I work in a school computer lab and I installed pfsense to block the internet but allow the use of a program that accesses the network. Someone did a Fedora install about 6 years ago but a lightning storm in the area (and the absence of surge protection?!?) took care of that recently. I did the standard install, assigned the WAN and LAN on the routing computer itself and then got on the GUI via the LAN and set it up via the wizard.
I follow the setup, DHCP on the WAN, follow the rest of the recommendations with the exception that I don't block anything from the WAN (it's part of the school network, physically, so I don't really need protection from the rest of the school network and only risk disabling access to the computer with this turned on). The school's network is a 10.13.XXX.XXX address and the router has one of 192.168.1.1. I can go and set rules allowing and disallowing access to the internet, but no matter what I do, no one, myself included, can access their network drives.
I suspect that this is because the WAN on which the drives exist deny access because they see the request as coming from a location that is not part of their network. I am positive that this is a five minute fix, but I'm fairly new to networking (you don't say!) and I've blown hours on this so far. I got tech support to come in and the woman didn't really know what was going on or how to set it up. If I had to guess, my next step would be to set up the LAN so it's a subaddress of the DHCP assigned address, but not the same address, as when I do that BSD lets me know I'm wrong. Other than that, I was thinking maybe an NAT would do the trick, but I have no idea what my parameters would be. Any recommendations or assistance would be hugely appreciated.
puzzled here. if you did a default pfsense install, then anything going to the school network should be NAT'ed to their network and should work. reading between the lines, it sounds like you disabled NAT or something (not sure what else would 'disable protection of the internal LAN.) if this is the case, likely the issue is that their hosts don't know how to reach your 192.168.1.0/24 subnet. you either need to have them route that subnet to you (in which case you want a static WAN IP), or just use DHCP&NAT. am i missing something here? is there a specific reason random hosts on the school network need to be able to connect to your private LAN?