Did you try switching your computer to a different port?
That's very reassuring then. I was about to start thinking this is impossible for no good reason.
Yes, I have tried all of the ports that are a part of the bridge.
Try opening a shell from the menu and see if disabling the firewall rules using the command `pfctl -d' lets you access the configuration page again. If not, verify that you are getting an address on your computer from the DHCP server. If not, try reassigning the addresses from the pfSense console and that might restart the DHCP server.
How do I exit the shell from the console?
Never mind, I got it.
Connection-specific DNS Suffix.....ben.pri
Link-local IPv6 Address.....(bunch of stuff that I don't have patience to type)
IPv4 Address......10.10.10.56
Subnet Mask........255.255.254.0
Default Gateway.......fe80::1:1%11
10.10.10.1
This is the read-out that I get when connected to my pfsense box.
I don't know how you posted a base64 encoded image but anyway...
It looks like you changed the LAN address of pfSense to 10.10.10.1? That's fine. That's great even. Make sure that's not stale (ipconfig /release /renew), but assuming it isn't then you should be able to access it when you put the ip in your browser. If not, you should be able to access it when you disable the firewall on pfsense (pfctl -d) as the rules might not have been added to allow LAN traffic (IDK why that happens sometimes), if that still fails, you can try restarting the web configurator from the menu (option 11).
I think that may have been an ipconfig of my school switch. Not the pfsense box.
It wasn't, I'm just going crazy. I disabled the firewall, tried ipconfig release and renew, and windows is sill telling me that I have no connection, and when I put it the IP address into my browser it throws an unable to connect error....
Even restarting the web configurator doesn't solve the problem
This is so funny, because now I've got this set up in a VirtualBox VM, with 3 host-only NICs, and it's giving me addresses via DHCP, but not letting me access the web interface.
Well I'll figure this out sooner or later I swear. I just wish I had a spare machine to actually try this with.
So we are hitting the same problem? That is very interesting. And there is no big rush really, I am just glad that your here to help. Otherwise I would have no clue what to do.
I'm glad to help. Right now I'm installing a bare FreeBSD VM just so I can verify that it's a bug with pfSense and not my setup. I'm not entirely sure we have the same problem because you said you aren't getting an IP from pfSense, but I was actually getting the IP assigned correctly.
In the meantime while I figure this out, you can try the other way I mentioned, where instead of putting the bridge as the LAN, you add LAN to the bridge with the rest of the OPT ports. Then you have to add some firewall rules ("floating") to allow all traffic between those interfaces I believe. It might just work...
Wow... for some reason the TCP checksums were all bad on my virtual ethernet devices. I don't know if you're having the same problem, and I don't know how to diagnose that on Windows. Maybe wireshark would tell you. I was able to add a rule to my local machine to recompute the checksums, and now everything works great. I'll look into what has to be done to pfSense to make it not screw those up...
Actually pfSense didn't anything to do with the checksums being wrong, it was the host machine at fault I'm pretty sure. I don't know why I said pfSense was screwing them up.
Argh pfSense really isn't designed to be a switch ;) But the bridge really IS designed to function like a switch, so it should work (and does usually). From the FreeBSD bridge(4) man page:
A bridge works like a switch, forwarding traffic from one interface to another. Multicast and broadcast packets are always forwarded to all interfaces that are part of the bridge. For unicast traffic, the bridge learns which MAC addresses are associated with which interfaces and will forward the traffic selectively.
So anyway, it looks like we aren't having the same problems. Can you get wireshark and see what kind of traffic is passing on your computer? Alternatively, you can use tcpdump on pfSense from the command line (but it's less friendly). tcpdump -ni bridge0' for example would give a brief overview as traffic hits the bridge. -nevi would show a bit more info and you might be able to see if the checksums are valid or not. Note that the firewall tends to re-enable itself when you change certain settings, and even though the default rules shouldn't be causing any trouble, you can manually disable it again withpfctl -d' (or pfctl -e' to enable again,pfctl -s rules' to show the rules, `pfctl -s nat' to show the NAT settings... pf is somewhat cryptic though).
I don't have time to do that tonight. I will try tomorrow and give you my results.
Ok there's nothing coming from pfSense there, it's all just your computer. It looks like your university network hands out the 10.10.10.0/24 address and you're disconnecting from that network and plugging into pfSense, and at that point your computer fails to get a new IP address so switches to the self assigned 169.254.0.0/16 link-local address.
First, can you verify that your pfSense box is getting assigned an IP from the university network and has access to the internet (ping -c4 google.com)? By the way, the 10.0.0.0/8 range used by the university is a private network so make sure you do not have the "Block private networks" option checked when you do the WAN setup during the initial configuration wizard.
After you have verified WAN access is functional, you should be able to get at the web interface by following these steps: Connect your switch to the campus and connecting both your computer and the pfsense WAN port to the switch. Disable the firewall on the pfsense console (the firewall blocks access from WAN by default) and punch the WAN address into your web browser. Now you should be able to check that all the settings are correct. If you could go to Diagnostics-Command Prompt and execute "ifconfig" and post the results to pastebin, it will help me see better what is going on. Likewise, "sockstat -4" and "netstat -rn -f inet" would be helpful.