10 Just testing by accessing the radarr/sonarr web portals in the browser and nothing is loading.
I don't have any rules established for LAN or OPT1. Should I?
-
@the-other Hi there, Thank you for attempting to help me with this..
I can access plex via direct ip 192.168.55.19:32400 however I can't access access radarr in the web portal when trying 192.168.55.19:7878 I've also not made any changes to the servers firewall rules as those ports are open.
If you see my reply below it shows the rules for the other interfaces.
Yes, 2port nic + 1 port on the motherboard that I use for the wan.
I willt try to disable ipv6
-
That's the same screenshot.
The LAN interface has default pass rules but OPT will not unless you added rules.@garric said in Having trouble accessing server's services on my LAN.:
Just testing by accessing the radarr/sonarr web portals in the browser and nothing is loading.
But what are you actually entering? The server IP directly?
What error does the browser show?
Steve
-
@stephenw10 So sorry. Tbh i've been hit with covid and I'm trying to trouble shoot this while I'm out sick and the brain is a little foggy so my apologies!
Here is the screenshot of opt1
As for the browser it's just stuck loading like attached.
-
@garric I see in your original post that you have 3 networks - WAN, LAN, and OPT1. You also state that you have "bridged" your OPT1 and LAN ports so you can put your wireless access point on your LAN network.
You typically don't do that on a pfsense box, even though you are entirely able to do it. You should simplify and NOT bridge interfaces together. You can easily run your access point off of your switch, this would then automatically put it on your LAN network. I would recommend doing that first, then figure out how pfsense works - all of the ins and outs, then you can add additional OPTx networks and play with those. Figure out the basics first!
Your trouble might be coming from you running IPv6 stuff and maybe the separate OPT1 port.
-
Thank you for reply. I will give that a try. the switch actually goes into another room which makes the AP's range a bit worse which is why I did what I did. I will definitely give it a go to see if I can fix it that way.
when you say I am running ipv6 stuff, how can I turn that off? I don't want to run ipv6 at all.
-
@garric said in Having trouble accessing server's services on my LAN.:
when you say I am running ipv6 stuff, how can I turn that off? I don't want to run ipv6 at all.
It's located under System -> Advanced -> Networking
There's a check box to turn off all IPv6 stuff, first line of settings. If you've already got firewall rules setup using IPv6, you should modify them so it's not confusing on what is really running on those rules.
-
Your firewall logs show a bunch of default IPv6 blocks on the bridge but it's probably just local link discovery stuff. Unlikely to cause a problem.
Typically in the bridge for wifi to wired like that you would assign the bridge interface itself and move the filtering to the bridge and not it's members. That way you only need one set of firewall rules.
See: https://docs.netgate.com/pfsense/en/latest/bridges/interfaces.html#bridging-and-interfacesHowever if you have filtering on the member interfaces, as you do now, it allows you to filter between wireless and wired devices whilst still having them in the same subnet. That can be useful in many situations.
Your pass all rule on OPT1 should be fine.
Opening that connection to the server by IP address directly like that should always work if the server is actually listening.
Steve
Steve
-
Hi Stephen,
So i've moved the router underneath the switch and kept this configuration about as barebones as possible.
I am still however having issues connecting to server services. I did a quick google search and found on reddit someone with a similar issue and their subnet mask. Could this be something related?
https://old.reddit.com/r/PFSENSE/comments/i6r7dr/unable_to_access_my_internal_server_on_lan/
-
@garric said in Having trouble accessing server's services on my LAN.:
I did a quick google search and found on reddit someone with a similar issue and their subnet mask. Could this be something related?
I didn't see it anywhere up above, but what are your subnet masks set to on your network? You should start with the default /24 size, then tweak according to your needs. By the way, there are very few "needs" to actually change the subnet size from a /24 to something else...
-
@garric said in Having trouble accessing server's services on my LAN.:
I did a quick google search and found on reddit someone with a similar issue and their subnet mask. Could this be something related?
If you have mismatched subnet masks between devices in the same subnet then yes that could certainly cause issues. However that seems unlikely here because some services at the same IP are responding.
Steve
