Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internet Access for clients on a subnet connected to the Opt 1 (igb2) Internal LAN port

    Scheduled Pinned Locked Moved
    NAT
    shell outbound nat webgui opt1 interface
    2
    4
    282
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asodipo
      last edited by

      I enabled OPT 1 (igb2) as an RFC 1918 internal port interface and configured it to act as a DHCP server.

      However, the clients on the internal lan connected to OPT 1 (igb2) are unable to access the internet.

      I would appreciate the receipt of information on how to configure outbound NAT on the WAN port to enable internet access for clients on the OPT1 (igb2) subnet. (My understanding is that the default setting for outbound NAT on the WAN port, in this case igb0 is automatic and this should enable outbound nat for clients on a subnet connected to igb2, clients on a separate RFC 1918 subnet connected to igb1 are able to connect to the internet).

      I only have shell access to the pfsense firewall because my attempts to connect by webgui fail due to an SSL error.

      "The connection for this site is not secure

      192.168.1.1 (the address on the LAN port, igb1) sent an invalid response.

      ERR_SSL_PROTOCOL_ERROR", I do not get an option to accept the risk and bypass the message.

      Please kindly provide information on how to configure or verify outbound NAT is active on the WAN port (igb0) for clients connected to OPT 1 (igb2) using the shell.

      I would also appreciate information on any firewall rules/configuration required to grant outbound internet access to clients on a subnet connected to OPT1 (igb2) using the shell.

      PS: Help troubleshooting the issue with the Webgui would also be appreciated so I can get the login page, and in the alternative, configure the firewall using the Wegui.

      Thanks in advance for your kind assistance.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @asodipo
        last edited by

        @asodipo
        Possibly the web GUI doesn't provide an SSL certificate, but your browser is configured to only make HTTPS connections.

        Also maybe the certificate has expired.
        Gives your browser an option to display it?

        If that's, there is a possibility to renew it from the shell.

        Also wrong a system time could cause this error. Verify the time on your computer and on pfSense (in the shell just enter 'date').

        However, if you access pfSense from within a secure LAN you can simply disable HTTPS (if your browser accepts this) by going though the LAN interface assignment in the console (menu 2).
        After stating the network settings, pfSense asks you it you want to use HTTP or HTTPS to access the web configurator.

        Regarding your internet access problem on the new interface, you have to manually add a firewall rule to it to allow access to the internet (any).

        1 Reply Last reply Reply Quote 0
        • A
          asodipo
          last edited by

          Thanks virgomann, I appreciate it and will try it later.

          Please could you kindly refer me to a resource that has documentation for the shell.

          I would like to try applying the firewall rule to provide internet access for the opt 1 interface via the shell.

          I would also like to use the shell to verify if the outbound nat on the wan interface (igb0) is set to automatic so that it covers igb2.

          Best Regards,
          asodipo.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @asodipo
            last edited by

            @asodipo
            Console Menu Basics
            Using the PHP Shell

            1 Reply Last reply Reply Quote 0
            • First post
              Last post