PfSense build gone wrong

[PenguinMaster]

I’m trying to build a PfSense router out of an old Dell PowerEdge R210 II. I already tried to install PfSense once, but did it unsuccessfully. I successfully created a bootable USB drive with the newer version of PfSense and tried to overwrite the old version of PfSense that didn’t install correctly. That went horribly wrong, the Dell PowerEdge still detects the SSD, but it says there no bootable version of PfSense on it now. Which would be good, but I don’t know if it uninstalled completely. I tried to follow tutorials, but no one goes into good depth on how to follow the installer or what partition mode to choose. Please help.

[nicholasfd]

I would start by going through and delete and re create any raid that your ssd is on, or just wipe the ssd if you dont, then try and install. I am new to pfsense, I got a Dell poweredge r610 the other day for pfsense, and didn't have any issues with it, so that's really all I can give you for advice.

[WereCatf]

On 3/23/2019 at 9:26 PM, Chickenfans said:

Please help.

Start installation and when you get to the below screen, select "Manual":

Then, select your disk. In this screenshot my disk is called "da0" and there are three partitions under it. When you have the disk selected, just choose the "Delete"-option with arrow-keys, press Enter -- this removes all partitions on the disk. Then proceed to the "Finish"-option and confirm that yes, you do want to do this.

Now choose "Auto ZFS" (it's a much, MUCH better choice than UFS as it's less susceptible to corruption and everything) and proceed with your installation.

[Alex Atkin UK]

Also don't get confused by the option on ZFS, with a single drive you just use the defaults.

[PenguinMaster]

On 3/24/2019 at 1:02 PM, WereCatf said:

Start installation and when you get to the below screen, select "Manual":

Then, select your disk. In this screenshot my disk is called "da0" and there are three partitions under it. When you have the disk selected, just choose the "Delete"-option with arrow-keys, press Enter -- this removes all partitions on the disk. Then proceed to the "Finish"-option and confirm that yes, you do want to do this.

Now choose "Auto ZFS" (it's a much, MUCH better choice than UFS as it's less susceptible to corruption and everything) and proceed with your installation.

I followed what you said, first I chose Manual Partition and when I get to the partition editior I chose GPT like in your picture because I don't see an option for ZFS, but don't you also need two drives for ZFS. When I choose GPT partitons I get the error "No root partition was found. The root pfSense partition must have a mountpoint of '/'.

[Alex Atkin UK]

You only need the manual partitioning to delete the existing ones from your previous failed attempt, do not create any new ones!

Select "Auto (ZFS)", set the pool to stripe for a single disk, mark the disk that should be used and it should auto-partition and install..

[PenguinMaster]

So now I got PfSense to install properly to the internal hard drive. The new issue is I can't access the Web Interface. I think it's not a link issue, bur at this point I'm open to all ideas. So I think it has something to do with the default IP address. Can you guide me through the ip changing process? Thanks.

[Alex Atkin UK]

Did you follow the basic setup instructions to define the WAN and LAN ports after first boot?

[PenguinMaster]

20 hours ago, Alex Atkin UK said:

Did you follow the basic setup instructions to define the WAN and LAN ports after first boot?

Yes

[Alex Atkin UK]

Are you sure you are plugged into the correct ethernet port and are you getting an IP address assigned by DHCP?

[PenguinMaster]

3 hours ago, Alex Atkin UK said:

Are you sure you are plugged into the correct ethernet port and are you getting an IP address assigned by DHCP?

Yep, it lists a WAN ip address. I am Hard Wired to the switch. When I type the IP address into the address bar, it just says "can't access web page, because you have no internet".

[Falconevo]

You don't access pfSense via the WAN IP, you need to specify a LAN IP to connect to if you are accessing from within your local network.

 

If you want to access the via the WAN IP, the default rules will block you.  You can run the following command inside of shell (option 8, which will give you command line access)

 

pfctl -d

 

This command will disable the firewall, but it will let you in on your HTTPS://WANIP from an external location. I wouldn't recommend it and ANY changes you do to the firewall and/or apply will re-enable the firewall so you would need to keep running this command to disable the filter.

It sounds to me like you aren't sure what you are doing at all.  You need to specify a LAN IP to access the firewall on the local network, you shouldn't really have a requirement to open the WAN side for public access.

[Alex Atkin UK]

What exactly do you have connected to the WAN port?  If its connected to your existing LAN for testing then the pfSense LAN would need to be a different subnet with your client on that side.

 

You aren't really going to be able to do any sort of proper testing if your client is on the WAN side.

[PenguinMaster]

On 3/31/2019 at 5:12 PM, Falconevo said:

You don't access pfSense via the WAN IP, you need to specify a LAN IP to connect to if you are accessing from within your local network.

 

If you want to access the via the WAN IP, the default rules will block you.  You can run the following command inside of shell (option 8, which will give you command line access)

 

pfctl -d

 

This command will disable the firewall, but it will let you in on your HTTPS://WANIP from an external location. I wouldn't recommend it and ANY changes you do to the firewall and/or apply will re-enable the firewall so you would need to keep running this command to disable the filter.

It sounds to me like you aren't sure what you are doing at all.  You need to specify a LAN IP to access the firewall on the local network, you shouldn't really have a requirement to open the WAN side for public access.

You are correct, I have really no idea what I am doing. I am 15 and and am learning as I go along.

[Falconevo]

10 minutes ago, Chickenfans said:

 You are correct, I have really no idea what I am doing. I am 15 and and am learning as I go along.

That's absolutely fine  we all have to learn.

If you give a little more detail with structure on where you are up to and what exact problems you are facing.  Then we can help

[PenguinMaster]

1 hour ago, Falconevo said:

That's absolutely fine  we all have to learn.

If you give a little more detail with structure on where you are up to and what exact problems you are facing.  Then we can help

This is the current screen I have. The current setup is with the ethernet cable coming from my modem to the Dell PowerEdge r210 II, then to a Quanta LB4M Switch. I can't access the web interface to complete the PfSense setup. I am using a MacBook Air, but I have Windows 10 in dual boot if we need that. Thanks for all your assistance so far.

[Falconevo]

52 minutes ago, Chickenfans said:

This is the current screen I have. The current setup is with the ethernet cable coming from my modem to the Dell PowerEdge r210 II, then to a Quanta LB4M Switch. I can't access the web interface to complete the PfSense setup. I am using a MacBook Air, but I have Windows 10 in dual boot if we need that. Thanks for all your assistance so far.

You do not have a second interface connected, you will need to utilise a second network interface if you want to perform WAN <> LAN routing.

Having the IP on the router, simply gives pfSense internet access and nothing else.   Some R210 II's have only one network interface, so unless you have configured VLANs on your quanta switch you arent going to get anywhere without a second NIC.  Which version of the motherboard do you have, does it have one or two network interfaces available?

[PenguinMaster]

19 hours ago, Falconevo said:

You do not have a second interface connected, you will need to utilise a second network interface if you want to perform WAN <> LAN routing.

Having the IP on the router, simply gives pfSense internet access and nothing else.   Some R210 II's have only one network interface, so unless you have configured VLANs on your quanta switch you arent going to get anywhere without a second NIC.  Which version of the motherboard do you have, does it have one or two network interfaces available?

I just realized my Quanta switch wasn’t powered on when I powered the router on. My motherboard has two onboard nics 

[Falconevo]

1 hour ago, Chickenfans said:

I just realized my Quanta switch wasn’t powered on when I powered the router on. My motherboard has two onboard nics 

Can you enable both network interfaces in the BIOS, then set the other interface (not bce1) likely to be bce0 for the LAN interface.  Then you need to set your local network range gateway IP you plan on using.

For example, if you are using 192.168.0.0/24 as your IP range, then using 192.168.0.1 as your pfSense IP would be sensible.

[PenguinMaster]

On 4/5/2019 at 5:32 PM, Falconevo said:

Can you enable both network interfaces in the BIOS, then set the other interface (not bce1) likely to be bce0 for the LAN interface.  Then you need to set your local network range gateway IP you plan on using.

For example, if you are using 192.168.0.0/24 as your IP range, then using 192.168.0.1 as your pfSense IP would be sensible.

They are both enabled. How do I set the IP address? Can I use a different range then 192.168.-.-, like maybe something Not as obvious?

[Falconevo]

2 hours ago, Chickenfans said:

They are both enabled. How do I set the IP address? Can I use a different range then 192.168.-.-, like maybe something Not as obvious?

You can use anything matching the RFC 1918 (10/8, 172.16/12, 192.168/16) in the inside LAN interface.

 

Use something like 172.16.0.1 for pfSense and setup a DHCP range of 172.16.0.100 <> 172.16.0.200 that way you have plenty of area in the subnet for static IP allocation.

[PenguinMaster]

26 minutes ago, Falconevo said:

You can use anything matching the RFC 1918 (10/8, 172.16/12, 192.168/16) in the inside LAN interface.

 

Use something like 172.16.0.1 for pfSense and setup a DHCP range of 172.16.0.100 <> 172.16.0.200 that way you have plenty of area in the subnet for static IP allocation.

To get into the LAN interface what should I do?

[Falconevo]

4 minutes ago, Chickenfans said:

To get into the LAN interface what should I do?

Once you have setup the LAN ip via the pfSense console, make sure the LAN interface is connected to your local switching, make sure you have another machine connected to your local switching then set your local machine IP address to;

IP - 172.16.0.2
Subnet - 255.255.255.0

Gateway - 172.16.0.1
Primary DNS - 172.16.0.1

Secondary DNS - leave blank

Then access pfSense via a web browser on https://172.16.0.1 or http://172.16.0.1

[PenguinMaster]

I got the router up and running and have gone through the setup process. I was wondering what good security features and other features I should enable. Is there anything I should disable? I have a Managed Quanta LB4M Network Switch as my LAN Interface. Should I enable or disable any features on that either? @Falconevo @Alex Atkin UK @nicholasfd @WereCatf

[WereCatf]

6 minutes ago, Chickenfans said:

I got the router up and running and have gone through the setup process. I was wondering what good security features and other features I should enable. Is there anything I should disable? I have a Managed Quanta LB4M Network Switch as my LAN Interface. Should I enable or disable any features on that either? @Falconevo @Alex Atkin UK @nicholasfd @WereCatf

pfSense has pretty strict defaults, so no, you don't need to enable anything to get good security.