Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Starlink with SG6100

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xineo @SteveITS
      last edited by xineo

      @steveits From the Diagnostics menu I can ping 1.1.1.1 from the WAN but the LAN side fails. I can ping anything on the LAN side from the LAN interface just nothing WAN Facing.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @xineo
        last edited by

        @xineo How far does a traceroute from LAN get?

        Is NAT outbound set to automatic?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        X 1 Reply Last reply Reply Quote 0
        • X
          xineo @SteveITS
          last edited by

          @steveits it is.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            And do you see an auto outbound NAT rule created for 10.5.11.0/24 on the WAN?

            Is your WAN using DHCP to get it's address from the Starlink router?

            X 1 Reply Last reply Reply Quote 0
            • X
              xineo @stephenw10
              last edited by

              @stephenw10 Yes, wan is using DHCP and is pulling an ip address of 192.168.1.81 from Starlink, since that's a private I made sure to turn off "Block Private Networks and Loopback Addresses".

              pfsense is getting the Automatic NAT Rules for WAN. I will be back at the site today to try some more things.

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire @xineo
                last edited by

                @xineo said in Starlink with SG6100:

                I made sure to turn off "Block Private Networks and Loopback Addresses".

                Just for reference that affects inbound traffic on WAN so wouldn't affect outbound, getting a DHCP address, accessing the Starlink router IP, etc.

                Did you try the traceroute?

                Out of the box it should just work in this config.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote ๐Ÿ‘ helpful posts!

                1 Reply Last reply Reply Quote 0
                • X
                  xineo
                  last edited by xineo

                  @stephenw10
                  @SteveITS
                  I'm at the site and went over the config again, everything looks good until I went into the firewall logs and saw this block coming from my address.

                  Jan 11 10:36:05 LAN Default deny rule IPv4 (1000000103)

                  pfsense2.png

                  That's really strange because I have a Top Level 'Any Any' Rule on the LAN Interface so nothing should be getting blocked.

                  pfsense.jpg

                  It's also blocking Locals on WAN despite having that turned off.

                  1 Reply Last reply Reply Quote 0
                  • P
                    photomankc
                    last edited by

                    Those blocks with PA and FPA look like some type of traffic that got sent after the firewall had already closed the stateful connection out in its table. It happens sometimes. Or maybe a connection that was dormant too long and the state entry timed out. Probably not really a blocked connection.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Those are all TCP ACK packets so they are blocked either because the state has already closed or because you have some asymmetric routing:
                      https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html

                      What do you see blocked on WAN?

                      X 1 Reply Last reply Reply Quote 0
                      • X
                        xineo @stephenw10
                        last edited by

                        @stephenw10 Issue turned out to be a Traffic Shaper that I didn't realize was setup. Thank you all for your help.

                        1 Reply Last reply Reply Quote 2
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.