It all appears right but



  • Hi guys, I installed the pfSense appliance i built last night and switched most of the machines to that IP. I didnt try it solo as there were customers online. This morning i came in and finalized all the network adaptor settings on the last machines. I unplugged the gateway from the switch and bam, no internet connection on any machines. I dont know how to insert images here so i will try to paint the picture with words the best i can starting at the gateway.

    Bell Fibre 4 port gateway … the BELL WAN assigned IP is 70.54.xxx.xxx and i assigned 192.168.0.254 for gateway this outputs into netgear 48 port switch AND also into.....
    pfSense homebrew box which i assigned WAN side 192.168.0.252 and LAN side 192.168.0.253 ....

    so thats pretty much it 3 appliances , Gateway into switch and pfsense with pfsense output also into switch ....

    I pointed all devices default gateway at 192.168.0.253/pfsense with primary dns also pointed at it and secondary as 8.8.8.8.

    It works fine up to the point where i unplug the BELL sagef@st gateway router from the Netgear switch.

    If i open the web interface for pfSense i see WAN and LAN are green, i can go to packages and download them if i want. But if i disconnect the Sagef@st from the switch leaving the pfSense as the only portal, it does not pass the internet through, which makes me think its something i did on the configuration but i dont know what.

    I hope this description is understandable and someone can point out whatever i screwed up.

    Thanks

    Miqui



  • Hmmmm am i supposed to configure the pfSense the same way as the Bell router? I mean assign the WAN side IP address given by Bell? and the PPPoE login? I thought thats what the sagef@st does. Thats the only thing i can think of being wrong.



  • Your pfSense setup does seem weird - WAN and LAN in the same subnet. Every time I accidentally do this at home when testing there is big trouble getting to the webgui on LAN even.
    I would think that you need the WAN side to talk to the Bell Fibre 4 port gateway, even using a direct cable and not having them both onto the 48-port switch (leaving the switch entirely for the real LAN side). But I also have configs where I "steal/share" some switch ports for the WAN side, even though most of the switch is populated with LAN-side devices. Having WAN-side devices using the same switch (without VLANs) as the LAN side would leave things open for a LAN-side device to set itself a WAN-side IP and try to get direct internet access, bypassing the pfSense firewall.
    But then, maybe I don't understand your network topology at all:)



  • Hi Phil, there is no DHCP. Every device has an IP assigned to them. So, it is because i have the incoming internet (WAN) set to the wrong IP? It should be the outside IP Bell gave me?



  • dammit, also just discovered that i cant download from FTP off the web. First from major geeks and then from futuremark. Had to switch to http in order to get a download.


  • Netgate Administrator

    @neteffectcafe:

    So, it is because i have the incoming internet (WAN) set to the wrong IP?

    Probably. You can't have LAN and WAN in the same subnet unless you are deliberately trying to setup a transparent firewall. I'm almost certain you aren't.  ;)

    You should have it set as the Netgear router it's replacing.

    I think we need a diagram here though.

    Steve



  • HI Steve , unfortunately i havent been able to mess with it as there is someone here all the time. Normally that would make me happy but right now it is not. There is no net gear router, thats the 48 port switch which i will leave out of the convo …. the BELL router is a f@st something or other thats where the ppoe login is and the WAN ip addy. So i should make the WAN settings on the pfSense the mirror image of those?


  • Netgate Administrator

    @neteffectcafe:

    There is no net gear router

    Oh I thought you had a Netgear WNDR3400v2 which you were directly replacing.

    So you have three devices:

    Sagem modem/router –-> pfSense Box ---> 48 Port switch ---> client machines.

    Yes?

    Now ideally you should set the modem into bridge mode such that your public IP is passed onto the pfSense WAN interface but that can wait since you don't time to mess around.

    Now I expect that the Sagem modem/router is configured to hand out local addresses via DHCP so it's probably easiest to simply set the pfSense WAN as DHCP and let it receive it's address automatically.

    Now set the pfSense LAN address to something other than the WAN subnet. So for example if the Sagem device is 192.168.0.254 and it hands out, say, 192.168.0.101 to the pfSense WAN then you could use 192.168.1.1/24 as the pfSense LAN address. Which is coincidentally is the default address.

    Steve



  • Hi Steve. Its gone from bad to worse.

    That sagef@ast didnt seem to have a mode for passing anything anywhere. So i changed the WAN IP manually to 192.168.1.1 so it was different than the internal subnet. That didnt work so i made it .252.

    Today i went to upload some attachments to Google and they kept failing. I byassed the pfSense box and voila they sent.

    Just how badly have i messed up this unit? I am drawing a map and the link is to the image on my FanPage so you can see it. I do not know how to attach things in this forum sorry.

    http://www.facebook.com/photo.php?fbid=438990346154437&set=a.434427596610712.97875.433473776706094&type=3&theater



  • I made a change that brought down the whole thing. I put the wan on DHCP without changing anything else. Couldnt ping google after words.


  • Netgate Administrator

    You can attach pictures to the forum directly at the bottom of each post labeled 'additional options'.

    The setup in the picture you have posted to facebook is never going to work very well, if at all!

    You could use the settings I suggested in my previous post OK.

    The pfSense WAN address needs to be in the same subnet as the internal interface of the sagem modem device. So it needs to be either set to dhcp or set static as 192.168.0.X/24 (192.168.0.100 for example).

    The pfSense LAN address needs to be in a different subnet than 192.168.0.X. So you could use 192.168.10.1/24 for example.

    Steve


Locked