The pfSense Store

Author Topic: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!  (Read 4452 times)

0 Members and 1 Guest are viewing this topic.

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« on: January 24, 2011, 06:39:47 am »
Hello,

i have a pfsense box 2.0 beta 5 with three ethernet ports.
wan: 192.168.10.9 default gateway: 192.168.10.4
lan: 192.168.10.10
opt1: 192.168.10.8 gateway: 192.168.10.5

i want that one client from local lan can access the optional interface gateway! only this client

gernerally i think i need a firewall rule on top that client can access gateway or?


and i important question i have:

default    192.168.10.4    UGS    0    731    1500    bce0    
127.0.0.1            link#5    UH    0    494191    16384    lo0    
192.168.10.0/24    link#3    U    0    5856    1500    bce0    
192.168.10.8    link#2    UHS    0    0    16384    lo0    
192.168.10.9    link#3    UHS    0    0    16384    lo0    
192.168.10.10    link#4    UHS    0    0    16384    lo0    

link#3 is wan ;)

why is my local net 192.168.10.0/24 under interface wan?
this is lan!
how can i edit this interface entry in routing table?
i can only access my gui when i have connected wan and lan in the same switch to my pc?

can someone help me?
« Last Edit: January 24, 2011, 07:40:09 am by onkeldave83 »

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #1 on: January 24, 2011, 07:48:52 am »
when i only connect lan with me pc - i cant connect :(
firewall rules are ok!
default gateway is on wan
what have i to configure that i connect over wan ?
and why i cant connect to gui (192.168.10.10) when wan is only connected to router and lan only to network switch?

what this please
« Last Edit: January 24, 2011, 08:17:14 am by onkeldave83 »

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2753
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #2 on: January 24, 2011, 08:25:31 am »
From WAN side ALL ports are blocked by default. You have to create a firewall rule on WAN side which allows to pass to WAN-Address with port 80 (http) or port 443 (https).


The rule for the client to go over your OPT interface should look like this:

pass
source IP: IP of the client
Port: any
destination: any
Port: any
Gateway (OPT) (For this, you have to scroll down and click the "Gateway" button.

This rule should be on the top of the rules.

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #3 on: January 24, 2011, 08:40:57 am »
yes this good! ONE STEP BACK!!!
i make it simple....something missed by my configuration ;)


clients are connected to lan interface
on wan is connected the router

FIREWALL RULES ARE OK!!!!!!!
i have any any any rule for testing ;)
(i want use the default gateway)

and why cant clients access internet?


---

have i to create the wan interface as a gateway to lan? (static routes) ????

i dont know why i cant access internet, when a pc is allone connect to lan and the router on wan interface - there must something fail :(
i have only internet when wan is additionally connected to the lan switch :???
help me please
« Last Edit: January 24, 2011, 09:07:32 am by onkeldave83 »

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2753
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #4 on: January 24, 2011, 09:28:12 am »
For me its hard to understand what your configuration looks like.

Can you make a picture with paint with your switches, routers and IP-addresses / subnets

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #5 on: January 24, 2011, 09:42:08 am »
ok one moment please....

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #6 on: January 24, 2011, 09:53:12 am »

http://img52.imageshack.us/i/daveh.jpg/

default gateway and dns of network client is pfsense
gw 192.168.10.10
dns 192.168.10.10


with this, i can not connect to my pfsense and have no internet.

when i connect the wan interface ADDITIONALLY to the network side, i can connect to pfsense and internet!
i have test it, i can disconnect the lan cable and have access and internet :D ...when wan addiotionally connected to the switch ;)

i want no bridging! i want to access wan / internet from network client

the default gateway on wan is the router 192.168.10.4
and the gateway is online!
my firewall rules are allow all for testing
i use pfsense 2.0 beta 5

my routing table:
default    192.168.10.4    UGS    0    8514    1500    bce0    
127.0.0.1            link#5    UH    0    21372    16384    lo0    
192.168.10.0/24    link#3    U    0    15067    1500    bce0    
192.168.10.9    link#3    UHS    0    1552    16384    lo0    
192.168.10.10    link#4    UHS    0    1214    16384    lo0    

my interfaces:
WAN interface (bce0)
Status    up
MAC address    00:26:b9:75:5c:bb
IP address    192.168.10.9  
Subnet mask    255.255.255.0
Gateway    COLT 192.168.10.4
ISP DNS servers    192.168.10.4

LAN interface (bce1)
Status    up
MAC address    00:26:b9:75:5c:bc
IP address    192.168.10.10  
Subnet mask    255.255.255.0

my prot forwarding for squid proxy
If    Proto    Src. addr    Src. ports    Dest. addr    Dest. ports        NAT IP     NAT Ports     Description    
   
LAN    TCP                 *       80 (HTTP)           *         3333    192.168.10.10    *    

THANKS FOR HELPING!
« Last Edit: January 24, 2011, 10:30:29 am by onkeldave83 »

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #7 on: January 24, 2011, 10:40:27 am »
a traceroute output from netowrk client, with addiotional cable connection from wan to lan switch


C:\Documents and Settings\OnkelDave>tracert www.google.de

Tracing route to www.l.google.com [74.125.43.103]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.10.9
  2    <1 ms    <1 ms    <1 ms  192.168.10.4
  3     1 ms     1 ms     1 ms  ...
  4     4 ms     3 ms     3 ms  ...
  5    13 ms    12 ms    12 ms  ...
  6    21 ms    20 ms    28 ms  ...
  7    25 ms    25 ms    25 ms  ...
  8    30 ms    29 ms    29 ms  ...
  9    28 ms    28 ms    28 ms  ...
 10    33 ms    35 ms    35 ms  ...
 11    29 ms    29 ms    29 ms  bw-in-f103.1e100.net [74.125.43.103]

he goes directly from wan to internet!

i think by correct config he have from......to
lan -> wan -> internet gateway

f.e.
  1    <1 ms    <1 ms    <1 ms  192.168.10.10
  2    <1 ms    <1 ms    <1 ms  192.168.10.9
  3    <1 ms    <1 ms    <1 ms  192.168.10.4
....

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2753
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #8 on: January 24, 2011, 12:14:11 pm »
Ähm,

pfsense is a routing plattform. A router connects two or more DIFFERENT networks. Your network on WAN and LAN are both the same. They are both 192.168.10.0/24

On the WAN side you could use 192.168.10.0/24 and on the LAN side use 192.168.20.0/24.
On the WAN side NAT must be enabled or you have to enter a static route for 192.168.20.0/24 on the router which is DIRECTLY connected to the internet. I mean this router which has the IP 192.168.10.4.

Offline phpzilla

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #9 on: January 24, 2011, 05:09:54 pm »
hi  ;D

take a look here on my network:




maybe it helps  ;)
« Last Edit: January 24, 2011, 05:29:08 pm by phpzilla »

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #10 on: January 25, 2011, 06:15:35 am »
yeah thanks!

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #11 on: January 25, 2011, 09:22:37 am »
this really good! its godlike ;)
thanks for this example....
my mistake was the same subnet for lan and wan....thats stupido

i want to distance from bridging and ta-ta-ta its perfect -> THANKS phpzilla and THANKS Nachtfalke!!!


to do list:
other subnets for lan and wan
one route: from lan to gateway router on wan
firewall rules all access
thats all!

one question left:

before i had bridged interfaces (wan / lan)
and this was like a tranparent firewall i think.....i had to only set rules on lan tab for access or denied things on wan and lan!
yet? can you explain me how is it managed in routed pfsense modell

f.e.
have i to set wan rules only in wan and in lan i need only : source lan subet access to any ?


thanks for help
« Last Edit: January 25, 2011, 10:10:14 am by onkeldave83 »

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #12 on: January 25, 2011, 10:15:42 am »
its seems like that wan rules tab is ignort.....?

when i set in wan firewall rules block any any any any any
and i set lan rules pass icmp for all

i can ping www.google.de

only when i block it in lan tab, i cant ping google.


therefore i have to only set the lan rules tab ?

is it right?


thanks

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2753
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #13 on: January 25, 2011, 01:24:46 pm »
You have to set the rule in the right direction:

If the direction is from LAN to WAN, for example a Client should not connect to or ping google, then you must enter a LAN rule.

If you want, that someone from the internet/WAN should be ablte to connect to your LAN (Webserver, E-Mail-Server) then you must enter a WAN rule.

Remember: NO rules means everything is BLOCKED.
In general you do not want that someone from the WAN/internet should be able to connect to you LAN, therefor there should be no rules on WAN tab.

Offline onkeldave83

  • Full Member
  • ***
  • Posts: 214
    • View Profile
Re: General Question pfsense MULTI WAN Rules and ERROR in Routes ?!
« Reply #14 on: January 26, 2011, 07:06:37 am »
at first thanks nachtfalke

hmmm,

have one more question.


when i added a second gateway.....

can i set a second static route with same network but other gateway?
this strange....one way, two gateways :??

i have only one lan but two isp gateways.....all user should use the first gateway and one user the second gateway.


thanks for help
« Last Edit: January 26, 2011, 07:23:03 am by onkeldave83 »