Installation without access to LAN (remote location)



  • Hi,

    So I'm trying to configure pfSense in our remote datacenter.. no luck so far. I can't physically access machine and/or LAN so I have to use KVM console. I installed pfSense successfully but I can't make a step forward and configure it (access web GUI).

    Any ideas on next steps? How can I proceed?

    I configured WAN interface (DHCP) and I can ping gateway and google DNS. Server do not respond to ping requests, SSH/HTTP/HTTPS ports seems to be blocked. I tried to disable pf by pfctl -dbut it didn't help.. in fact, I even lost ability to ping gw.

    I reckon, I need to disable blocking policy from command line and/or add my home IP to trusted hosts (pass on fw).
    Btw, I already tried to edit /tmp/rules.debug by adding 'pass in quick on em1 inet proto tcp from…'.

    Anyone?

    Best regards,

    --

    Peter



  • If you are able to access the pfSense console (via KVM, etc), you can go to the "Developers Shell" by choosing option 12 from the menu.
    Once in the shell, you can type "playback enableallowallwan" this will force the WAN port to allow external access.

    You should then be able to log into the WebGui via the WAN port and configure the box up properly.  One of the first things you would then do is open/forward an appropriate port for WebGui access and turn off the "allow all" rule on WAN.



  • @divsys:

    If you are able to access the pfSense console (via KVM, etc), you can go to the "Developers Shell" by choosing option 12 from the menu.
    Once in the shell, you can type "playback enableallowallwan" this will force the WAN port to allow external access.

    Unfortunately, still the same. I can't access server over WAN.

    Peter



  • Hi,

    So.. I managed to install pfsense and access WEB interface using port redirect from other machine in the same LAN. Unfortunately, there is a problem that drives me crazy.. in fact couple of issues:

    #1 - I got /31 from my ISP and option doesn't exist in drop-off menu (Interfaces->WAN->"IPv4 address"). I can use /32 or /30 but not /31. Workaround – use ifconfig and setup IP/netmask manually

    #2 - pfSense ignore (or do not use?) default gw. I can't reach any external host without setting routing to it (UHS). Of course, gw is the same as default one..

    Example:

    Destination        Gateway            Flags    Refs      Use  Netif Expire
    default            A.B.C.D    UGS        0      38    em1

    I can't ping 8.8.8.8.. but adding 'route add 8.8.8.8 A.B.C.D'

    Destination        Gateway            Flags    Refs      Use  Netif Expire
    default            A.B.C.D    UGS        0      38    em1
    8.8.8.8            A.B.C.D    UGHS        0      17    em1

    works fine. I can ping 8.8.8.8 now..

    #3 - is it possible that some other apps are blocking traffic after it pass pf? I added rules to fw to pass traffic to port 8888 and started 'nc -l 8888' on pfSense server. I can see it (pass) in firewall logs + it is visible in tcpdump (incoming traffic) but netcat can't see anything..
    Same with firewall disabled..

    Any ideas?

    Best regards,

    --

    Peter



  • Hi,

    OK, I think I know what happened :)

    /31 is the answer I was looking for. pfSense do not support /31 networks ;((

    Best regards,

    Peter



  • @x:

    Hi,

    OK, I think I know what happened :)

    /31 is the answer I was looking for. pfSense do not support /31 networks ;((

    Best regards,

    Peter

    Not that it solves anything for you right now, but it's on the TODO-list for pfSense 2.2: https://redmine.pfsense.org/issues/1972