Topics

1

General Questions / How to configure pfSense as a router for two internal LAN subnets?

« on: January 01, 2018, 09:40:32 am »

I have two interfaces: LAN & LAB. I want machines on LAB to connect to machines on LAN and vice versa. I do not have a WAN interface as that is provided by another router in network 10.0.0.0/24.

LAN interface is 10.0.0.4
LAB interface is 10.0.1.4

I cannot ping a machine in network 10.0.1.0/24 from network 10.0.0.0/24 or vice versa. What have I done wrong?

Interfaces





Routing





Firewall rules

2

Firewalling / Firewall logs show blocking IP address different to my WAN intereface

« on: January 20, 2017, 05:11:35 am »

If I look at system logs then filter on Block WAN interface and have a look through, obviously there's a lot of stuff being blocked, but I'm intrigued to know how it's possible that I have entries in there where the destination address is different to my WAN address. I have a static WAN ip, but how can the Destination IP be different to my WAN ip when I've filtered the logs based on WAN?

Image below shows my firewall log with the last two octects obfuscated. The yellow ones have a different WAN ip to my actual WAN ip.

3

Installation and Upgrades / Upgrade to 2.3 fails on Hyper-V

« on: April 15, 2016, 03:03:10 am »

Running 2.2.6-RELEASE and upgrading to 2.3-RELEASE on Hyper-V 2012 R2 Core.

Has run flawlessly for a couple of years now on Hyper-V and this is my first upgrade failure. I ran the auto-upgrade from the web GUI and then I see this at the console when it reboots after the upgrade:



I have reverted to Checkpoint (hooray for VMs). Any ideas what I should do?


EDIT

I installed a new VM and it worked OK, except I could not get the WAN interface working on PPPOE. So it seems the mounting issue is resolved with a new install.

4

Firewalling / Can't seem to isolate a network

« on: March 10, 2016, 02:47:56 pm »

I have a home setup and I'm testing windows multi-subnet clustering. I have four networks:

WAN (internet)
LAN (my LAN) 10.0.0.0
LAB (my LAB set up) 10.0.1.0
LABDR (my DR LAB set up) 10.0.2.0

I have two nodes of a Windows Cluster called DAFFODIL and LILAC in the LAB network. I have one node called VIOLET in the LABDR network. As a DR test, when I block all traffic from LAB->LABDR and LABDR->LAB. I can't ping the other node or connect to it, but the Windows Cluster Manager in the LAB network tells me that VIOLET is Up.

If I power VIOLET off, then Cluster Manager reports it as Down within a few seconds. Any ideas on what may be wrong with my firewall? Here are the rules:





Cluster manager with the block rules active:

5

DHCP and DNS / How to resolve host with two IP addresses?

« on: February 17, 2016, 05:48:30 am »

I have a laptop on my network which is sometimes wired and sometimes on wifi. Is it possible to map the name of the laptop to both the wired and wifi IP addresses? I want to have a DHCP reservation so the IP addresses for each interface always remain the same and so that I can address the laptop over the network by name and have it resolve automatically whether it's on wifi, or wired.

How can I do this?

6

Cache/Proxy / Please help with SARG package

« on: May 22, 2015, 05:52:50 am »

Using pfSense 2.2.2, squid 2.7.9 pkg v.4.3.6, Sarg 0.6.4

When I click on View Report, I see this:

Error: Could not find report index file.
Check and save sarg settings and try to force sarg schedule.

So, I go to the Schedule tab and Force Update now on a 1d schedule I have created, click View Report and get same error. If I click the realtime tab, I see websites being accessed fine. Any ideas?

7

Installation and Upgrades / Just upgraded from 2.2.1 to 2.2.2

« on: April 15, 2015, 01:45:31 pm »

I saw an upgrade on the console so snapshotted my VM on Hyper-V and upgraded. No issues whatsoever... 

8

DHCP and DNS / How to handle device names with more than one interface?

« on: January 27, 2015, 02:22:04 am »

I have a laptop used mostly over wifi, but I occasionally plug it in to the LAN. I'm wondering how to set up DNS and DHCP for this device? Is it not possible to assign two IP addresses to a hostname in DNS Forwarder? How best to tackle this?

9

General Questions / How to make apinger ping a gateway on a remote subnet?

« on: January 16, 2015, 09:27:02 am »

I'm using pfSense at home with two WAN interfaces and one LAN. One of the WAN interfaces is a PPPoA ADSL interface connected to an ADSL 2+ modem (WAN). The apinger service correctly pings the gateway of my WAN. The OPT1 interface connects to an ADSL router via a private network. Let me illustrate - see attachment.



I want the apinger service to ping Gateway IP1 (which it does already) and Gateway IP2 (which it doesn't). For the ADLS Router the apinger service is pinging 192.168.0.2 which is on my premises and is not the actual WAN gateway IP. If I try and manually set it to Gateway IP2 I get an invalid IP address error (probably because it's a different subnet to the WAN interface?)

10

DHCP and DNS / Considerations for creating a domain controller with DNS in home lab?

« on: January 04, 2015, 10:19:48 am »

I have pfSense running in a VM hosted in my home lab and I'm using it for DNS and DHCP services. I have created a Windows domain controller in the lab with the same DNS suffix as pfSense. So I have pfSense DNS configured like so:





Should I create my Windows domain as duck.loc too (netbios DUCK) or something else? Anything else I should consider?

11

Routing and Multi WAN / Multi WAN with same gateway IP intereferes with balancing

« on: December 20, 2014, 04:30:58 am »

Hi

I have two ADSL modems at home connected to a pfSense machine and I use pfSense to log in to the ISP with PPPoE. Sometimes the WAN interfaces get the same gateway IP address. HOME_WAN interface connects to HOME_WAN_PPPOE gateway and OFFICE_WAN interface connects to DRAYTEK gateway. This causes pfSense to mark one of the gateways (the 2nd one to connect) with a status of Unknown like so:



The external IPs of the interfaces are correct and the modems function fine when I force traffic down the HOME_WAN interface, but when they are balanced using gateway groups, all the traffic gets sent down OFFICE_WAN and not HOME_WAN. Any ideas on how to fix this? At the moment I'm having to split the gateways manually between sets of PCs which brings it's own problems because PC usage patterns vary.

Thanks for any tips...

12

Routing and Multi WAN / Just installed two Draytek Vigor 120s for home use - works great

« on: August 16, 2014, 05:01:05 pm »

Just thought I'd share that I have two Draytek Vigor 120 ADSL modems in PPPoA mode on two phone lines serving my home. Works great and super-easy to set up. I have two WANs, 1 physical LAN and 2 virtual subnets. pfSense is a VM hosted on ESXi 5.5. Sweet, love this firewall.

13

General Questions / Recommend a syslog server?

« on: August 16, 2014, 04:50:09 pm »

I would like to set up a syslog server on vmWare esxi for storing my pfsense logs. Can someone recommend a quick way to set up a VM to do this? I haven't set one up before so I'm after something quick and easy with a way to view logs from a Windows machine.

14

OpenVPN / Using openVPN client on Windows 7 through pfSense

« on: April 05, 2014, 09:26:08 am »

Consider my home network.



I have a Windows 7 machine in the LAN subnet with IP 10.0.0.7. It can connect to and ping 10.0.0.8, 10.0.1.1, 10.0.2.2, 192.168.0.1, 192.168.1.1 with no problems. When I connect to the internet through the www.privateinternetaccess.com (PIA) client I can only connect to and ping servers in the same subnet. So, 10.0.0.8 works, but I can't connect to 10.0.1.1, 10.0.2.2, 192.168.0.1, 192.168.1.1 from 10.0.0.7.

Any ideas? I believe the PIA client uses OpenVPN.

15

General Questions / Any way to hide disabled rules?

« on: April 03, 2014, 10:45:28 am »

I have a fair amount of rules I turn on and off. Is there a way to hide disabled rules? Would be really nice to have a checkbox on the Rules page to show/hide disabled rules.