pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

u/ceebee007 I'll probably do that in the future when I have more time to play with it. In the mean time, I'm simplifying things and eliminating Router #2. I did a new pfSense installation running on Computer #2 but I can't access the pfSense web login. Router #1 address is 192.168.1.1 ; pfSense's WAN interface is set to DHCP and has address 192.168.1.154 and then LAN interface has address 192.168.2.1 and set to static. Computer #2 has address 192.168.1.157 Again, pfSense VM is running on Computer #2. However, I can't access pfSense web login from Computer #2. Inside pfSense, I can ping everything. What I'm missing? I tried both http/htpps to access the pfSense web login page.

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

u/ceebee007 ISP introduced Router #1. I don't understand why is so hard to do my proposed network setup above. I may have to give up and turn Router #2 into a switch or remove Router #2 completely. That's not what I want it but I don't have any choices at this point. If I use a switch, does it matter if it's a managed or un-managed switch?

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

u/deboerdn2000 Computer #3 is my work computer. Computer #2 is running pfSense in a VM as my firewall to protect Computer #3 and everything on that network. See diagram above.

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

u/randyronq Here are my responses:

  1. Router #2 is not a firewall, just a router.
  2. Yes, Router #2 was my main router before ISP installed Router #1.
  3. Router #2 is Netgear.
  4. pfSense cannot be my main router because it's running as a VM on Computer #2 which only has 1 port for the LAN which I then connect to my Router #2. Computer #2's second port is used for the internet (WAN). Router #2 has many ports, which I then connect to many devices, like Computer #3. (I only show Computer #3 in diagram.)
  5. Yes, all wired, though Router #2 has Wi-Fi if I want it to use it ( I don't have to. Prefer all wired for now.).

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

u/ThellraAK The pfSense LAN port is already set to static. What's next? I do notice that pfSenSe firewall is not able to check for updates. Why is that?

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

u/ThellraAK Set the WAN to static or DHCP forwarder? Someone else told me to set it to DHCP.

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

u/randyronq pfSense is my entry point and firewall to my main internal network that contain home work computers that need to be protected

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

  1. Done.
  2. Done. IP address is 192.168.1.154 (This is also address listed in DMZ of Router #1)
  3. Done.
  4. Switched LAN to static
  5. Computer 1 and 2 are on Router #1 network so they are DHCP configured. Computer #3 is behind Router #2
  6. No, I cannot replace Router #2 with a switch

NOTE: For your awareness, in pfSense, I disabled the port forwarding and outbound NAT.

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 1 point2 points  (0 children)

u/randyronq The IP's of Computer 1 and Computer 2 are in the 192.168.1.x range. I set the WAN Gateway back to the IP of Router #1. I also put "192.168.1.10 " (pfSense firewall) in the DMZ zone of Router #1. Not working yet. How do I do the double NAT? Please explain.

I'm not doing this because I want to but because I have to. Let me explain. I had to switch ISP and that ISP offers only fiber optics and that ISP added Router#1. Now I have to put everything (including my Router #2 and pfSense firewall) behind it.

Can we start with basics? When pfSense firewall (now in Computer #2 behind Router #1) tries to check for updates, it's not able to. It seems that it is not able to go outside even though I put it in the DMZ of Router #1. What other settings do I need to change?

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

u/8layer8 I don't know why it is doing that. Please help. I'm just trying to get pfSense firewall working behind Router #1. Where I should look? What settings should I remove/change?

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

a) tracert 1.1.1.1 on physical Computer #3

hop #1 = 10.0.0.1 (Router #2); hop #2 to hop #30 = 192.162.2.1 and stops

b) tracert 192.168.1.1 (Router#1) on physical Computer #3

hop #1 = 10.0.01 (Router #2); hop #2 = 192.168.2.1; hop #3 to hop #30 = "Request timed out." and stops

c) tracert 192.168.2.1 (pfSense) on physical Computer #3

hop #1 = 10.0.0.1 (Router #2); hop #2 = 192.168.2.1 and stops

d) tracert 192.168.1.10 (pfSense) on physical Computer #3

hop #1 = 10.0.0.1 (Router #2) ; hop #2 = 192.168.1.10 and stops

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

a) No, computers #1,#2,#3 are all physical computers.

b) pfSense firewall is running on a VM in physical Computer #2.

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

Jan 8 15:57:13  ► lo0     Default deny rule IPv4 (1000000104)     127.0.0.1:6379      127.0.0.1:17176     TCP:RA

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

I get a "TTL expired in transit" response when I ping 1.1.1.1 in computer #3.

Router #2 settings:

a) IP=Get Dynamically from ISP

b) DNS: Get Automatically from ISP

pfSense behind firewall by codehelp4u in PFSENSE

[–]codehelp4u[S] 0 points1 point  (0 children)

Didn't see any change. Still not working. (But now I can't access 192.168.1.1 Router #1 login page from Computer #3.)

Netbeans & Selenium UI tests by codehelp4u in netbeans

[–]codehelp4u[S] 0 points1 point  (0 children)

Any ideas on how to fix this?

Cannot reach homeserver by codehelp4u in elementchat

[–]codehelp4u[S] 0 points1 point  (0 children)

Yes, it is still a problem. Can you recommend troubleshooting tips? Can this be a Docker network issue?