Not able to access websites/network connection issues on specific LAN
-
Hello, I currently need some help as I don't understand what could be causing this. I have made no changes to my configuration. I currently use pfsense and i have mutiple LAN networks with their different subnets for different purposes. Each LAN interface is connected to a a mesh access point. Everything was working perfectly and suddenly the primary LAN interface (192.168.1.0/24) doesn't receieve internet connectivity. Every client now connected to this Interface doesn't get internet. But every other Interface is working properly. I have made no changes to the config. And when i did a pfctl -d on the pfsense shell console and did the pfctl -e. The interface still doesn't work. i have restarted the interface using the /etc/rc.d/netif igc1 and still nothing. PLease i need help as i have been battling this for almost a week now
-
Ok so no connectivity at all from that subnet?
Disabling pf like that also disables outbound NAT so that is not a good test.
Start a ping from a client on LAN to something remote that isn't used for anything else like 8.8.8.8 or 1.1.1.1.
Then check the state table in Diag > States and filter by that ping destination IP. You should see two states; one on LAN and one on WAN with NAT applied.Steve
-
Thank you for responding . I just tried the test. I connected a laptop directly to the LAN port of the protectli device using an Ethernet cable . I pinged 8.8.8.8 from the client . But when I check the states and filtered using that IP . No result comes up . But then the ping was successful . I changed the interface on the state filter to lan and used the 8.8.8.8 in the filter expression section . But says no states were found that matches current filter .
-
You should filter on all interfaces so you see the NAT state on WAN also.
If the ping is successful but you see no states then it's probably not going through pfSense. The laptop has wifi perhaps?
-
Wi-Fi is currently turned off. I am only using a cable to connect directly to the LAN port on the protectli device where pfsense is running .
-
For some reason , I have a feeling that the lan port on the protectli device could be damaged and thus causing the issue . I could be wrong but the reason I say this is because I made no changes to the config of pfsense that I had been using . Everything was working perfectly well till now . And just this LAN interface is the one with issue . Every other interface works just fine .
-
If it's actually passing pfSense then either you are filtering it incorrectly so they just don't show.
Or, far less likely, it's passing traffic without opening states. That requires setting special firewall rules or disabling the firewall entirely. But as discussed disabling pf would break it on every interface because NAT is also disabled.You should see something like:
-
@stephenw10 I connected with another system to the Wi-Fi that is mapped to another interface on pfsense . I pinged from that client and did the check on the diag > states and I saw the states when I filtered with the 8.8.8.8. But whenever I do it from the LAN interface, it never shows
-
Yet the ping is succeeding?
Try enabling logging on the pass rule(s) on LAN. You should then see log entries in the firewall logs for that ping.
-
@stephenw10 I enabled logging on the pass rules on the LAN interface and I am able to see the LAN and WAN log entries for that ping
-
You should not see firewall logs for it on WAN unless it's being blocked.
Do you have some odd pass rules on LAN? As I said it's possible to create rules that pass the traffic without creating a state but you have to create that specifically and they're almost never the right option.
