--- type: system name: pfsense display_name: pfsense (ACG Gateway/Firewall) last_compiled: 2026-05-25 compiled_by: DESKTOP-0O8A1RL/claude-main sources: - session-logs/2026-05-25-session.md backlinks: - systems/gururmm-build - systems/jupiter --- # pfsense (ACG Gateway/Firewall) ## Identity | Field | Value | |-------|-------| | Role | Primary gateway, firewall, and router for ACG office LAN | | LAN IP | **172.16.0.1** | | SSH port | **2248** | | Tailscale IP | 100.119.153.74 | | OS | FreeBSD (pfSense) | --- ## Network | Interface | Subnet | Notes | |-----------|--------|-------| | LAN | 172.16.0.0/22 | ACG office LAN (172.16.0.x – 172.16.3.x) | | WAN | (DHCP/static from ISP) | External IP 98.181.90.163 (as seen from Tailscale) | | Tailscale | 100.119.153.74 | Active peer, direct connection | pfsense is the **default gateway** for all ACG LAN devices. The build server (172.16.3.30) has `via 172.16.0.1` as its default route. --- ## Tailscale pfsense is a Tailscale peer (`active; direct 98.181.90.163:41641`). It serves as the Tailscale subnet router for the ACG LAN. LAN machines route Tailscale traffic (`100.0.0.0/8`) through pfsense. **Build server static route (added 2026-05-25):** ``` 172.16.3.30 → 100.0.0.0/8 via 172.16.0.1 ``` Persisted in `/etc/netplan/00-installer-config.yaml` on the build server. This allows the GuruRMM server to reach Beast's Ollama at `100.101.122.4:11434`. --- ## SSH Access ```bash ssh -p 2248 @172.16.0.1 # From outside LAN, use Tailscale IP: ssh -p 2248 @100.119.153.74 ``` --- ## Key Rules - **Do not restart or apply firewall rules without user confirmation** — pfsense is the single point of failure for the entire ACG LAN. - Any changes to NAT, firewall rules, or routing should be confirmed before applying.