I am playing around with pfsense on a FreeNAS virtual machine which has two ethernet ports. One is used as LAN the other WAN. I would like to configure my Turris Omnia (TO) as a smart network switch which would provide wifi access, ethernet ports as well as DHCP capabilty, with my PFsense box connected to to the internet and providing firewall functionality. After several tries at configuring my TO I have not succeeded to connect thru my Pfsense box to the internet. I assume I somehow have to configure a port on my TO as an uplink to the Pfsense box. Any help would be appreciated.
It should be sufficient to connect the WAN port of the TO to the LAN port of Pfsense and set the TO WAN ports ip address in the Pfsense LANs subnet and set the gateway of TO WAN to the Pfsense ip adress in that subnet. eg:
- Pfsense LAN: IP 10.10.10.1, CIDR /24 or netmask 255.255.255.0
- TO WAN: IP 10.10.10.2, CIDR /24 or netmask 255.255.255.0, gateway 10.10.10.1
This should give you a working setup where a client connected to TO lan/wlan can get an ip address from TO and can reach the internet. At least the TO should be able to reach the Internet (eg. ping 8.8.8.8). If thats not the case there is probably something wrong with Pfsense config.
client (LAN/WLAN)<>(WLAN/LAN) TO (WAN)<>(LAN) Pfsense (WAN)<>Internet
What you suggest has occurred to me but the problem is I do not see a simple way of disabling the firewall in TO. I tried stopping the firewall initscript and it caused the TO to not function.
Don’t disable the firewall completely. Just put everything on the LAN interface on the Omnia, disable/delete the WAN iface, and set the default route on the LAN iface to the LAN address of the PFSense box.
I tried your suggestion Matt but I still can’t get to the wan on the PFsense box. I am not sure if it is something in the firewall of either machine. It would be nice to be able to completely turn off the firewall on TO.
What default route do clients get? It should be the LAN IP of the pfsense box.
I did set that as you suggested above.