Pfsense as Router with Switch - switch-statement

Background:
I've recently setup my Cable router in Bridged mode to use Pfsense for OpenVPN and some other features at my house. Once my modems in bridged mode I can only have 1 port connected. So without having another Gbit switch around, I figured I could add a 4 Port HP Intel NIC to my pfsense box and use it similarly to my old setup. This proved to be problematic.
PF Sense Box
Onboard Nic [em4] Set as DHCP to Modem. Bridged mode tested working by my laptop.
HP Nic
[em0] OPT1
[em1] OPT2
[em2] OPT3
[em3] LAN (first port on the card) 192.168.2.0/24
My goal is to Have all Ports on the HP Nic act as a bridge/switch like they did on my modem.
On first Setup: Wan port received its Public facing IP address ok and default rules worked for LAN. So with my laptop wired to LAN everything is a Go. with OPT ports not working as expected.
I enabled all OPT interfaces and set their IPv4 Configuration Type to None as mentioned in the bridge guide.
I added the OPT and Lan interfaces to the bridge0 here: Interfaces > (assign)
Under System > Advanced on the System Tunables
I set:
net.link.bridge.pfil_member 0
net.link.bridge.pfil_bridge 1
For the firewall rules I left OP's blank as I assumed from a guide they would inherit settings from LAN as being set on the bridge. But I have played around with so many firewall settings that I'm not even sure of what to post here for the question. But I've tried setting up default allow all rules for each.
So far I just can't seem to get DCHP connected to OPT's to work. If I set my clients to static I can access the pfsense box. I noticed also that I can communicate with another system via static IP if both are set on different OPT connections. so I guess the bridge is working to some extent. I can also use nslookup with my system set on an opt port with a static IP set but I can't access the web. so it's resolving dns names, but still not allowing traffic. I must be missing some documentation on setting up the rules with a bridged configuration.
Any advice? anyone done it before?

you want:
Each OPT is a different network (VLAN) but leaving by the same port Internet? .. If?.. valid and that the firewall allows navigation for each OPT? (review in the rules, the name OPT)

Related

Configuring Ports on a Cisco Switch

I am very new to Cisco networking (haven't done any course either). I have been trying to learn a bit of networking myself and had no trouble in doing some of the basic stuff which i needed for my personal work. But i am planning to buy a new Cisco switch(a gigabit switch) and configure it to 2 different networks (1 being an internet and other being a separate network for a specific job). I want to configure the ports in such a way that the first few slots for normal internet and the rest for my other network. For example if its a Cisco 2950 48 port switch, the first 1-16 port for my local internet network and the ports from 17-32 for my other network. Can somebody give me a run down on how to achieve this? Sorry for such a long but basic question, i am just trying to save few $$ and learning something new. Any help would be appreciated. Cheers
You can just create the 2 different Vlans and Give the Access port to the 1st vlan with port 1 - 16 , And for Second vlan Give access port remaining Ports. As well you can also configure 2 different network on Single Switch .
Vlans can separate the network traffic away from each other. For Example
Int range gi 0/1 - 16
Desc Local Internet Network
Switchport access vlan 444
Switch port mode access
Int range gi 0/17 - 32
Desc Other Network
Switchport access vlan 555
Switch port mode access
Of course it depends on what you plug into the ports? depends on what type of switchport it is going to be.
Switch#configure terminal
Switch(config)#vlan 10
Switch(config-vlan)#name Local_Internet_Network
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name my_other_network
Switch(config-vlan)#exit
Switch(config)#interface range gigabitEthernet 0/1-16
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#exit
Switch(config)#interface range gigabitEthernet 0/17-32
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 20
Switch(config-if-range)#exit
Switch(config)#exit
Switch#write memory
and check on trunk
The 2950 switch was a L2 switch only last time I checked so it will not be able to route between the VLANs. You may want to consider a small firewall in order to provide the layer 3 element (routing) and block any internet traffic from hitting your LAN. You can then also utilise a switch with this topology.
The respective switch VLANs for Internet and LAN would be connected to the relevant Internet /LAN firewall ports and your servers would be connected to the LAN. The switch management port should also be on the trusted LAN network or a dedicated management VLAN.

Bridge Wifi to Raspberry Pi using Ethernet Cable

I am not finding this question in SF history, which was a surprise, so I'll go ahead and ask it.
I am working on an IoT Raspberry Pi project with Windows 10 and need to connect it to the internet via an Ethernet/USB adapter. The adapter itself is made by Belkin. Using this, I can see an ip of 169.stuff get generated for my Pi, which is a private ip. I can deploy code to that from my connected box, however other devices are not able to reach it, and it is not able to make connections out to any servers.
I'm wondering if anybody knows how to bridge the connection.
I am attempting to use the new Azure IoT Hub and the SDK with this in case that makes any differences as that is not a simple rest interface and I believe is some form of socket connection.
Additional Notes:
I have installed a DCHP Server and the Pi gets the ip address: 192.168.0.3 assigned to it. Unfortunately the Pi still can not ping external sites, such as google.com
Latest Discoveries:
I am on a corporate box, which has internet sharing disabled by the system admin. Following these instructions: http://zizhujy.com/blog/post/2013/07/07/Solved-Internet-Connection-Sharing-has-been-disabled-by-the-Network-Administrator.aspx Fails. It shuts down all connectivity to my box and I cannot ping anything or reach the internet or anything.
Thanks,
~David
The 169 address means it isn’t getting a DHCP address assigned.
Since you don't have a router for the Ethernet, you can use Internet Connection Sharing, however we will need to run the following commands against the Pi to set a static IP, gateway, and dns server, since internet connection sharing botches this up a bit at times:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value 192.168.137.2
Enter-PSSession -ComputerName 192.168.137.2 -Credential 192.168.137.2\Administrator
set-executionpolicy unrestricted
netsh int ip set address "Ethernet" static 192.168.137.2 255.255.255.0 192.168.137.1
netsh int ip set dns "Ethernet" static 8.8.8.8
netsh interface ipv4 show config
set-executionpolicy remotesigned
You may need to reboot the Pi at this point then test pinging 8.8.8.8 and google.com to make sure resolution is working. You should be all set!
One other thing, if you have a group policy on the machine that is restricting Internet Connection Sharing then take a look at this article to fix the issue. Note if your organization is constantly sending down the policy then you may have to re-enable Internet Connection Sharing often which is aggravating but at least it will work.
http://zizhujy.com/blog/post/2013/07/07/Solved-Internet-Connection-Sharing-has-been-disabled-by-the-Network-Administrator.aspx
I do this by creating a DHCP server on my laptop and connecting the Pi directly to it. I followed these instructions to get it working:
Download DHCP Server for Windows. It is a 100kB download.
Go to the IPv4 properties page of the Ethernet adapter and set a fixed IP address, say 192.168.2.1
Run the DHCP Server Wizard (downloaded above)
Select the Ethernet adapter from the list shown
Save the configuration file and start up the DHCP Server
Click the 'Continue as tray app' button in the server control panel.
Boot up the Raspberry Pi
A popup notification shows the IP address assigned by the DHCP server to the Raspberry Pi.
Use a SSH client, like PuTTy, to connect to the IP address shown
Hope this works!

How to login into beaglebone black remotely

I have my beaglebone black running stock Angstrom Linux and is connected to ethernet at my home. I can login from any PC connected to my home network using SSH. I would like to know how can I login from another network, say I am at my office and I am connected to internet. I want to login into my beaglebone black which is connected to internet at my Home. How can I do this?
Thanks in Advance
You have a public IP address, that is given to you by your Internet operator. This public IP however will be different than the IP of your Beagle in your local network.
To login to your Beagle from the Internet, you need to connect to your public IP address, and need to add port forwarding to your router, so that port 22, which is the socket port that is used by ssh, is forwarded from your public IP to your local IP.
So, you need to login to your router management console, and go to "port forwarding" options, and select to forward TCP/IP connections to port 22 be forwarded to your Beagle IP. For this to work longer term, you should set static IP address to your Beagle, otherwise if your board stays offline for long time, the DHCP server on your router will probably assign different IP at some point, and the forwarding would need to be setup again.
There is a good guide on the static IP address setting in Beagle/Angstrom here: http://derekmolloy.ie/set-ip-address-to-be-static-on-the-beaglebone-black/
One more thing: Since your operator will also assign different public IP for you from time to time, you might want to have some kind of Dynamic DNS service in use. With this kind of service, you can create your "custom" DNS address (for example user3180454.no-ip.com), that will always point to your Public IP address to which you can create ssh connection (the service will require some method to keep this IP address up to date, you will see instructions on how to do it from the service you use).
Couple services like this:
http://no-ip.com/
http://freedns.afraid.org/
You might also want to try out the Weaved connection service installer for BeagleBone Black. I'm using it to connect:
SSH on port 22
BBB web server on port 80
tightVNC server on port 5901
Shell in a Box on port 4200
Apache web server on port 8080
See:
https://developer.weaved.com/portal/members/betabeagle.php
If you are:
Connecting to from a BeagleBoard via USB Ethernet
from Mac Air running Mavericks & connected to web via Wifi
I found this very helpful:
http://makezine.com/2012/07/16/use-your-mac-laptop-as-a-wireless-proxy-for-raspberry-pi/
In short >> install/run a proxy server (with Squidman) & your life will be easier.
I know this is an old question. But I thought I'd suggest another option. I use TeamViewer (https://www.teamviewer.com) to connect to my work/home computers. You could use something like this to connect to your home computer from the office. Once connected to your home computer, you could then do whatever you need to do on your home network. No port forwarding required.

Multiple NIC card with different subnet

Am using Cent OS 6.2 (64bit), I have 4 NIC interface, in that am trying to connect two NIC with different subnet,
em1 with 10.30.2.x series
em4 with 10.30.4.x series
Also I added route with /sbin/route add -net 10.30.4.0 netmask 255.255.255.0 dev em4
When I make the network device up "ifup em4" am not able to ping both the interfaces.
There is no IPtables running and selinux also disabled.
The same setup is working in one more DELL server, in that server reverse IP and IP forwarding is not enabled, even then its working.
Reverse IP & IP Forwarding
cat /proc/sys/net/ipv4/conf/em2/rp_filter
1
cat /proc/sys/net/ipv4/ip_forward
0
Any comments would be appreciated.
Thanks in advance.
If you are sure that ip addresses are actually setted on the interfaces, everything should work out, i would suggest to check network equipment on the way.
easiest way to test this is to use tcpdump -i any icmp and see if you actually receive the packets, this will also show you if your pong is going on the wrong interface.
hope that helps

Troubles accessing the VirtualHost on a local net

Hi I have a Huawei ADSL modem with a dynamic IP. I set up a dynamic dns with freedns and I can easily access my Virtual host on apache from outside my private network, from internet.
So trying to access it from a local network I get a modems login page.
I have the rule in my modems NAT to connect port 80 to my server but it seems it doesnt work from internal net.
My server hosting the virtual host is 192.168.0.1 , the modem has the 192.168.0.254 address.
I tried to put my external domain name into the /etc/hosts file, but if I do that then asterisk server gets confused.
What could be the cause of the problem ? And what would be the best solution to this problem ?
Should I set up a caching DNS on the private side of the net ?
Hugger is half right... Its because your router is blocking loopbacks. The easiest way around this is to edit the hosts file (See the Wiki page) on the computer that is behind the network to see the local IP of the computer as the virtual host your going for. For example if your server is on 192.168.0.1 and the virtual hostname is www.imrad.com then insert
192.168.0.1 www.imrad.com
into your hosts file. If your computer leaves the local network (like a laptop you take to work) and joins a network not behind your router you need to comment out the line in the hosts file.
well actually to access that you must find the local ip address of the server by going into command line/prompt and typing ipconfig /all then you will find ipv4 address. Take note of that.
Go to another computer and your that ip and it will show.
The reason that was happening is because the router/modem knows you are in its network so it will think you ar trying to go top the login page of it. That happens to me too.

Resources