No Internet access from device connected to pfSense

MrTea

Greetings!

I am not sure where problem is, so I was not sure where to put the question, so I hope this area is ok.
Some background on me: while I have spent some years as a web developer, I have little to no experience in networking.
The purpose of this project is so I can gain some basic understanding of firewalls and networking in general.

I have installed pfsense on a protectli vault and have so far made only 1 change, which I will explain below.
I just moved into an apartment and internet access is provided. I just plug the ethernet cable into the wall and I have internet!
Before beginning work with pfsense, I had a TP-Link Archer router that I had successfully configured and had internet access for all of my devices.
Now, with pfsense, I do not.
I have the protectli vault (with pfsense install) plugged into the wall and my laptop plugged into the vault. No VLans or anything else.

If I log into pfsense and go to Diagnostics / Ping. I can ping google.com
So this tells me that pfsense is connected to the internet.
However, if I try to ping from my laptop I get: Ping request could not find host google.com

Status / Gateways shows that the gateway is at 172.16.1.1
This is the same as TP-Link router.
The laptop was assigned a dns address in the 192.168.x.x address space, same as the TP-Link router.

I did some searching. I could not find anything exactly like I have here.
Although I did find a suggestion that I uncheck the Interfaces / WAN / Reserved Networks / Block Private Networks and Loopback Addresses.
So, I did that. Otherwise, no other changes to "factory defaults".

I am not sure what could be causing this issue and I don't really know where to begin to debug.
If anyone can help or at least point me in a direction to look, I would greatly appreciate that.

Thank you.

rcoleman-netgate

@MrTea Is this device on the LAN interface? If not did you add a rule to that interface to pass traffic?

I would include screenshots of your Interface list with IPs (redact part of the WAN IP if it is not RFC1918) from the Dashboard and then maybe the firewall rules for this interface.

MrTea

@rcoleman-netgate, Yes, the device is on the lan interface.

Here is the lan interface

And here are the lan firewall rules

rcoleman-netgate

@MrTea How about the rest of the interfaces?
See mine here (with redactions):

Specifically what IP is your client machine getting? How does it connect to the pfSense? Directly via ethernet or through other hardware?

MrTea

Except for the WAN, there are no other interfaces.
My client machine has an ip of 192.168.1.120
It connected directly to pfSense via an ethernet cable. Like this:
Internet -> pfSense (on a protectli vault) -> laptop

I am trying to keep it simple until I can get my laptop on the internet. Then I will add other devices.
Maybe this is helpful?

stephenw10

Can it ping pfSense? Can it ping the upstream gateway?

Do you see that device in the DHCP status in pfSense? It could be pulling an IP from a different dhcp server.

michmoor

@MrTea
Curious. Do you still have the TP link router plugged in? Doesnt matter if its connected to the protectli or not is it plugged in anywhere in the house?
Is your laptop also on wifi? I understand its plugged in but is it also connected to a wifi network.

Lastly, can you go into the windows cmd prompt again and run the following command

arp -a

See if 192.168.1.1 matches up with the MAC address listed for your router.

rcoleman-netgate

@MrTea said in No Internet access from device connected to pfSense:

Except for the WAN, there are no other interfaces.
My client machine has an ip of 192.168.1.120

I asked for the things I asked for for very specific reasons.

You probably should provide them.

MrTea

@stephenw10, I can ping pfSense and the upstream gateway. I can also see my laptop in the DHCP status in pfSense.

@michmoor, when I am testing pfSense, on my laptop I disable wifi. However, I do still leave the TP Link router on.

With the clues that both of you gave me, I was able to find out this:
Using an ip address, I am able to ping google. But if I try to issue a dig command for google.com, I get no answer back.
In pfSense, when I go to Diagnostics / DNS Lookup, and enter google.com, I get an Answer.
So now I am thinking the issue is in the dns lookup and not general internet access.

stephenw10

@MrTea said in No Internet access from device connected to pfSense:

I can ping pfSense and the upstream gateway. I can also see my laptop in the DHCP status in pfSense.

Ok, so what test from the laptop is failing?

DNS resolution failure perhaps? If so check in Diag > DNS Lookup that pfSense can resolve against all configured servers.

Steve

MrTea

@stephenw10
Diag > DSN lookup was working correctly.
I had failed to properly configure the DSN Resolver and DSN Resolution. Once I made changes there, my DNS issue on my laptop cleared up and now I am "surfing the internet"!

Again, thank you all for pointing me in the right direction.

michmoor

@MrTea Is DNS Resolver listening on the LAN interface?