Bitaxe Gamma and PFSense

[Mac128]

Hello,

New to bitmining
Bitaxe Gamma

PFSense is blocking Bitaxe gamma, making Bitaxe return this error:

stratum_task: Switching target due to too many failures (retries: 3)...

My setup:
AT&T ---> BGW210 Gateway ---> Netgate PFSense ---> TPLink T1600G ---> Downstream Asus Wifi AP.

The AT&T BWG210 is normally Wifi-DISABLED to reduce heat.

Bitaxe does not hash when pulling Wifi from downstream AP.  Probable cause is narrowed to PFSense.

Upon TEMPORARILY enabling Wifi on the BWG210 (bad idea) the Bitaxe worked as it should.

Unfortunately, for me, the Bitaxe disallows access to its Network-IP specific firmware DNS settings, and wont allow me to force its IP to static and set an outside DNS.  (or that feature is well hidden),.  

PFSense hands out DHCP IPs with its 192.168.57.1 and I suspect that Bitaxe is erroneously  interpreting 192.168.57.1  to become the WAN DNS instead of 8.8.8.8 or whatever.  

Bitaxe is using  192.168.57.235 DHCP.  I would love to make it static and give it a bunch of outside DNSs, but Ohhh Nooo, not gonna happen (unless theres a way to Telnet in).

And so, it appears I need to pass inbound and outbound straight from the AT&T Gateway thru  PFSense to the 192.168.57.235 for Bitaxe, and at this point I can really use your advice on how to do it within PFSense.  

Many Thanks,
Jack

[btctaipei]

The correct way to go about it would be to put your BGW210 in IP Passthroug mode so only Netgate PFSense were exposed. You'll need to find MAC address of your PFSense and make appropriate changes to BGW210:

On your DNS speculations, by default modern Netgate PFSense uses Unbound and its setup as DNS Resolver mode.   It can work as full resolver or forward-only (say if you insist on using 8.8.8.8 or 1.1.1.1 fully recursive-resolver for doing on the work) - but you need to check Enable Forwarding Mode under Service > DNS Resolver. These are well documented at https://docs.netgate.com/pfsense/en/latest/services/dns/resolver.html

BGW210 or BGW320 (taken from https://www.att.com/support/article/u-verse-high-speed-internet/KM1322413/) can be set to DMZ mode.
From a computer connected to your Wi-Fi gateway:

    Go to your gateway settings.
    Select Firewall and then Advanced.
    Enter your Device Access Code, if asked. You can find this on a sticker on your gateway.
    Turn off everything in Firewall Advanced.
    Select IP Passthrough and set the following:
        Allocation Mode to Passthrough
        Passthough Mode to DHCPS-fixed
    Enter the MAC address of the device to be set up in the Passthrough Fixed MAC address field.
    Select Save and Restart Now.

Good to know: You may have to reboot your computer and Wi-Fi gateway to force a new IP assignment.


if this doesn't work then  might want to look at mapping
since it's PF based, what does /etc/pf.conf looks like on netgate PFSense?

You might want to use tcpdump on /dev/pflog0 to troubleshoot and see what exactly your rules are missing (or insight on rules that isn't working as it should).

good place to start would be https://docs.netgate.com/pfsense/en/latest/diagnostics/packetcapture/tcpdump.html

But these are advanced kung-fu that I don't think average user would possess. (more likely firmware / Embedded DevOp)

[Mac128]

Hi btctaipei

Thanks for fast reply!

All I did was go to DNS Resolver
and enable:
Enable SSS/TLS Service,and I checked it
Network Interfaces, I changed it to "All"
and Outgoing Network Interfaces, to "All"

I did not diddle with the BGW210.

Bitaxe is happy now.  Lol

Thanks for taking time to respond. 

Jack