[pfSense] pf vrs mono?

Andrew @ ATMlogic.ca andrew at atmlogic.ca
Tue May 1 09:33:22 EDT 2012

Most, if not all setups would be behind an existing firewall  (typical setup
would be in an office, gives 'easy' access to the network for phone, tablets
etc.  As well as giving guests access if required.


I also have a number of hotel/fuel station hot spots that would have a
direct connection to the internet (public ip)


So I think your exactly on it.  In all my testing / setup the WAN would be
getting a private (192.168/16) address.  So is block ON by default?  (And
guessing off by default in Mono?)


From: list-bounces at lists.pfsense.org [mailto:list-bounces at lists.pfsense.org]
On Behalf Of Bryant Zimmerman
Sent: Tuesday, May 01, 2012 8:13 AM
To: pfSense support and discussion
Subject: Re: [pfSense] pf vrs mono?


I install pfSense all the time and configure and it just works. What kind of
internet connection are you using?  If you are using a private IP address
from a providers router on the WAN interface it is possible that pfSense is
blocking the private ip address traffic on the WAN. This is on by default we
have seen this on customers running modems, cable and DSL in non bridge
mode.  If this is the case you can solve it by putting the modem in true
bridge mode or by allowing private ip's accross the WAN interface. If this
is not the case you must provide much more detail about your connection
types and IP's to get addtional help. Also what is your pfSense install
type. CF or HD?

To shut off blocking of private IP's on the WAN interface. Go to the WAN
interface page and uncheck.

        Block private networks
When set, this option blocks traffic from IP addresses that are reserved for
private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as
loopback addresses (127/8).   You should generally leave this option turned
on, unless your WAN network lies in such a private address space, too.

Hope this helps. 


Bryant Zimmerman (ZK Tech Inc.)
616-855-1030 Ext. 2003


From: "Andrew @ ATMlogic.ca" <andrew at atmlogic.ca>
Sent: Tuesday, May 01, 2012 8:56 AM
To: list at lists.pfsense.org
Subject: [pfSense] pf vrs mono?

Just wondering if someone can help me with what I would think is "basic"


I want to run pf instead of monowall on net4801 hardware. (Soekris)  When I
install monowall it for the most part just up and works, a very quick trip
to the console to establish Eth0,Eth1 and Eth2 and I am ready for 'advanced'
setup/captive portal, etc.  For my setup all I really 'need' is captive
portal working and a handfull of different vouchers.  With Monowall and a
few clicks this is up and working.


Problem with pf I have is I cannot even do basic surfing (before even
turning on the captive portal)  I setup the nics just like mono, and simply
put. I cannot surf?  In some cases from within the pf webpage I can ping
external address (e.g.  ping www.google.com) yet that is about it.  I have
run the pf setup on all forms of hardware for years, and in fustration just
gone back to m0n0wall that seems to just work.


I am thinking pf has a 'default' off where m0n0 has something on.  I have
read the how too's, but I am thinking I just glaze over something I should
be noting.


Any thoughts?



ATM Logic

Never memorize something that you can Google



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120501/8508a5c2/attachment-0001.html>

More information about the List mailing list