[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 07/07/10 22:44, Martin Gautier wrote:
Anyone out there with pfSense experience? I'm good at IPCop but I'm having trouble getting inbound data on a red/green/orange config on a pfSense box. An old IPCop box has broken and I've replaced it with a natty little box with pfSense pre-installed - same cabling etc, just a different box. My set up is internet -> router (DMZ pass-through and firewall disabled) [10.0.0.1] -> [10.0.0.2] "red" port on pfsense web server [192.168.2.2]-> [192.168.2.1] "orange" port on pfsense. LAN [192.168.1.0]-> [192.168.1.1] "green" port on pfsense. Outbound on green and orange works fine. The pfsense webgui can be seen from green and orange but not when connected to one of the router ports (ie. 10.0.0.10 trying to get in via "red"). With various fiddling it seems that the router is happily squirting packets out of 10.0.0.1 but they're either not arriving at 10.0.0.2 (unlikely, single cable, fully tested) or they are arriving at 10.0.0.2 and the pfsense box is throwing them away for some reason. I "think" my pfsense NAT and firewall settings correct but there's obviously something wrong somewhere.... Regs Martin
Did you run your router with the firewall and NAT disabled before on the IPCop box?
I've seen some routers that don't seem to handle this very well (IIRC my old Netgear DG834G was like this). Is there a bridge mode option on your router so it can pass the internet IP onto the pfSense box?
I've not specifically used pfSense but I wonder if maybe you should tell your router that the DMZ host is the pfSense box (i.e. forward EVERYTHING to the pfSense Red IP address). Saying that some routers I've tried (2Wire, BT Home Hubs, and IIRC some Thompson routers) are smart enough to detect another router and automatically pass on the internet side IP address to the other router.
Rob -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq