• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

NO INTERNET TRAFFIC ON LAN

General pfSense Questions
5
16
1.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    Pamela
    last edited by Feb 7, 2022, 1:28 AM

    I have installed pfsense on old machine having two Network interfaces. There is one router huwei which is giving the internet having 192.168.5.10 . One interface of old machine I have uses as WAN and set IP to 192.168.10.27 static. I have made another interface used as LAN and give IP as 192.168.55.1. I am able to access LAN GUI 192.168.55.1 from laptop. but the other sites not working. 🔒 Log in to view 🔒 Log in to view 🔒 Log in to view 🔒 Log in to view 🔒 Log in to view 🔒 Log in to view 🔒 Log in to view 🔒 Log in to view 🔒 Log in to view
    Please help me to make internet working

    J M 2 Replies Last reply Feb 7, 2022, 1:34 AM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @Pamela
      last edited by johnpoz Feb 7, 2022, 1:35 AM Feb 7, 2022, 1:34 AM

      @pamela Why do you have a gateway on your lan.. Yeah that is not going to work! And you just point it to itself? Why did you do that - pfsense all over the place warns you that this is LAN do not set a gateway..

      🔒 Log in to view

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      P 1 Reply Last reply Feb 7, 2022, 3:32 PM Reply Quote 1
      • M
        mcury @Pamela
        last edited by mcury Feb 7, 2022, 1:40 AM Feb 7, 2022, 1:38 AM

        Hi, try these steps:

        1st: Fix your firewall rules, you are only allowing ICMP.
        Create in LAN a rule allowing LAN_NET to ANY ports TCP 80/443 and TCP/UDP 53.

        2nd: You don't need a gateway in the LAN, you can remove that.

        3rd: I would also disable the outbound NAT for the LAN network and create a static route in that huawei router like this:
        Route to 192.168.55.0 next hop 192.168.10.27.
        Edit: It would be better to put pfsense facing WAN directly, without that router... Public IP directly in Pfsense WAN..

        dead on arrival, nowhere to be found.

        P 1 Reply Last reply Feb 7, 2022, 3:37 PM Reply Quote 0
        • P
          Pamela @johnpoz
          last edited by Feb 7, 2022, 3:32 PM

          @johnpoz I have removed that still problem persisits

          1 Reply Last reply Reply Quote 0
          • P
            Pamela @mcury
            last edited by Feb 7, 2022, 3:37 PM

            @mcury Problem remains the same. I have removed the gateway from LAN and also edit the rules as follows

            🔒 Log in to view

            🔒 Log in to view 🔒 Log in to view 🔒 Log in to view

            And also on the router side i have created a static route in huawei router as mentioned

            🔒 Log in to view 🔒 Log in to view 🔒 Log in to view

            When i ping the traffic routed as mentioned in following screen shots

            🔒 Log in to view

            It is replying but not opening the website.

            J M 2 Replies Last reply Feb 7, 2022, 3:45 PM Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator @Pamela
              last edited by johnpoz Feb 7, 2022, 3:46 PM Feb 7, 2022, 3:45 PM

              @pamela that setup makes no sense.. I highly doubt your Huawei is going to nat your downstream 192.168.55 network.

              There is no need to add that route on that router, and you should let pfsense nat to its wan IP.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              M 1 Reply Last reply Feb 7, 2022, 4:16 PM Reply Quote 0
              • M
                mcury @johnpoz
                last edited by mcury Feb 7, 2022, 4:17 PM Feb 7, 2022, 4:16 PM

                @johnpoz said in NO INTERNET TRAFFIC ON LAN:

                @pamela that setup makes no sense.. I highly doubt your Huawei is going to nat your downstream 192.168.55 network.

                There is no need to add that route on that router, and you should let pfsense nat to its wan IP.

                She is behind a double nat, which is not desirable.
                If she disables the NAT in pfsense, she will reach the Huawei router with a source IP of the 192.168.55.0/24 network.
                The Huawei router won't know how to route back the packet, and it will send it through the default route, which is WAN.
                That is why I told her to create a static route, so the Huawei router knows that the 192.168.55.0 is behind the LAN interface.

                dead on arrival, nowhere to be found.

                J 1 Reply Last reply Feb 7, 2022, 4:25 PM Reply Quote 0
                • M
                  mcury @Pamela
                  last edited by Feb 7, 2022, 4:18 PM

                  @pamela br0 is the WAN interface? Try changing that to the LAN interface of the Huawei router.

                  dead on arrival, nowhere to be found.

                  1 Reply Last reply Reply Quote 0
                  • J
                    johnpoz LAYER 8 Global Moderator @mcury
                    last edited by Feb 7, 2022, 4:25 PM

                    @mcury said in NO INTERNET TRAFFIC ON LAN:

                    which is not desirable.

                    But works.. triple nat, quadruple nat also works, etc.. I find it highly unlikely that router she has at the edge will do natting of downstream networks..

                    I would highly suggest just getting it to work with the double nat, before attempting anything else.. Pfsense should just like any other client connected to that router.. If after that works they want to play with removing the double nat.. Great but out of the box just plugging in pfsense should work, as long as the pfsense lan and wan are not overlapping networks.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    M 1 Reply Last reply Feb 7, 2022, 4:31 PM Reply Quote 0
                    • M
                      mcury @johnpoz
                      last edited by Feb 7, 2022, 4:31 PM

                      @johnpoz said in NO INTERNET TRAFFIC ON LAN:

                      I find it highly unlikely that router she has at the edge will do natting of downstream networks..

                      Hm, I didn't take that in consideration.. Its most likely won't have that option..
                      You are right, better to keep the double nat, then in case she needs in the future, work to remove it..

                      So Pamela, sorry for giving you that 3rd step instruction, better to remove the static route from Huawei router, and leave the NAT enabled at the pfsense side.. Should work..

                      dead on arrival, nowhere to be found.

                      1 Reply Last reply Reply Quote 0
                      • S
                        stephenw10 Netgate Administrator
                        last edited by Feb 7, 2022, 4:49 PM

                        Yes there appears to be no default gateway set.
                        As others have suggested, remove the LAN gateway.
                        Set the default v4 gateway to WAN instead of automatic.

                        Steve

                        P 1 Reply Last reply Feb 8, 2022, 12:29 AM Reply Quote 1
                        • P
                          Pamela @stephenw10
                          last edited by Feb 8, 2022, 12:29 AM

                          @stephenw10 Thanks a lot for having a deep understanding of my case. I changed the gateway to WAN now it is working fine.

                          🔒 Log in to view

                          P 1 Reply Last reply Feb 9, 2022, 1:07 AM Reply Quote 1
                          • P
                            Pamela @Pamela
                            last edited by Feb 9, 2022, 1:07 AM

                            @pamela said in NO INTERNET TRAFFIC ON LAN:

                            @stephenw10 Thanks a lot for having a deep understanding of my case. I changed the gateway to WAN now it is working fine.

                            🔒 Log in to view

                            Internet started working but is very slow not able to get actual speed I have made following changes still the speed remains same

                            🔒 Log in to view 🔒 Log in to view 🔒 Log in to view

                            🔒 Log in to view

                            ? 1 Reply Last reply Feb 9, 2022, 1:29 AM Reply Quote 0
                            • ?
                              A Former User @Pamela
                              last edited by A Former User Feb 9, 2022, 1:30 AM Feb 9, 2022, 1:29 AM

                              @pamela said in NO INTERNET TRAFFIC ON LAN:

                              Internet started working but is very slow not able to get actual speed I have made following changes still the speed remains same

                              172.217.160.227 and 142.250.207.238 IS GOOGLE LLC

                              Could you create a firewall rule on wan (to allow traffic please)

                              J S 2 Replies Last reply Feb 9, 2022, 7:06 AM Reply Quote 0
                              • J
                                johnpoz LAYER 8 Global Moderator @A Former User
                                last edited by Feb 9, 2022, 7:06 AM

                                @silence said in NO INTERNET TRAFFIC ON LAN:

                                Could you create a firewall rule on wan (to allow traffic please)

                                What???

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                1 Reply Last reply Reply Quote 0
                                • S
                                  stephenw10 Netgate Administrator @A Former User
                                  last edited by Feb 9, 2022, 2:07 PM

                                  @silence said in NO INTERNET TRAFFIC ON LAN:

                                  create a firewall rule on wan (to allow traffic please)

                                  Um, yeah, don't do that!

                                  You don't need rules on WAN to allow traffic to reach Google.

                                  What speed are you seeing? What do you expect to see? How are you measuring?

                                  Steve

                                  1 Reply Last reply Reply Quote 1
                                  6 out of 16
                                  • First post
                                    6/16
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.