1.8 KiB
1.8 KiB
type, name, display_name, last_compiled, compiled_by, sources, backlinks
| type | name | display_name | last_compiled | compiled_by | sources | backlinks | |||
|---|---|---|---|---|---|---|---|---|---|
| system | pfsense | pfsense (ACG Gateway/Firewall) | 2026-05-25 | DESKTOP-0O8A1RL/claude-main |
|
|
pfsense (ACG Gateway/Firewall)
Identity
| Field | Value |
|---|---|
| Role | Primary gateway, firewall, and router for ACG office LAN |
| LAN IP | 172.16.0.1 |
| SSH port | 2248 |
| Tailscale IP | 100.119.153.74 |
| OS | FreeBSD (pfSense) |
Network
| Interface | Subnet | Notes |
|---|---|---|
| LAN | 172.16.0.0/22 | ACG office LAN (172.16.0.x – 172.16.3.x) |
| WAN | (DHCP/static from ISP) | External IP 98.181.90.163 (as seen from Tailscale) |
| Tailscale | 100.119.153.74 | Active peer, direct connection |
pfsense is the default gateway for all ACG LAN devices. The build server (172.16.3.30) has via 172.16.0.1 as its default route.
Tailscale
pfsense is a Tailscale peer (active; direct 98.181.90.163:41641). It serves as the Tailscale subnet router for the ACG LAN. LAN machines route Tailscale traffic (100.0.0.0/8) through pfsense.
Build server static route (added 2026-05-25):
172.16.3.30 → 100.0.0.0/8 via 172.16.0.1
Persisted in /etc/netplan/00-installer-config.yaml on the build server. This allows the GuruRMM server to reach Beast's Ollama at 100.101.122.4:11434.
SSH Access
ssh -p 2248 <user>@172.16.0.1
# From outside LAN, use Tailscale IP:
ssh -p 2248 <user>@100.119.153.74
Key Rules
- Do not restart or apply firewall rules without user confirmation — pfsense is the single point of failure for the entire ACG LAN.
- Any changes to NAT, firewall rules, or routing should be confirmed before applying.