Netgate SG-1000 microFirewall

Author Topic: Help with my configuration  (Read 2222 times)

0 Members and 1 Guest are viewing this topic.

Offline scotttiamit

  • Jr. Member
  • **
  • Posts: 31
  • Karma: +0/-0
    • View Profile
Help with my configuration
« on: December 07, 2005, 04:18:08 pm »
Hi I was hoping someone could help me configure my setup so that I can access the Internet from PC's behind my pfsense. Here is my setup.
 
INTERNET -> ADSL Modem - > pfsense -> LAN computer.
 
The settings are as follows:
 
- ADSL connection on a Dlink 302G with a Dynamic WAN side IP Address and the internal IP Address of 10.1.1.1 it is in DMZ mode forwarding all traffic to
10.1.1.3
 
- pfsense with WAN IP Address 10.1.1.3, gateway 10.1.1.1 DNS 202.27.160.40 and 202.27.158.40 (these dns numbers are what the Dlink used to provide my computer via DHCP before the addition of the pfsense). the LAN IP Address of the pfsense is 192.168.0.6.
 
- My computer IP Address is 192.168.0.7/255.255.255.0 gateway and DNS server are 192.168.0.6.
 
- From My computer I can ping 192.168.0.6 and access the http config pages.
I can ping 10.1.1.3 and get a reply, I cannot ping 10.1.1.1, I recieve a reply from 192.168.0.6 saying destination unreachable. I have also tried pinging my work server 219.89.198.XX with no luck either.
 
- From the pfsense I can ping both 10.1.1.1 and 192.168.0.7
 
I have Firewall rules setup for both LAN and WAN to allow everything for all protocols with all destinations and all ports, but I still cannot access the internet. After I do a ping from my machine and look at the log for the firewall it appears to be blocked and I am not sure why? I was hoping someone could help me figure out what is causing the problem and confirm that my configuration is correct. I am a newbie to pfsense and presume I am missing something.
 
Thanks
Scott Thompson.

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Help with my configuration
« Reply #1 on: December 07, 2005, 04:30:11 pm »
Check at interfaces>wan the option "Block private networks" is checked. Your WAN is a private IP range.

Btw, you don't need allow rules on WAN if all connections are opened from clients behind the pfsense to the outside world. you only need to open ports if you want to supply services to the public (you then need nat as well).