Unable to access remote administration from LAN
I know this is a very basic issue and I apologize in advance if I'm missing something obvious.
I recently decided to build my own router using pfSense, a rather large undertaking for me. I recycled some spare components I had lying around (Intel Quad core and Gigabyte P45 motherboard) and bought an HP NC364t NIC (quad gigabit) on ebay. I installed pfSense to an 80 GB harddrive on the resulting box, and rebooted. It worked! But I have no way to administer it from my desktop. The pfSense box is still using my Verizon router, that it will replace soon, as a DHCP server on the WAN port. The first of the LAN ports is 192.168.1.1, and the WAN port is 192.168.1.3 from the Verizon actiontec device.
My desktop is 192.168.1.10 on the Verizon LAN, but it is unable to access pfSense at 192.168.1.3 using SSH (yes, I enabled SSH at the first reboot menu). My browser is unable to access http or https://192.168.1.3. I do not have a crossover cable, but a direct connection between my desktop and the pfSense box is equally fruitless. I played with the pfSense shell and got nowhere, and searching this forum and the internet was also not helpful. Every step described seems to come after I connect to the box somehow. I'm going to try to attach a shot of what I'm looking at on the pfSense box screen.
tl:dr - I want to unplug the monitor from a new pfSense install and do everything remotely. Thanks!
I've attempted to use the CLI commands on the pfSense box to disable the firewall and allow any other connections without success. My desktop is unable to see 192.168.1.3 (pfsense) from the command line with ping, nor can my desktop browser find any server at 192.168.1.3, nor can my desktop PuTTy connect to the pfSense box on port 22 or 443. However, my router clearly shows prSense as the client being issued the 192.168.1.3 address. Not sure what I am missing.
One more post that might help:
tcpdump from pfSense shows the ping from my desktop on the pfSense Lan port, so the packets are making it. The filtering on the pfSense box is politely dropping them, and I don't know why. Likewise, traffic on 22 and 443 is being noticed and subsequently discarded like the Valentines Day cards I sent in 3rd grade. This tells me that the two NICs are correctly negotiating the connection, both are working properly, and pfSense is doing something correctly, just not what I want it to. I will attempt to change the firewall rules that are stopping the connections and will update my posts if I continue to fail or manage to succeed. I am not sure if this is an install issue or not, since I would guess that by default pfSense allows some access from the LAN after basic installation has finished.
Managed to get it working. To anyone with the same problem after an initial install of pfSense: I used the pfSense number prompts at the basic command screen. I used '11' first, and restarted the webConfigurator, then I used '2' to (re)set the interface IP addresses, then I rebooted. It still wasn't working, and after reading a ton of guides online I unplugged the WAN cord from the pfSense box, plugged my desktop into the pfSense LAN port, and once again restarted the webConfigurator. Someone online had speculated that the order of the ports being filled mattered, and it seems to in rare/strange cases. Either way, I was able to connect with my browser. I immediately added a rule allowing the LAN to connect over ports 80 (default) and a high port that I use for SSH. After making those few changes, I applied the new rules, upgraded the pfSense version from 2.1.3 over the very easy to use GUI, and rebooted. Everything came back up and I reconnected quite well.
I have not been able to get the pfSense box to work well using my old Verizon as the gateway for the LAN yet, but I've put 7 hours into this for today and I'm ready to go to bed. Quite happy with my progress and pfSense so far. If you're reading my single-person thread, enjoy!
doktornotor Banned last edited by
According to the screenshot, your WAN and LAN is the same network (192.168.1.0/24). Utterly broken configuration. No need for zillion posts in a row.
Quite right, that was the screenshot of the default pfSense page I got after install. I should have shown the shot after I assigned the addresses correctly. I tried again this morning and after a lot of simple changes discovered that I had to clone the MAC address onto pfSense. Instant success. Now have a massively overpowered router for the price of a few hours of work. Thanks!