Open specific port on all LAN ip addresses. Microcell Issue
-
So I just setup PFSense on a dedicated computer
I normally can find the answer i'm looking for through google, but I'm not exactly sure how to search such a question.
I understand how to port forwarding works on a basic level. It's pretty simple. But what if you don't know the LAN ip address that needs to be forwarded?
For example, I have a few microcells connected to my network. And from what I understand, there is no direct LAN ip you can specify to it.
So I'm assuming I needed to open ports for the microcell on a LAN Ips in the network.
How would a person open a port on all LAN IPs?
-
Microcells usually do an IPSec tunnel or something and don't require inbound ports to be opened.
-
Yep That^
Ive got a network with both (1x) Verizon and (2x) AT&T microcell's (network extenders as they call em) and they just work.
Plug them in. Make sure their GPS antenna can "see the sky" and give them about 20 to 30 minutes. You need to have a DHCP server active. You can assign them a static address via your DHCP though which I do.
-
You don't need to do any port forwards for microcells.
There is a bug where pfsense sometimes doesn't NAT outbound ISAKMP (udp/4500) packets if they are fragmented (they frequently are). To my knowledge, this bug has not been acknowledged by the maintainers (but then again, I haven't looked too deeply).
My solution was to disable packet scrubbing, and delete the NAT rule for IPSec that is automatically created (you have to change from automatic rules to manual to be able to delete it).
This thread: https://forum.pfsense.org/index.php?topic=103503.0 mentions other possible fixes which seem to contradict my fix.
