Solved Putting together a cut down version of pfSense

Phishfry said:
sysutils/pftop will show you alot of useful information about your firewalls states.

An Introduction to Packet Filter (PF) | FreeBSD Foundation

Packet Filter, also known as PF or pf, is a BSD-licensed stateful packet filter used to filter TCP/IP traffic and perform Network Address Translation (NAT.) Originally created by OpenBSD, PF has been ported to FreeBSD since 5.3-RELEASE. PF can identify where a packet should be directed or if it...
freebsdfoundation.org freebsdfoundation.org
Click to expand...
So if I ping 8.8.8.8 from the LAN should I see something output by pftop?
 
Yes.
Once again I believe in KISS.
Start with small steps. Disconnect LAN. Work with pftop on firewall and see what ping looks like from your firewall to 8.8.8.8 and google.com

Focus on getting your firewall right then worry about LAN.
Flush routes and reboot firewall with LAN machines down.
Test firewall connection. You should have a reproducible set of settings for your network controller.
 
I can ping 8.8.8.8 from my gateway, or firewall as you call it, but pftop doesn't show anything.

I think I'm missing something here.

I did have things working and haven't tried to 'improve' anything, but it no longer works.
 
It appears that my gateway, ue1, a USB tethered connection to the Internet needs to be set before pf starts.

For some reason my NAT rules got changed from ue1 to ue0, so the gateway did not work.

At least I have Internet access from my LAN again, so I can look into getting a dhcp server set up
 
Yes all system startup stalls out waiting for this device..
If it gets a connection early it goes forward though.

I advise set it high and work down until it fails.
45-60 seconds might be considered if slow to startup.
 
You must log in or register to reply here.
Back
Top