I can't get Internet access on the LAN side
-
@gertjan I have previously created ICMP rules ( not UDP or TCP ) , but still the same problem . (sorry didnt include in the screenshot)
Also disabled default rules to check step by step what could be wrong.
For the DNS I have tried to configure as TCP and UDP, only UDP or TCP , but still the same problem.
The screenshot I've posted is just to get an idea :)p.s. : Is good to laugh but after connecting LAN with Internet :p
Thanks!
-
@ibrahim1989 Add an ICMP Echo Request allow rule, edit your DNS rule to add TCP as well as UDP.
-
@kom said in I can't get Internet access on the LAN side:
@ibrahim1989 Add an ICMP Echo Request allow rule, edit your DNS rule to add TCP as well as UDP.
I have tried that but didnt work .
-
@ibrahim1989 said in I can't get Internet access on the LAN side:
WAN interface can ping google successfully.
LAN interface can not ping google or any other page(ip)!I assume you're meaning the source in the ping tool here.
The ping from pfSense itself doesn't require any firewall rule. Hence, there should be something wrong with the routing.
The only one thing on pfSense, which can be responsible for such behavior, I can think of, is the outbound NAT. But this should work if the proper gateway is set in the WAN interface settings.
So I suspect an issue with the hypervisor.But do a further check:
Run a packet capture on WAN with a filter for ICMP packets and the destination host, while you try to ping to the internet with a LAN source address, and check if the NAT works properly.
You should see outgoing packets from the WAN address then. -
I think you have a gateway defined in the WAN subnet but it's not actually on the WAN interface dircetly.
When you define the WAN as a static IP you need to add that. -
@stephenw10 said in I can't get Internet access on the LAN side:
I think you have a gateway defined in the WAN subnet but it's not actually on the WAN interface dircetly.
When you define the WAN as a static IP you need to add that.I have assigned a static IP for the WAN Gateway , (IPv4 Upstream Gateway ) , if you are talking about that.
@stephenw10 said in I can't get Internet access on the LAN side:
I think you have a gateway defined in the WAN subnet but it's not actually on the WAN interface dircetly.
When you define the WAN as a static IP you need to add that. -
@ibrahim1989 said in I can't get Internet access on the LAN side:
I have assigned a static IP for the WAN Gateway , (IPv4 Upstream Gateway ) , if you are talking about that
This one :
should be set to None, as shown. The default setting will do fine.
-
It should be set to
None
for a LAN interface but must be set as a gateway there for a WAN. Otherwise you will get no auto outbound NAT rules.Check in Firewall > NAT > Oubound NAT. Do you see auto rules added for 192.168.10.0/24 on the WAN?
Steve
-
@stephenw10 said in I can't get Internet access on the LAN side:
It should be set to
None
for a LAN interface but must be set as a gateway there for a WAN. Otherwise you will get no auto outbound NAT rules.Check in Firewall > NAT > Oubound NAT. Do you see auto rules added for 192.168.10.0/24 on the WAN?
Steve
Thanks a lot! Finally Solved . LAN gateway must be set to none , and WAN must have the Gateway. Really appreciate your help and to other friends!
Best regards!
Ibrahim! -
@gertjan Hello Gertjan , finally solved
WAN was ok, but I had to change the LAN gateway to none. Thanks a lot! -
@ibrahim1989 said in I can't get Internet access on the LAN side:
WAN was ok, but I had to change the LAN gateway to none. Thanks a lot!
Yes, if the pfSense is routing that specific network do not set a gateway.