Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Ophion

Pages: [1]
1
Captive Portal / Re: Failed basic FreeRADIUS and Captive portal setup
« on: February 09, 2018, 10:18:43 am »
OHH the forum isn't showing the imgur images!!

2
Captive Portal / Failed basic FreeRADIUS and Captive portal setup
« on: February 09, 2018, 10:16:56 am »
The Subject title may look trivial and repeated, also you might think this is another ordinary issue about setting up FreeRADIUS + Captive portal. All I can assure is I've been testing the steps used to setup the configuration very carefully and still can't find a solution. That's why I am here. I have collected several screenshot images in order to provide further info.


Software version:
------------------------------------------------------------------------------------
pfSense         2.4.2-RELEASE
freeradius3    0.15.4                            (Packet Manager)


Summary: My boss asked me to setup a wireless hotspot at the company I currently work. I have been using pfSense for a couple years and I also was working in an institution that had a RADIUS server + pfSense + Portal captive service. The difference there was the RADIUS server runs under Windows Server so all I have to do is replace Windows Server RADIUS for FreeRADIUS embedded on pfSense (packet freeradius3 v0.15.4). My next step was gathering some info about this settup and surprisingly for me I found some videos on YouTube about doing this. The videos are https://www.youtube.com/watch?v=qCTsyW65WbA and https://www.youtube.com/watch?v=qCTsyW65WbA. The configuration in both is very straight forward and fast, my opinion though.


Technical information:
----------------------------------------------------------------------------------------------------------------------------------------
- IPv4 for pfSense: WAN 10.10.10.253 and LAN 10.10.11.254   (LAN interface will be named WIFI)
- IPv4 for FreeRADIUS: 10.10.11.254 (running on pfSense)
- DHCP enabled and tested correctly on WIFI interface 10.10.11.10 - 10.10.11.230

** Before installing freeradius3 and trying to set up the captive portal, devices from WIFI network were able to reach every (rules) service on main subnet such as jabber (XMPP), POP3, SMTP, etc...

Network schema



After installing freeradius3 (System -> Packet Manager) and configure it following the YouTube tutorials before mentioned I got no response when trying to access any site. I mean, no Captive portal was prompted. So I decided to start diagnosis doing port test (Diagnostics -> Test port).

This is the response for FreeRADIUS (1812) availability check. I don't know if pfSense performs this action using TCP or UDP or both, so I also tried using PortQryUI which allows doing boths and still got nothing. This is the output from pfSense Test port.



As the picture shows, pfSense can't find any open port for 1812, however in dashboard says radiusd (FreeRADIUS server) service is running. Finally I found in System -> Packet Manager that Installed packets was showing an unusual warning. I have to say that I tried with the IPv4 addresses 127.0.0.1 10.10.11.254 and 10.10.10.253 for testing the port.



During the freeradius3 packet installation I got no problem, no warning, even saw Success at the end of installation. I have deleted the packet, installed again, reinstalled the pfSense OS and started again and still the freeradius3 issue persists. Is there a problem with this packet or it is just me? The topic says FreeRADIUS and Captive Portal by I guess the problem lies in freeradius3 packet.

3
Great work! Appreciated.

4
Firewalling / Re: [SOLVED] pfSense with a rare networking issue
« on: December 01, 2017, 10:58:49 am »
:( :( Yeah but I have to say I have higher reputation on that one, but that site is more focused on regular users doing tweaks or somehow managing small networks. The proper site to post on that platform is serverfault, which is more advanced I guess, more professional. Anyway the proper site to post was always this one (pfSenses) I initially posted there because I have to say the way you are posting and at the same time you are watching how users are going to see the post is awesome.

5
Firewalling / Re: [SOLVED] pfSense with a rare networking issue
« on: November 28, 2017, 12:40:43 pm »
Thats was the problem, I detailed the issue my best and got no idea at all. And sometimes those litle details can be really difficult to find because you are not thinking about them, I was even preparing my bags to travel the land of hardware malfunction XD XD!!

6
Firewalling / Re: pfSense with a rare networking issue
« on: November 28, 2017, 10:47:11 am »
Quote
So does this server your trying to ping have pfsense IP as its gateway on this 172 network?

Oh boy, now I want to delete the entire post because now it works and I spent your time guys for a simple thing. I had to clone the allow all LANs rules first but everything works now. Was a combination of both steps, rules first. Well, this is the end of a long story and now i can keep going thanks to you guys and you @johnpoz. Thanks again and shame on me!

7
Firewalling / Re: pfSense with a rare networking issue
« on: November 28, 2017, 06:21:11 am »
Hi @wussupi83 I did it on SERVERS only, the ICMP request packets are not getting troubles to reach pfSense, even from LAN packets are reaching two servers (Proxy and Proxmox) in that subnet. It just doesn't make any sense to me when pfSense can ping FreeNAS and any LAN device can not. Just to be sure I'm setting the same rules in SERVERS tab than LAN.

8
Firewalling / Re: pfSense with a rare networking issue
« on: November 27, 2017, 08:26:14 am »
First of all, thanks for your reply. Your idea sounds good, but if Proxy server is replying ping without problem shouldn't FreeNAS do the same? pfSense (172.16.10.254) can ping FreeNAS then why LAN can't? Anyway I'm going to set the same rules on SERVERS subnet and then will feed the post. Only for clearance, there is no way pfSense could be acting "weird"?

9
Firewalling / Re: Possible to see unused rules?
« on: November 20, 2017, 01:55:52 pm »
As @jimp said that version doesn't shows that kind of info. You should upgrade, besides the blue color (netgate) pfSense now looks kinda more "pretty" and I love the design of the dashboard widgets.

10
Firewalling / Re: Accessing rule
« on: November 20, 2017, 01:51:31 pm »
Not an expert but I have been working with pfSense since almost 2 years back. Of course I am not an expert, not even close but never got this error. Looks like

1- You tried to save a new rule but the process wasn't completed resulting in a bad-configured file. Try to backup your firewall_rules_edit.php file and replace it with a new one. Of course you will need to add the old rules in this new one.
2- Your install process wasn't clean. Try saving configuration file and install again from a new ISO download. Could also be pfSense "lost" a file and now can't find it.

Hope this could help you out.

11
Firewalling / [SOLVED] pfSense with a rare networking issue
« on: November 20, 2017, 01:43:59 pm »
I had a pfSense server running on Proxmox, the physical server was a HP Proliant ML350 Gen9 with 3 NICs. One for WAN, another for LAN and the last one for a subnet called SERVERS. After finishing the pfSense installation, from LAN, I was able to access internet without any further configuration. The problem was between LAN and SERVERS subnet. From LAN I'm able to PING on server (Proxy squid) but can't ping FreeNAS. However, pfSense can PING the FreeNAS. How can be this possible? Why can pfSense PING FreeNAS and can't forward my PING packets from LAN subnet? pfSense was created for that. I didn't config any rules nor NATing nor routing, all by default. And by default rules say allow LAN to ALL. I have only one WAN some I don't guess any additional routing rules should be add. My problem could be very low-detailed by I already posted it here (https://superuser.com/questions/1269104/pfsense-or-proxmox-with-a-rare-networking-issue) VERY DETAILED. Sorry for not repeating it in here but it is very large. I apologize for any inconvenience. Thanks in advance!

PS: I tested it on a different hardware (physical server) and got the same results. There are no switch in between, all connections are point-to-point type using regular UTP Cat5e wire.

EDIT: I'm seeing my post is being checked but nobody replies. Just let me know what you think. Is this alright for you? Something similar happened to you? Maybe this is not entirely wrong or maybe I'm having some concept mistakes. Why do you think firewall can PING the server and I'm not able to do the same thing. Thanks again in advance.

LAST EDIT: This issue has been solved by putting the same LAN default rules but on SERVERS tab and later setting pfSense (172.16.10.254) as firewall on every server. The "rare networking" issue was due to I defined a gateway for Proxy and Proxmox on Proxmox initial setup so I was getting an ICMP reply from both. This confused me because FreeNAS was unable to reply ICMP and both before were. Finally as I said was a simple mistake but the title I used for this post was first knowing the problem. Now I know what the problem was the title is not suitable.

Pages: [1]