I can't get Internet access on the LAN side

viragomann

@ibrahim1989 said in I can't get Internet access on the LAN side:

I have configured the IP address for WAN

In the WAN interface settings you need to state an upstream gateway. Are you missing it?

Gertjan

@ibrahim1989 :

So you disabled the default firewall rule (position 5 & 6) you've found on your LAN interface, and created a couple of your your own.
Good initiative.

But, be ready, you'll be laughing in 10 seconds from now.

Here we go :

@ibrahim1989 said in I can't get Internet access on the LAN side:

Tried to ping google from PfSense:
WAN interface can ping google successfully.
LAN interface can not ping google or any other page(ip)!

When you use the ping command, you transmit 'Ethernet' packets to the destination.
I'm pretty sure that you know that these packets are not TCP, not UDP, they are ICMP packets.
Right ?
Look at your rules : do you permit ICMP packets to go through ?

...... (just to round up to 10 seconds)

Btw : while straighten up info in your head, hunt down also this one "DNS is only UDP". Change it for "DNS is TCP and UDP".
And adapt that firewall rule.

ibrahim1989

@viragomann yes I have done that , and everything is ok with the WAN accessing internet.

ibrahim1989

@gertjan I have previously created ICMP rules ( not UDP or TCP ) , but still the same problem . (sorry didnt include in the screenshot)
Also disabled default rules to check step by step what could be wrong.
For the DNS I have tried to configure as TCP and UDP, only UDP or TCP , but still the same problem.
The screenshot I've posted is just to get an idea :)

p.s. : Is good to laugh but after connecting LAN with Internet :p

Thanks!

KOM

@ibrahim1989 Add an ICMP Echo Request allow rule, edit your DNS rule to add TCP as well as UDP.

ibrahim1989

@kom said in I can't get Internet access on the LAN side:

@ibrahim1989 Add an ICMP Echo Request allow rule, edit your DNS rule to add TCP as well as UDP.

I have tried that but didnt work .

viragomann

@ibrahim1989 said in I can't get Internet access on the LAN side:

WAN interface can ping google successfully.
LAN interface can not ping google or any other page(ip)!

I assume you're meaning the source in the ping tool here.

The ping from pfSense itself doesn't require any firewall rule. Hence, there should be something wrong with the routing.

The only one thing on pfSense, which can be responsible for such behavior, I can think of, is the outbound NAT. But this should work if the proper gateway is set in the WAN interface settings.
So I suspect an issue with the hypervisor.

But do a further check:
Run a packet capture on WAN with a filter for ICMP packets and the destination host, while you try to ping to the internet with a LAN source address, and check if the NAT works properly.
You should see outgoing packets from the WAN address then.

stephenw10

I think you have a gateway defined in the WAN subnet but it's not actually on the WAN interface dircetly.
When you define the WAN as a static IP you need to add that.

ibrahim1989

@stephenw10 said in I can't get Internet access on the LAN side:

I think you have a gateway defined in the WAN subnet but it's not actually on the WAN interface dircetly.
When you define the WAN as a static IP you need to add that.

I have assigned a static IP for the WAN Gateway , (IPv4 Upstream Gateway ) , if you are talking about that.

@stephenw10 said in I can't get Internet access on the LAN side:

I think you have a gateway defined in the WAN subnet but it's not actually on the WAN interface dircetly.
When you define the WAN as a static IP you need to add that.

Gertjan

@ibrahim1989 said in I can't get Internet access on the LAN side:

I have assigned a static IP for the WAN Gateway , (IPv4 Upstream Gateway ) , if you are talking about that

This one :

should be set to None, as shown. The default setting will do fine.

stephenw10

It should be set to None for a LAN interface but must be set as a gateway there for a WAN. Otherwise you will get no auto outbound NAT rules.

Check in Firewall > NAT > Oubound NAT. Do you see auto rules added for 192.168.10.0/24 on the WAN?

Steve

ibrahim1989

@stephenw10 said in I can't get Internet access on the LAN side:

It should be set to None for a LAN interface but must be set as a gateway there for a WAN. Otherwise you will get no auto outbound NAT rules.

Check in Firewall > NAT > Oubound NAT. Do you see auto rules added for 192.168.10.0/24 on the WAN?

Steve

Thanks a lot! Finally Solved . LAN gateway must be set to none , and WAN must have the Gateway. Really appreciate your help and to other friends!

Best regards!
Ibrahim!

ibrahim1989

@gertjan Hello Gertjan , finally solved
WAN was ok, but I had to change the LAN gateway to none. Thanks a lot!

rcoleman-netgate

@ibrahim1989 said in I can't get Internet access on the LAN side:

WAN was ok, but I had to change the LAN gateway to none. Thanks a lot!

Yes, if the pfSense is routing that specific network do not set a gateway.