Netgate SG-1000 microFirewall

Author Topic: Noob question opt1 no internet  (Read 3827 times)

0 Members and 1 Guest are viewing this topic.

Offline r3xxx4r

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Noob question opt1 no internet
« on: April 28, 2014, 09:01:40 am »
Salut!

Mi-am instalat si eu pfSense pe un server cu 2 placi gigabit, una e WAN(xx.xxx.110.52/26), una e LAN (xx.xxx.117.48/28) si pana aici totul merge cum trebuie. Problema a aparut cand am instalat o a treia placa de retea OPT1 192.168.0.1/24 pe care as vrea sa am un router wireless. problema e ca nu am net pe a treia interfata (am ping in WAN(xx.xxx.110.52), LAN (xx.xxx.117.48) si OPT1 192.168.0.1. Ce trebuie sa configurez sa am net pe interfata OPT1?

Offline catalin

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +5/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #1 on: April 30, 2014, 05:57:53 am »
Salut ,

Pe interfata LAN folosesti ip privat ?
Ai verificat setarile firewall pentru interfata OPT1 ? Trebuie sa periti expres traficul catre WAN .
Adevarul se afla dincolo de noi ...

Offline uzzitm

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #2 on: May 06, 2014, 02:27:26 am »
Salut,

Sau poti sa faci OPT1 bridge cu LAN si sa ii pui o regula de deny dinspre OPT1 spre LAN ca sa nu poata accesa clientii de pe OPT1 (wireless) masinile de pe lan. Sau daca ai un AP wireless mai destept are o optiune, ii spune AP Isolation si va izola fiecare client de wireless in parte, nu va putea comunica decat cu gatewayul si nu cu ceilalti clienti.

Offline catalin

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +5/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #3 on: May 06, 2014, 02:51:22 am »
de altfel verifica daca ai in nat outbound OPT1 192.168.0.1/24

adapteaza clasa - 192.168.0.1/24  ta la setarile din screenul de mai jos
Adevarul se afla dincolo de noi ...

Offline r3xxx4r

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #4 on: May 07, 2014, 04:21:39 am »
am deja in nat setarea aia si tot nu merge

Offline catalin

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +5/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #5 on: May 07, 2014, 04:24:43 am »
in screenshotul atasat ai natat outbound 192.168.10.0/24 , trebuie sa adaugi acolo 192.168.0.0/24 (clasa care o ai pe OPT1)
Adevarul se afla dincolo de noi ...

Offline r3xxx4r

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #6 on: May 07, 2014, 04:34:19 am »
Am uitat sa mentionez ca am schimbat OPT1 in 192.168.10.1/24.

Offline catalin

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +5/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #7 on: May 07, 2014, 04:35:36 am »
ce raspuns ai daca faci un traceroute pe 8.8.8.8 ? unde se opreste  ? ce reguli ai in firewall pentru OPT1  ?
Adevarul se afla dincolo de noi ...

Offline r3xxx4r

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #8 on: May 07, 2014, 04:47:48 am »
astea sunt regulile pt OPT1, ping si tracert

Offline catalin

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +5/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #9 on: May 07, 2014, 04:55:19 am »
ai cumva setat vreun gateway pe OPT1 ?
Adevarul se afla dincolo de noi ...

Offline r3xxx4r

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #10 on: May 07, 2014, 04:57:08 am »
IPv4 Upstream Gateway > none

Offline catalin

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +5/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #11 on: May 07, 2014, 07:25:04 am »
hmmm , ciudat , daca dai ping spre 8.8.8.8 din interfata routerului ? folosind ca sursa OPT1

ai vreun bridge ceva facut ? pe LAN si WAN ai ip-uri publice ?

Adevarul se afla dincolo de noi ...

Offline r3xxx4r

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #12 on: May 07, 2014, 07:27:58 am »
nu am niciun bridge facut. ip-urile de pe wan si lan sunt publice.

Ping output:
PING 8.8.8.8 (8.8.8.8) from 192.168.10.1: 56 data bytes

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
« Last Edit: May 07, 2014, 07:30:27 am by r3xxx4r »

Offline catalin

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +5/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #13 on: May 07, 2014, 07:29:22 am »
selecteaza te rog la Source Address : OPT1 eventual si un traceroute tot de pe router folosind OPT1
Adevarul se afla dincolo de noi ...

Offline r3xxx4r

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #14 on: May 07, 2014, 07:36:55 am »
Gata. Scuze. Esti din BV?

Offline catalin

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +5/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #15 on: May 07, 2014, 07:38:51 am »
Da , ti-am raspuns si la PM :D . poti sa faci si un traceroute din interfata routerului folosind OPT1 . nu imi pot da seaama unde se intrerupe flow-ul pachetului
Adevarul se afla dincolo de noi ...

Offline r3xxx4r

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #16 on: May 07, 2014, 07:52:26 am »
1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *

Offline catalin

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +5/-0
    • View Profile
Re: Noob question opt1 no internet
« Reply #17 on: May 07, 2014, 08:01:32 am »
bun , deci e clar ca pfsense-ul nu iti face natare la OPT1 catre WAN . incearca acest workaround :

mergi in Firewall -> NAT -> Outbound NAT

Sterge regula actuala 192.168.10.0/24 day apply .

apoi tot acolo comuta NAT-ul pe Manual Outbound NAT rule generation cu apply .

Daca mai ai reguli acolo sterge tot in afara de 127.0.0.0/8

Apoi creaza manual regulile pentru clasele care vrei sa aii acces la net . apply

Adevarul se afla dincolo de noi ...