Can't get PFSense Working
-
Hi,
I've been trying for 2 days to get this working without much success, my setup is as followsBillion 7800Vdox => PFSense Box => Switch => Various Pc's and Domain controller running Windows Server 2012 Doing DHCP & DNS
I've Set Billion into Bridge mode and Configured PFsense to Use PPOE which seems to connect up to internet just fine, I see status of connected and my static IP and ISP DNS servers show under interfaces.
My Windows server is set to issue IP's from 192.168.10.31 to 192.168.10.254 and it's IP is 192.168.10.2 and Billion modem/router (In Bridge Mode) using 192.168.10.1
I've setup PFSense LAN to use static IP 192.168.10.18
With this setup internal IP's work and I can Ping Them ok, I can ping external IP's ok from WAN interface but not LAN.
no internet from any PC's connected to switch or wifi (I didn't expect wifi to work)
My billion 7800 vdox has lot's of different option's perhaps bridge is not the correct one as I believe even if I can get this work then no computers will be able to connect through WIFI as this disables this??
Is there a better option so that I can get this working and perhaps still use the wifi.
I have some other bit's and pieces on my network that may help setting up a usable solution, (2 x Airport Expresses and a Dlink DAP-1650)
If someone could please help me to get this working I would be very grateful.Kind Regards
Jamie -
You do understand you have to hand out via dhcp to talk to pfsense LAN IP as the gateway off your network.. If your dhcp is still handing out 192.168.10.1 how is that going to work if pfsense is 10.18, any static machines like your DC would have to be changed to point to pfsense lan IP as well.
How is your DC going to get out for dns if talking to the wrong gateway.
-
Hi,
Thanks for your help, this is all very new to me so I'm very much a learner.
I tried changing the gateway on my DC and another PC from 192.168.10.1 (Billion IP) to 192.168.10.18 and it makes no difference, not internet from lan computers.
Is there another setting I'm missing or something?Regards
Jamie -
Well can you even ping pfsense lan IP of 192.168.10.18?
did the lan computers update their dhcp to reflect your change. When you do a traceroute to say a public IP of 4.2.2.2 where do you go from your lan computers, is dns working? How do you have your dc setup to do dns - is it still forwarding to your old 10.1? Are you looking up from roots?
-
Thanks for your help Johnpoz,
I sort of have it going now but something else weird is happening.
I plugged the Dlink DAP-1650 into the lan side and set it to AP mode, it has an IP of 192.168.10.20 and gateway is 192.168.10.18.
It seems to work for a min or so and then stops, need to reset it to get it working again which is really strange.
I also can't seem to get NAT port forwards working, I need to forward port 80 to my webserver for my exchange OWA.
Is there a way to use the wifi in the Billion 7800vdox instead of plugging in a separate AP? , it supports Vlan if this helpsCheers
Jamie -
It seems to work for a min or so and then stops, need to reset it to get it working again which is really strange.
Sounds like you have something else on your LAN on 192.168.10.20
-
Hi Derelict,
Thanks for your reply, I can still bring up the dlink AP GUI when entering this IP so I wouldn't have thought that's the problem but I will investigate further.Cheers
Jamie -
Maybe you have something else on 192.168.10.18. Really hard to tell from here. ;) But something working for a minute then not is indicative of a duplicate IP address somewhere.
-
Hi 192.168.10.18 is my pfsense box lan ip, I think something is maybe wrong in my server, if I tell the dlink AP to get it's IP via DHCP it get's an IP ok but sets the gateway to 192.168.10.1 which is my ip for the Billion modem/router
if I set the tplink to a static IP like 192.168.10.20 and gateway to 192.168.10.18 it doesn't seem to work either.
Do I need to configure something in pfsense when I connect a wifi ap to it?.
My DC is doing DNS & DHCP, do I need to change the gateway setting in the DC and if so where is this setting?Thanks in Advance
Jamie
-
If, by DC, you mean Domain Controller I have no idea. You're probably asking for help with that in the wrong place.
You can generally put as many DNS servers on your network as you want and they won't hurt each other. Not so with DHCP servers. You need one and only one DHCP authority on each segment.
-
Hi,
Yes I'm referring to my Domain Controller, the AP is getting an IP ok it's just setting its gateway address to 192.168.10.1 which is the old gateway not 192.168.10.18 pfsense.
Maybe it's something weird with the dlink AP point, I might try on of the airport expresses as the AP and see if that works.
Thanks for your help anyway it's appreciated.Cheers
Jamie -
I'm sure it's getting whatever the DHCP server is giving it.
-
Maybe it's something weird with the dlink AP point…
I doubt that it is a hardware problem but it's configuration may be incorrect.
…I might try on of the airport expresses as the AP and see if that works.
It's never a good idea to add other things to the equation until you have solved the basics. It will add to your confusion and solve nothing.
1. Make sure you only have one (1) DHCP server on the network.
2. Configure it correctly (yes the DHCP server hands out the gateway address, and most likely other things, to it's clients as well). If you don't know how, then learn it. Buy a book, seek help in an appropriate forum or something.
3. Go through EVERYTHING connected to your internal network and make sure it is either configured to use DHCP (with a reservation in the DHCP-server for equipment that need to be on the same ip address always) OR with a static ip address outside of the DHCP pool. Reboot everything.When you have done the above, confirm everything works. If it doesn't, start over at #1 above.
The above may seem ridiculous to you but it is very easy to make a small mistake somewhere that will come back and haunt you later. It is also good if it seems to you that I have underestimated your knowledge, as that will only make the above to be so much simpler and faster for you.
Only at this point you should start to consider to add more things to your network. Add only one thing at a time, applying the ip addressing strategy mentioned in #3 above and confirm it works as expected before adding anything else.
-
Hi P3R,
Ok I've got it working now, I hadn't changed the router IP in the DHCP Scope options to point to Pfsense.
Next problem I can't get my exchange server working
nat rules as followsWAN TCP * * WAN address 80 (HTTP) 192.168.10.2 80 (HTTP) Webserver
WAN TCP * * * 443 (HTTPS) 192.168.10.2 443 (HTTPS)
WAN TCP * * * 25 (SMTP) 192.168.10.2 25 (SMTP)open outlook and it tries to connect to the exchange server and can't.
-
Hi P3R,
Ok I've got it working now, I hadn't changed the router IP in the DHCP Scope options to point to Pfsense.
Next problem I can't get my exchange server working
nat rules as followsWAN TCP * * WAN address 80 (HTTP) 192.168.10.2 80 (HTTP) Webserver
WAN TCP * * * 443 (HTTPS) 192.168.10.2 443 (HTTPS)
WAN TCP * * * 25 (SMTP) 192.168.10.2 25 (SMTP)open outlook and it tries to connect to the exchange server and can't.
So what I stated in the first reply was your issue then.. Your welcome ;)
So is web working? Do you have the firewall off on the exchange server? Whre are you clients at that they would need to go through the firewall to talk to your exchange server - shouldn't they be on the same local network? Did you set those up on port forwards and let it create your firewall rules for you?
Post up your port forwards and your wan firewall rules. Where are these clients? Outside pfsense? Public internet - are they trying to use name resolution or IP?
Again this is so drop dead simple it just.. Did you follow the troubleshooting the port forward issue.. In the many years I have been on this forum - not once have I see an issue with port forwarding that was not layer 8.. https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting
-
Hi Johnpoz,
I appreciate your help so thank you kindly.
Most things seem to be working ok.My exchange is on the same box as my DC so it is using the same IP 192.168.10.2
Some port forwards don't appear to work, like port 80 or port 25 (check in open port checker), so I though my ISP could be blocking them but if I remove the pfsense box and and unbridge my modem/router and connect normally like i have in the past DSL ppoe
it functions correctly ???
I'm using a pc inside my network to open outlook and it can't connect to exchange, checking with mxtool box also fails.
I set them up through port forwards and yes it setup firewall rules by itself.
I use phones to connect to exchange as well so they are not always on the same local network.
To me it appears like the ISP is blocking the ports as random ports i.e not 25 or 110 show up as open so port forward seems to be working fine.
if I connect to OWA (walhouse.net.au/ow) from outside network using port 443 it works ok but using port 80 fails.
Everything worked ok before in the past it's not a new internet connection, just connecting through PPOE in PFsense with modem/router bridged.
I'm confused, probably bit off more than I can handle. -
"I'm using a pc inside my network to open outlook "
What does pfsense have to do with box on the same network talking to each other? Oh yeah nothing ;) Are you trying to hit your public IP to get forwarded back in - this is nat reflection and would have to be setup if you want to use that.
I show that working for https, I get your owa page. Is it listening on http? Normally you would not want your owa on http - since its not secured. You might want to put up a redirect from http to https for people that don't hit https off the bat.
So that forward is working. As to 25, many an ISP block this both in and out of their network. They only allow their smtp servers to talk on it, this helps cut down spam, etc. Are you on a business connection and have validated. I tested it from outside and it does not work. You sure that when you use your old router its just not doing nat reflection?
What I can tell you is from the outside I can not hit 25 to your IP that fqdn resolves to, and I see your mx record pointing too. I would sniff on pfsense wan via the port forwarding troubleshooting doc and see if 25 is even making it to pfsense wan.. Pfsense can not forward what it does not see.
-
Hi Again,
My DSL connection is a business connection.
If I remove PFsense box and connect to ISP normally using my billion router exchange works again, this I can't figure out.
I have a http to HTPS redirect on my server which worked ok before setting up pfsense.
I will call my ISP but can't see how it works one way but not the other, it's the same connection ???? -
so your sure you put your router in bridge mode and pfsense gets public IP on its wan?
If so its simple enough to sniff and see if your seeing traffic to the ports you have forwarded. Under diag, packet capture - you can then open them in wireshark.,
-
Next problem I can't get my exchange server working
nat rules as followsWAN TCP * * WAN address 80 (HTTP) 192.168.10.2 80 (HTTP) Webserver
WAN TCP * * * 443 (HTTPS) 192.168.10.2 443 (HTTPS)
WAN TCP * * * 25 (SMTP) 192.168.10.2 25 (SMTP)open outlook and it tries to connect to the exchange server and can't.
This doesn't look like proper service allowance. Kinda mix-up ?
TODO:
1st you create NAT rules for all server machine/ports [Firewall: NAT: Port Forward] 3 rules
2nd you allow WAN entrance for services [ Firewall: Rules (WAN)] 3 rules
