No internet connectivity.
-
Greetings! The overall task is to achieve this topology, maybe the whole picture of it will help someone understand faster what is needed to fix.
But I'm here to seek help for my first pfsense setup. I'm a novice here and know very little about routing/firewall rules.
We have a dedicated server with one NIC, for example with this IP 88.66.77.88
On the server, proxmox is installed with pfSense VM configured and other VM on the same subnet as pfSense LAN(10.10.10.1/24) to get into WebGUI.
Firewall in proxmox doesn't have any rulesHere is the configuration of pfsense VM:
Proxmox network configuration file looks like this.
auto lo iface lo inet loopback auto eno0 iface eno0 inet manual auto enp3s0f1 iface enp3s0f1 inet manual auto vmbr0 iface vmbr0 inet static address 88.66.77.88/24 gateway 88.66.77.1 bridge-ports eno0 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet static address 10.10.10.1/24 bridge-ports enp3s0f1 bridge-stp off bridge-fd 0
The issue right now is that there is no internet connectivity on pfSense. For some reason, my pfsense WAN interface got local IP address 10.3.8.28 with DCHP upon the first configuration, which is a bit strange for me.
I have tried to assign this IP to WAN 88.66.77.88, but it didn't workout.
Pinged to 8.8.8.8 from WAN and LAN on pfSense gui, with the WAN set by DCHP and with static 88.66.77.88- Please help me understand what in our case WAN IP address should be as I am a bit confused.
- Do we need public IP subnets for this or is there something else?
- As I understand pfSense creates rules to pass traffic from LAN to WAN by default. So as I understand in my case, I would only require to uncheck "Block private networks and loopback addresses" on WAN, if the WAN and LAN are configured correctly. (Correct?)
Hope I laid out everything. Please let me know if I missed sharing something important, will try to reply asap.
Huge thanks in advance:) -
@tech2 said in No internet connectivity.:
I have tried to assign this IP to WAN 88.66.77.88, but it didn't workout.
This IP is assigned to Proxmox already. So it cannot be used on pfSense as well.
You have assigned 88.66.77.88/24 to Proxmox, so obviously you own the subnet 88.66.77.0/24.
And from your diagram, I assume that you own also the 88.66.78.0/24 subnet.So assign any of your public IPs to pfSense WAN and state the proper gateway.
Apart from this pfSense shows it pulled its WAN IP from a DHCP. So obviously your running a DHCP server on Proxmox. If this is really a bridged public WAN, you should not do that at all.
Further you should remove the IP from vmbr1 in Proxmox. It doesn't need any.
-
@viragomann Thank you for information.
Did a factory reset. We assigned 88.66.78.10 for pfsense WAN, gateway as 88.66.78.1
We were able to ping the gateway IP, but were unable to ping anything else apart from 10.10.10.1 which is assigned to pfsense. 10.10.10.2 - VM in the LAN interfaces can't be pinged tooAs I'm aware pfsense has it's NAT configured by default.
But it seems like something is blocking traffic. Tried creating 1to1 NAT rule, just to see if it work, but it didn't. -
@tech2 said in No internet connectivity.:
We were able to ping the gateway IP, but were unable to ping anything else apart from 10.10.10.1
From where?
Tried creating 1to1 NAT rule, just to see if it work, but it didn't.
This might be quite useless, since both, the destination and target IP are assigned to pfSense itself.
Such a NAT rule only makes sense if there is a service running on pfSense listening on one interface IP, so you can forward access from the other interface to get the service accessible from both sides. -
@viragomann said in No internet connectivity.:
From where?
From WAN(88.66.78.10) pinged gateway 88.66.78.1
From LAN(10.10.10.1) pinged itself, but can't ping VM that has 10.10.10.2 -
@tech2 said in No internet connectivity.:
From LAN(10.10.10.1) pinged itself, but can't ping VM that has 10.10.10.2
Ensure that the network interfaces are configured correctly on both VMs.
Check if they are connected to the same bridge in Proxmox and recheck the IP assignment and the network mask.What if you go to the other VM and try to ping pfSense LAN at 10.10.10.1.
Check if the allow any rule is still on the LAN tab before. -
@viragomann Hi there !
I will share the full configrutaion we have now, as I'm really lost
VM IDs:
100 (pfsense)
Network device: vmbr0 - WAN, vmbr1 - LAN1011 (win10 VM in LAN subnet to access PfSense WebGUI)
Network device: vmbr1 - LANNetwork config in proxmox:
auto lo iface lo inet loopback auto eno0 iface eno0 inet manual auto enp3s0f1 iface enp3s0f1 inet manual auto vmbr0 iface vmbr0 inet static address 88.66.78.9/24 gateway 88.66.78.1 bridge-ports eno0 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet static bridge-ports none bridge-stp off bridge-fd 0
I did the factory reset of pfsense, this is what it configured by default.
I have not installed or configured DHCP on Proxmox, idk why is it pulling local IP adress, which is always the same(noticed after multiple factory resets)This is how it looks after setup
We now a have Public Ip subnet that is assigned to our host server. So we changed the management IP for Proxmox in order for it to be in the same subnet as pfsense
Proxmox address: 88.66.78.9
pfSense address: 88.66.78.10
Netmask: 255.255.255.248
Gateway: 88.66.78.1Default LAN rules are active
Unchecked "block private networks" on WAN
Ping:
From 88.66.78.10(WAN) pings 88.66.78.1(WANs gateway); cannot ping 8.8.8.8
From LAN pings 10.10.10.1(pfSense itself), cannot ping 8.8.8.8 | 10.10.10.2(VM on LAN subnet) -
@tech2 said in No internet connectivity.:
Network config in proxmox:
auto vmbr0
iface vmbr0 inet static
address 88.66.78.9/24
gateway 88.66.78.1We now a have Public Ip subnet that is assigned to our host server. So we changed the management IP for Proxmox in order for it to be in the same subnet as pfsense
Proxmox address: 88.66.78.9
pfSense address: 88.66.78.10
Netmask: 255.255.255.248
Gateway: 88.66.78.1So why did you set a /24 in Proxmox, but state then a /29?
If you configured the WAN on pfSense with 88.66.78.9/29, the gateway IP 88.66.78.1 would be outside of the WAN subnet and hence pfSense cannot communicate with it.
Unchecked "block private networks" on WAN
If there are only public IP accessing the WAN this is not needed.
-
@viragomann said in No internet connectivity.:
So why did you set a /24 in Proxmox, but state then a /29?
This was just my writing error, there /29 set in proxmox.
Anyway, my issue is fixed.
The issue for me was that I kept skipping "Upstream Gateway" configuration upon pfsense first setup, though it was exactly what I was missing.Thank you for giving me extra knowledge