* No badgers were harmed in the creation of this blog *

** Not intended to diagnose, treat, cure, or prevent any disease **

Saturday, May 27, 2023

Home lab setup: 2

In my last post, I downloaded an ISO image of the pfSense firewall, adapting instructions written for VirtualBox to apply to my VMWare setup. I left off with the software running, but no ip address for the WAN, as seen at right.The menu gives an option to set an interface ip address - option 2. From here, I'm given the option to set the ip address via DHCP. ipv4 and ipv6 are separate options. Selecting 'no' to DHCP enables entering an ip address manually. Selecting 'yes' for ipv4 and 'no' for ipv6 does - nothing. Oops - it was already setup that way, so, no change. Googling a solution means finding pfSense setup directions; pfSense has their own page, it's the top hit, and I start there (https://www.pfsense.org/getting-started/).

I immediately realize that I've forgotten something pretty basic. When I downloaded the image, I never checked its integrity. If the file corrupted in download, I could chase error messages till Kingdom come and never solve anything, and in fact an integrity check should have been the first thing I did after downloading. The command is straightforward enough. I'm running a Windows host, and in the command prompt I enter certutil -hashfile [filename here] SHA256 (substituting the downloaded file's name, and without the square brackets). Hooray, the hash matches, so I know I'm working with an intact download.

Taking another look at the instructions, and looking at the settings for pfSense, and looking at the settings for my Kali box, I see that historically, I've used NAT for my outbound connections. Changing the WAN setting to NAT and rebooting pfSense does lead it to load up with an address for its WAN socket: I also note that previously, the loading process used to hang on "Configuring WAN interface" for over a minute; now this process only takes a few seconds. However, there is not yet a connection between machines on the LAN and the outside world. With my Kali and my Raven boxes on the internal LAN, I can reach one from the other, but attempting to reach the internet fails: I can't navigate to outside websites on a browser in Kali, nor can I ping the Google DNS server (8.8.8.8 - "ping: connect: Network is unreachable")

The solution, after starting several false hares and a few unhelpful google searches, was to reset pfsense to factory defaults and set the external network to NAT. "Well, nothing else has worked. Let's see what happens if I reset to factory default."

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)