[Cialug] PfSense

Jeff Chapin chapinjeff at gmail.com
Sun Apr 19 02:01:33 UTC 2020 

You need to either set up DNS Masq or similar or turn on hairpin
networking. By default, pfsense does not apply all the same NAT rules to
traffic that goes out and comes right back.

DNS masq would supply the internal IP when you try to go to the service.
Hairpinning (System -> Advanced -> Firewall/NAT, check " Enable NAT
Reflection for 1:1 NAT" and " Enable automatic outbound NAT for
Reflection") will allow that port forwarding to be engaged when you come
back to your pfsense. Without those checkboxes, pfsense has issues.

Jeff

On Sat, Apr 18, 2020 at 8:22 PM Scott Yates <Scott at yatesframe.com> wrote:

> The wireless device thing sounds like it could be an ip address conflict.
> In the past i goofed up and had assigned a server an address that was in my
> dhcp pool.  This showed the same behavior.  Once i got the server moved to
> an ip address outside of the range of address that the dhcp server hands
> out, it was all good.
>
>
>
> On Sat, Apr 18, 2020 at 8:10 PM Tom Sellers <tsellers2009 at gmail.com>
> wrote:
>
> > I had my daughter try to contact my web site address and it simply timed
> > out for her.  I don't have anywhere close by that I could connect to a
> wifi
> > and try it from outside my home network.
> >
> > ------------------------------------------------------
> > In regard to your suggestion the problem existed before.
> > It responded the same way for me before I added those two entries.  I
> > suspect it must be something about the setup of the pfsense box.
> >
> > Like I said everything else works fine with one exception that I don't
> know
> > if is related at all.  I have been having issues with random wireless
> > devices not being able to connect for periods of time but then connect
> > fine.  That seems to be more of an irritation than a big problem right
> now.
> >
> > Thanks for the suggestion though.
> >
> >
> >
> >
> >
> > On Sat, Apr 18, 2020 at 5:48 PM Jared Brees <fromj2sitsme at msn.com>
> wrote:
> >
> > > If you disable both rules, does external traffic still hit your pfSense
> > > webGUI? If so, those rules aren't the issue - you've got another
> setting
> > > elsewhere. If it just times out, one of those rules isn't setup right.
> > > Enable one and see what happens.
> > >
> > > ________________________________
> > > From: Cialug <cialug-bounces at cialug.org> on behalf of Scott Yates <
> > > Scott at yatesframe.com>
> > > Sent: Saturday, April 18, 2020 17:04
> > > To: Central Iowa Linux Users Group <cialug at cialug.org>
> > > Subject: Re: [Cialug] PfSense
> > >
> > > Huh, those rules look right to me.  I am not sure what is going on
> there.
> > >
> > > On Sat, Apr 18, 2020 at 4:58 PM Tom Sellers <tsellers2009 at gmail.com>
> > > wrote:
> > >
> > > > I already have rules for both http and https traffic
> > > > [image: image.png]
> > > >
> > > > On Sat, Apr 18, 2020 at 4:20 PM Scott Yates <Scott at yatesframe.com>
> > > wrote:
> > > >
> > > > > It sounds like you need to port forward your web traffic to your
> > > internal
> > > > > web server.
> > > > > Go to the Firewall menu, then the NAT menu.
> > > > > Then Add a rule that forwards the port you want to use, 80 for
> > > > unencrypted
> > > > > traffic, or 443 for https traffic.
> > > > >
> > > > >
> > > > > On Sat, Apr 18, 2020 at 4:14 PM Tom Sellers <
> tsellers2009 at gmail.com>
> > > > > wrote:
> > > > >
> > > > > > is anyone using this package that could answer some questions?
> > > > > >
> > > > > > I recently set up a computer with this and have not had any
> issues
> > > > until
> > > > > I
> > > > > > tried using a dynamic dns provider which I have used successfully
> > in
> > > > the
> > > > > > past.  Now I am unable to do so.
> > > > > >
> > > > > > When I go to a link at the dynamic dns which resolves to my
> network
> > > IP
> > > > > > address it comes up with my pfsense login page.  It should go to
> my
> > > > > > internal web server.
> > > > > > _______________________________________________
> > > > > > Cialug mailing list
> > > > > > Cialug at cialug.org
> > > > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > > > >
> > > > > _______________________________________________
> > > > > Cialug mailing list
> > > > > Cialug at cialug.org
> > > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > > >
> > > > _______________________________________________
> > > > Cialug mailing list
> > > > Cialug at cialug.org
> > > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> https://www.cialug.org/cgi-bin/mailman/listinfo/cialug
>


-- 
Jeff Chapin
President, CedarLug, retired
President, UNIPC, "I'll get around to it"
President, UNI Scuba Club
Senator, NISG, retired

More information about the Cialug mailing list