The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - curtisgrice

Pages: [1] 2 3 4 5
1
General Questions / Re: Vm-network conecting to home network
« on: January 12, 2018, 04:02:32 pm »
Remove GW_LAN. Also on the DHCP on pfSense make sure the default gateway is set to 10.0.0.1

2
General Questions / Re: rack setup
« on: January 06, 2018, 12:55:45 pm »
$150 per hour and you might get some help. Thats a TON to configure and you have provided almost no information to go on.

3
General Questions / Re: Vm-network conecting to home network
« on: January 06, 2018, 12:52:25 pm »
Can you send screenshots for your pfSense routes, gateways, and dhcp? Also the static route on your TP-Link.

4
DHCP and DNS / Re: BIND DNS not returning records.
« on: January 05, 2018, 11:44:34 am »
This may be against best practice but doesn't this just cause a recursive lookup? Why not just drop the name server IP into
Code: [Select]
@ IN NS ns1.rack.center.
...
ns1 IN A  192.168.1.1

vs
Code: [Select]
@ IN NS 192.168.1.1
I feel like i'm still missing something.

5
DHCP and DNS / Re: BIND DNS not returning records.
« on: January 05, 2018, 10:12:08 am »
Don't cross post, and dig up threads from year ago..
Sorry about that It seemed related.

What part in your zone file do you think is correct about this?

@     IN NS    192.168.1.1.

So you think its ok to put in an IP for your NS record?

What makes you think I know so much about DNS?  ;)

6
General Questions / Re: Vm-network conecting to home network
« on: January 04, 2018, 02:52:19 pm »
Under NAT outbound, this MUST be disabled. That's why you can ping from 10.0.0.0/24 to 192.168.0.0/24. NAT will see the ping on its way out and map 10.0.0.100 to 192.168.0.3:[some port number] (This is actually called port address translation.)

If you ran a packet sniffer on 192.168.0.100 while pinging from 10.0.0.100, 192.168.0.100 would see the ping came from 192.168.0.3.

When you try to ping from 1923.168.0.100 to 10.0.0.100 that port map does not exist and will be blocked.

NAT (PAT - port address translation in most implementations) hides a network behind one or a set of IPs. This is why when you have a bunch of PCs connected to the internet you only get one public address. Your home router uses PAT to connect all of your devices to the internet and coincidentally that's also why you need port  forwarding to connect to your computers from outside of your home network.

Long story short, disable NAT. Your rules look ok to me.

7
DHCP and DNS / Re: BIND DNS not returning records.
« on: January 03, 2018, 12:21:56 pm »
Ok but more to the issue, BIND IS working (just not the way I need). I can see it accepts the quere and sends a response, just not the correct one. I feel like this is one of those missing ; kind of issues.

8
General Questions / Re: Vm-network conecting to home network
« on: January 03, 2018, 12:00:45 pm »
ok so:
TP-Link WAN: (DHCP? doesn't matter for this topic)
TP-Link LAN: 192.168.0.1/24
Has route to 10.0.0.0/24 via 192.168.0.3


pfSense WAN 192.168.0.3/24
pfSense LAN:10.0.0.1/24

Server: 10.0.0.100/24
-Gateway 10.0.0.1

Workstation: 192.168.0.100/24
-Gateway 192.168.0.1

Server to Workstation - working
Workstation to Server - not working?

Can you show me your firewall rules on pfSense WAN and LAN?

9
General Questions / Re: Vm-network conecting to home network
« on: January 02, 2018, 06:33:04 pm »
Server: can ping to 192.168.0.100 (with CMD of MS)

workstation: cant ping to 192.168.1.100 (with CMD of MS)

What is 192.168.1.100? That's not in any of our mentioned/configured subnets.

So far I have:
TP-Link WAN: (DHCP? doesn't matter for this topic)
TP-Link LAN: 192.168.0.1/24

pfSense WAN 192.168.0.3/24
pfSense LAN:10.0.0.1/24

Server: ?
Workstation: 192.168.0.100/24


10
General Questions / Re: Vm-network conecting to home network
« on: January 02, 2018, 05:25:31 pm »
Looks good, just remove the Upstream: 10.0.0.1.

In your DHCP for the 10.0.0.0/24 network, you should have the default gateway listed as 10.0.0.1 also make sure you have DNS servers listed in there.

As for pinging, check your firewall logs. That will tell you if thats why its getting blocked. If it is showing as blocked, make sure you have your allow rules on both pfSense LAN AND WAN. If it gets out it still needs to get back in  ;)

When using the pfSense Diag. Ping tool, its important to select the from IP as the auto setting will choose the IP closest to the destination i.e. if your pinging 192.168.0.1 it will use 192.168.0.3 and not 10.0.0.1. This will cause it to bypass any firewall rules on the LAN (10.0.0.1) interface.

11
Packages / Re: Bind 9.11 error in pfsense 2.33
« on: January 02, 2018, 04:58:58 pm »
I seem to be stuck with a non working BIND package (9.11.2) what was the work around? Is there a way to downgrade to 9.10?

12
DHCP and DNS / Re: BIND DNS not returning records.
« on: January 02, 2018, 04:56:52 pm »
Ok so how do I downgrade to 9.10.4P2? I don't see any documentation on downgrading packages.

13
General Questions / Re: Proper setup of switches
« on: January 02, 2018, 12:31:31 pm »
Yeah sorry but between the re0 (realtek) and TP-Link, your gonna have a bad day.  :P

Assuming you can pop in a PCIe card, you can ebay some new gear for less than 50 USD and have intel NICs and a Cisco gigabit 24 port switch  ;) A bit more to learn but its not that bad. Cisco has amazing documentation.

14
Just a hunch, manually set your interface speeds on both ends. Also check your interface statistics to see if there is more than the expected traffic.

Even with DD-WRT those little boxes just freak out when overloaded or the PHY starts misbehaving.

15
General Questions / Re: Justifying pfsense for home network
« on: January 02, 2018, 12:22:19 pm »
SNORT IDS/IPS, proper VLANS and routing, much more flexible NAT (PAT) for segmented internal networks, Built in packet logging, Lots more.

It can be as much as you would ever want for a home router or as simple as plug and play.

Pages: [1] 2 3 4 5