Configuring new Interface for Internet Access
-
Hi, I'm trying to setup a Netgate 6100 for my home network. Internet is working on the default LAN interface. I'm trying to setup a new interface connected to a Synology NAS to work. I've done the basic interface setup, DNS server and NAT is set on automatic.
My NAS is just not getting access to the internet. I've just been trying to get a simple list of packages on the package manager and it's not working. I would really appreciate some help. Here are the firewall rules I have at the moment. What have I got wrong?
-
@danishmr
Is your outbound NAT configured for manual rule generation by any chance?
If it's in automatic or hybrid mode check if the new subnet was added to the rules. -
@danishmr btw all of those allows above your any rule are pretty pointless, unless plan on adding more rules that block access in the future.
Curious why you have source as any on them, is this going to be used as a transit network with stuff other networks other than ds923 net?
But sure those rules would for sure allow internet access, as @viragomann mentions you might want to check your outbound nat, common for users that follow some vpn guide that incorrectly tells them to switch to manual mode for outbound nat and then adding a new network/vlan not working because there is no outbound nat.
-
@viragomann Yes, NAT is Automatic and I confirmed that the new subnet was added to the rule.
-
@danishmr
Try to ping 8.8.8.8 from the device to detect if there's an issue with DNS. -
@danishmr yeah can your nas ping the pfsense IP (192.168.2.1)? Is its getting an IP via dhcp or did you set it static on the nas? Can it ping say the pfsense lan IP, can it ping pfsense wan IP?
Can you access the nas from your lan?
-
@johnpoz Thank you for your help an suggestions! Last night, I tried pings and DNS access, which was working. I could access the web GUI of the NAS from the LAN as well, but internet access was just not working. Looking at some other suggestions online, I changed the rules to be the following, which made it work!
Only think I changed was to change the Destination from
anytoDS923 address
If you could explain what that worked and the earlier set of rules didn't, I'd appreciate it. Also, this is my first time. Just trying to get things working to understand and optimize later. Hence any suggestions or best practices you have are welcome!
-
@danishmr there is no change in those rules that would really be any different. The change of the rules didn't "fix" anything. Maybe a reload of the rules in general did?
And again those 4 rules 123,53,443 and 80 to ds923 address are pointless since you have a any any rule from ds923 net to anything..
-
@johnpoz I agree with you, that's what I thought as well. I first only had the bottom 2 rules for the longest time i.e. the
anytoanyrules. I couldn't get stuff to work on the NAS and by stuff, I specifically mean the following two things did not work...- Package manager couldn't load list of available packages
- Could not sync with Google's NTP time servers
The following things worked
- Pinging domains from
DS923interface, which means DNS was working - Accessing NAS GUI from the
LANinterface
Then I tried the rules as I had them in the question for this topic, that didn't work either BUT it all started working with the rules mentioned in the reply.
But yes overall, the bottom 2 should have done the trick I feel like. I'll try disabling the 23,53,443 and 80 ones to try again.
