• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to configure WAN manually in command line mode?

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
18 Posts 4 Posters 25.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    meglio
    last edited by Jul 27, 2010, 11:02 PM

    1. I just installed pfSense on virtual machine over ESXi 4.1 and I want it to act as firewall for all other machines.

    2. Our provider does not have DHCP, it only gives us values for
    IP, Network, Netmask, Gateway, Broadcast

    3. pfSense installation wizard does not allow me to input static WAN configuration
    3.1. … and neither to make web gui publicly available

    My goal is to configure WAN and to enable web gui available when I type my IP in my browser
    from another machine, then I hope to take it from there.

    p.s. Very basic knowledge of *nix. No knowledge to freebsd. Very good PHP knowledge.

    Can anyone instruct me on what to do in order to solve the problem?

    Thanks!
    Anton

    1 Reply Last reply Reply Quote 0
    • T
      tommyboy180
      last edited by Jul 28, 2010, 12:46 AM

      I don't see why you cannot access the webGUI via the LAN IP, configure it, and then put it in production.

      -Tom Schaefer
      SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

      Please support pfBlocker | File Browser | Strikeback

      1 Reply Last reply Reply Quote 0
      • H
        hdokes
        last edited by Jul 28, 2010, 1:03 PM Jul 28, 2010, 11:46 AM

        I believe he is looking to achieve remote access to the webGUI for admin purposes Tommyboy.

        I too have set up 2.0 in a vm on ESXi 4.1 and am having a different issue… (posted http://forum.pfsense.org/index.php/topic,27017.msg140655.html#msg140655) however I have successfully configured outside access to the webGUI for this vm pfsense.

        Assuming you have your 'live' ip assigned properly to the wan nic.... you need to add a rule under the firewall pull down menu similar to the following:

        ID   Proto   Source   Port   Destination   Port   Gateway   Queue   Schedule   Description
                TCP   *          *   WAN address   1445   *           none              HTML remote administration

        The port would equate to what ever port you have currently configured as the management port (default is 80 for http)

        As Tommyboy mentioned... you should be able to get to the webGUI admin page through the lan IP which is configured initially when installing the firmware to perform the above tasks.  Again... the default port is 80 so using something to the effect of http://192.168.0.1 should pop it up when accessing from within the lan.

        It should be noted that installing pfsense as a vm under ESXi adds another degree of difficulty to the equation.  It is not enough to assign the virtual 'nics' related to the pfsense installation but you also have to insure proper correlation to the physical nics on the host machine or you will never have a complete path.  You may be better served by setting pfsense up on an available box (doesn't take much) to provide initial familiarization with the whole process without having the complexities of the host virtual server (ESXi) issues to deal with as well.  When installing pfsense it does prompt you for 'adding' the nics you have on the machine provided the vm has been set up with the proper number before installation of pfsense.  Once installed you then have a menu of which option 2 allows you to plug in your static IP addresses for WAN and LAN.

        If that doesn't get you there please post the configuration of your WAN nic along with your current 'rules' settings under firewall.

        Hope that helps

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Jul 28, 2010, 1:17 PM

          In 2.0 you can assign a static IP on the WAN (or any other interface) from the console menu, if the GUI isn't an option.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • M
            meglio
            last edited by Jul 28, 2010, 3:42 PM

            Hi hdokes and jimp.

            The problem is that I'm not familiar to freebsd at all and I do not know how to configure this WAN.

            Assuming you have your 'live' ip assigned properly to the wan nic

            There is no DHCP server, so I must put all rules in place manually, but I do not know how.

            All I have is this:
            http://i31.tinypic.com/2h534zo.png

            And I must do it manually from here.
            Can you please help me?

            1 Reply Last reply Reply Quote 0
            • J
              jimp Rebel Alliance Developer Netgate
              last edited by Jul 28, 2010, 3:45 PM

              The easiest thing to do would be to setup another VM "behind" it on the LAN side and then use that VM to access the GUI to complete the setup properly.

              You'd spend a lot less time doing that than trying to work in ways that aren't really intended, and could just cause further problems.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • M
                meglio
                last edited by Jul 28, 2010, 3:51 PM

                Thanks, if you say I'll save time - then going to try this.
                Will put updates soon…

                1 Reply Last reply Reply Quote 0
                • J
                  jimp Rebel Alliance Developer Netgate
                  last edited by Jul 28, 2010, 4:12 PM

                  It's easy, download an ISO for Damn Small Linux, boot it, use a browser to get to the GUI. Shouldn't take much time at all.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • M
                    meglio
                    last edited by Jul 28, 2010, 5:31 PM

                    Ok, I just installed ubuntu on another virtual machine and navigated to 192.168.1.1 and I can see welcome screen - it's first step. Thank you very much for advices.

                    May I ask you about next configuration? It now asks me on the very first screen:

                    Hostname
                    Domain
                    Primary DNS Server
                    Secondary DNS Server

                    … and I'm not sure if I must specify DNS ones given to me by my provider or not?
                    Also, it's still magic to my brain if I'm free to input any hostname/domain,
                    or it must be something specific?

                    P.S. It may be very useful to put notices & tips like answers to my questions above
                    for newbies like me - on each configuration wizard. I'm developing sites with 5000+ members
                    and I can confirm that when you do wizards for zero-knowledge users, you save lots of time
                    by preventing stupid questions in forums etc. This save both user's and site owner's time.
                    So maybe it's something to ask pfsense developers to do in next versions? Eg, more tips for newbies.

                    P.P.S. Also, I was surprised that command line installation tool only autodetects WAN by DHCP
                    and does not allow to input values manually.

                    Thank you very much for your help,
                    Anton

                    1 Reply Last reply Reply Quote 0
                    • H
                      hdokes
                      last edited by Jul 28, 2010, 5:37 PM

                      @meglio:

                      Hi hdokes and jimp.

                      The problem is that I'm not familiar to freebsd at all and I do not know how to configure this WAN.

                      Assuming you have your 'live' ip assigned properly to the wan nic

                      There is no DHCP server, so I must put all rules in place manually, but I do not know how.

                      All I have is this:
                      http://i31.tinypic.com/2h534zo.png

                      And I must do it manually from here.
                      Can you please help me?

                      meglio,  unless I am majorly missing something here… you never have to deal with freeBSD directly.  PFSense installs with a 'dos' based type menu system.  If you have loaded a system with ESXi and you have created a vm then you already have a console from which to see the PFSense menu after installation.  From that menu, which you can't avoid as it is the only 'console' interface immediately accessible to you after installing pfsense.  From that console interface, selection 1 allows you to define which nics are going to be WAN, LAN, and OPT (if used).  Selection 2 then allows you to set static IP's for your local LAN nic and the 'live' IP for the WAN nic.

                      Again... if you already have an ESXi server configured and running... have already created the vm to accept the pfsense... then you have all you need there to do that which you are looking to do.  Have I missed something here?  Is the ESXi server already configured and running?  Do you already have the vm set up and have you 'installed' the pfsense to it from the booting CD or image?  If all these answers are yes... then it is really simple to complete the assigning of IP's to the nics through the menu.  Again.. no knowledge of freeBSD is required.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jimp Rebel Alliance Developer Netgate
                        last edited by Jul 28, 2010, 5:38 PM

                        @meglio:

                        Hostname
                        Domain
                        Primary DNS Server
                        Secondary DNS Server

                        … and I'm not sure if I must specify DNS ones given to me by my provider or not?
                        Also, it's still magic to my brain if I'm free to input any hostname/domain,
                        or it must be something specific?

                        DNS can be whatever DNS servers you want. Your ISPs, or others. Many people use OpenDNS or Google DNS (8.8.8.8 / 8.8.4.4)

                        @meglio:

                        P.S. It may be very useful to put notices & tips like answers to my questions above
                        for newbies like me - on each configuration wizard. I'm developing sites with 5000+ members
                        and I can confirm that when you do wizards for zero-knowledge users, you save lots of time
                        by preventing stupid questions in forums etc. This save both user's and site owner's time.
                        So maybe it's something to ask pfsense developers to do in next versions? Eg, more tips for newbies.

                        Might be something to look into.

                        @meglio:

                        P.P.S. Also, I was surprised that command line installation tool only autodetects WAN by DHCP
                        and does not allow to input values manually.

                        As I said, this has already been fixed in 2.0, you can enter a static IP manually for WAN. (Though you still can't make a PPPoE or PPTP WAN from the command line yet)

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • M
                          meglio
                          last edited by Jul 28, 2010, 5:49 PM

                          @hdokes:

                          Selection 2 then allows you to set static IP's for your local LAN nic and the 'live' IP for the WAN nic.

                          Yes, I do have access to console (look at my screenshot provided), but I do not have option to set the 'live ip for the WAN' from command line console.

                          @hdokes:

                          1. Is the ESXi server already configured and running?
                          2. Do you already have the vm set up and have you 'installed' the pfsense to it from the booting CD or image?
                          3. If all these answers are yes… then it is really simple to complete the assigning of IP's to the nics through the menu.  Again.. no knowledge of freeBSD is required.

                          1. yes.
                          2. installed from cd, but not configured WAN static IP. But I think that now I'll be able to do it with access from another virtual machine in the same network.
                          3. Maybe I missed something? I'm not running version #2 and, again, I cannot set live ip from that console
                          Anyway, thanks for your advices!

                          @jimp:

                          As I said, this has already been fixed in 2.0, you can enter a static IP manually for WAN. (Though you still can't make a PPPoE or PPTP WAN from the command line yet)

                          Will you recommend me to keep stable 1.x version and will it be safe & quick (and without additional administration troubles) to update to the 2.x version when it becomes stable?

                          Thanks to all your fast answers, this really helps me a lot!

                          1 Reply Last reply Reply Quote 0
                          • J
                            jimp Rebel Alliance Developer Netgate
                            last edited by Jul 28, 2010, 5:52 PM

                            @meglio:

                            @jimp:

                            As I said, this has already been fixed in 2.0, you can enter a static IP manually for WAN. (Though you still can't make a PPPoE or PPTP WAN from the command line yet)

                            Will you recommend me to keep stable 1.x version and will it be safe & quick (and without additional administration troubles) to update to the 2.x version when it becomes stable?

                            Thanks to all your fast answers, this really helps me a lot!

                            I'd stay on 1.2.3 for production networks. Upgrading to 2.0 when it's released will be recommended at that point, but not just yet.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • M
                              meglio
                              last edited by Jul 28, 2010, 6:11 PM

                              Ok, going through wizard…
                              It asks me IP address for WAN and there is dropdown with /1, /2, /3 etc after IP address.

                              If my public IP address group (given to our server) is x.x.x.240/28,
                              so:
                              240 - netmask
                              241 - gateway
                              242 - used for ESXI management traffic
                              254 - used for IPMI control (KVM over LAN port)

                              That means that I want to manage by my pfSense only traffic from x.x.x.243 to x.x.x.253

                              Can you advice me on what to setup in this IP Address field for WAN configuration?

                              Thanks,
                              Anton

                              1 Reply Last reply Reply Quote 0
                              • H
                                hdokes
                                last edited by Jul 28, 2010, 6:14 PM

                                My bad meglio,

                                I thought you were installing pfsense 2.0 on ESXi.  It allows you to send both IP's… LAN and WAN.  The ESXi environment is one I am setting up with a mirror image of a few of our servers with pfsense2.0 as a vm firewall on the same server with the intent of exercising it and trying to 'break' a basic configuration of the 2.0.  I just need someone to respond to my issue now of tying the lan to the wan for internet traffic that I have in another post from yesterday.

                                I concur regarding sticking with the 1.xx version until 2.0 has been blessed for 'live' duty.

                                1 Reply Last reply Reply Quote 0
                                • H
                                  hdokes
                                  last edited by Jul 28, 2010, 6:21 PM

                                  @meglio:

                                  Ok, going through wizard…
                                  It asks me IP address for WAN and there is dropdown with /1, /2, /3 etc after IP address.

                                  If my public IP address group (given to our server) is x.x.x.240/28,
                                  so:
                                  240 - netmask
                                  241 - gateway
                                  242 - used for ESXI management traffic
                                  254 - used for IPMI control (KVM over LAN port)

                                  That means that I want to manage by my pfSense only traffic from x.x.x.243 to x.x.x.253

                                  Are you looking for the pfsense box to be the primary firewall for all other devices on your LAN?  If so… you do not want the other devices to have 'live' IP addresses provided by your ISP... rather... you want one live IP, x.x.x.242 to be assigned to the wan side of your pfsense box.  do not worry about the others at this time... if anything you might use them for DMZ purposes or to set up another unique network with it's own firewall.  All devices on your LAN should have private IP's, ex. 192.168.x.x assigned to them and pointing (gateway) to 192.168.x.1 which should be the IP on the LAN nic of the PFSense setup.  Your WAN gateway should point to the IP of the next device up the chain (typically x.x.x.241) which should be the modem/router from your provider.  Allow me to repeat.... having live IP's on your internal devices defeats the purpose of your firewall.

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    meglio
                                    last edited by Jul 28, 2010, 7:15 PM Jul 28, 2010, 7:13 PM

                                    hdokes, our configuration must be as follow:

                                    We have only one ESXi host and we want to use pfSense as firewall for all virtual machines,
                                    except for few IP addresses (explained next):

                                    242 - used for ESXI management traffic - does not need to be filtered by firewall (is this correct thinking?)

                                    254 - used for IPMI control (KVM over LAN port) - this also must be outside pfsense for sure,
                                    because we need access to IPMI even when server is down and virtual machines are not running.
                                    So there is no sense for pfsense to even listen to this ip address.

                                    Then 243 to 253 we want to divide into 2 logic groups with different approach.

                                    GROUP 1.
                                    Say 10 machines under 243 and 10 machines under 244 - these machines do no host sites
                                    and thus we can use your approach above (internal IPs).

                                    GROUP 2.
                                    Each virtual machine hosts different site or is owned by different user - needs to use
                                    one or few IP addresses between 245 and 253, so each IP from this group
                                    must be translated and routed exactly to one machine and must be not available for other machines at all.

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      meglio
                                      last edited by Jul 29, 2010, 4:54 PM

                                      Any ideas?

                                      1 Reply Last reply Reply Quote 0
                                      1 out of 18
                                      • First post
                                        1/18
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                        This community forum collects and processes your personal information.
                                        consent.not_received