azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6582f73f87d1dfdfd4da5ff9e8c6abd5eae9a630
claudetools/wiki/systems/pfsense.md
Mike Swanson e9b251fe01 sync: auto-sync from GURU-5070 at 2026-05-25 06:51:48 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-25 06:51:48
2026-05-25 06:51:51 -07:00

66 lines
1.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
type: system
name: pfsense
display_name: pfsense (ACG Gateway/Firewall)
last_compiled: 2026-05-25
compiled_by: DESKTOP-0O8A1RL/claude-main
sources:
- session-logs/2026-05-25-session.md
backlinks:
- systems/gururmm-build
- systems/jupiter
---
# pfsense (ACG Gateway/Firewall)
## Identity
| Field | Value |
|-------|-------|
| Role | Primary gateway, firewall, and router for ACG office LAN |
| LAN IP | **172.16.0.1** |
| SSH port | **2248** |
| Tailscale IP | 100.119.153.74 |
| OS | FreeBSD (pfSense) |
---
## Network
| Interface | Subnet | Notes |
|-----------|--------|-------|
| LAN | 172.16.0.0/22 | ACG office LAN (172.16.0.x 172.16.3.x) |
| WAN | (DHCP/static from ISP) | External IP 98.181.90.163 (as seen from Tailscale) |
| Tailscale | 100.119.153.74 | Active peer, direct connection |
pfsense is the **default gateway** for all ACG LAN devices. The build server (172.16.3.30) has `via 172.16.0.1` as its default route.
---
## Tailscale
pfsense is a Tailscale peer (`active; direct 98.181.90.163:41641`). It serves as the Tailscale subnet router for the ACG LAN. LAN machines route Tailscale traffic (`100.0.0.0/8`) through pfsense.
**Build server static route (added 2026-05-25):**
```
172.16.3.30 → 100.0.0.0/8 via 172.16.0.1
```
Persisted in `/etc/netplan/00-installer-config.yaml` on the build server. This allows the GuruRMM server to reach Beast's Ollama at `100.101.122.4:11434`.
---
## SSH Access
```bash
ssh -p 2248 <user>@172.16.0.1
# From outside LAN, use Tailscale IP:
ssh -p 2248 <user>@100.119.153.74
```
---
## Key Rules
- **Do not restart or apply firewall rules without user confirmation** — pfsense is the single point of failure for the entire ACG LAN.
- Any changes to NAT, firewall rules, or routing should be confirmed before applying.
Reference in New Issue View Git Blame Copy Permalink