New Installation - No internet on LAN
-
@musthafa
Can you post the routing table of your PC, please? -
musthafa@Musthafas-MacBook-Pro-2 ~ % netstat -r
Routing tablesInternet: Destination Gateway Flags Netif Expire default pfsense.home UGScg en12 default pfsense.home UGScIg en0 127 localhost UCS lo0 localhost localhost UH lo0 169.254 link#27 UCS en12 ! 169.254 link#15 UCSI en0 ! 192.168.2 link#27 UCS en12 ! 192.168.2 link#15 UCSI en0 ! 192.168.2.1/32 link#27 UCS en12 ! pfsense.home 30:23:3:aa:c6:7d UHLWIir en0 1167 192.168.2.1/32 link#15 UCSI en0 ! pfsense.home 28:b1:33:0:ae:40 UHLWIir en12 1149 192.168.2.100/32 link#27 UCS en12 ! 192.168.2.167 4c:75:25:d6:82:18 UHLWI en0 1193 192.168.2.179 66:29:c6:64:c7:50 UHLWI en0 1160 192.168.2.237 58:b6:23:5e:c3:3a UHLWI en0 1185 192.168.2.244/32 link#15 UCS en0 ! 192.168.2.255 ff:ff:ff:ff:ff:ff UHLWbI en0 ! 192.168.2.255 ff:ff:ff:ff:ff:ff UHLWbI en12 ! 224.0.0/4 link#27 UmCS en12 ! 224.0.0/4 link#15 UmCSI en0 ! 224.0.0.251 1:0:5e:0:0:fb UHmLWI en0 224.0.0.251 1:0:5e:0:0:fb UHmLWI en12 255.255.255.255/32 link#27 UCS en12 ! 255.255.255.255/32 link#15 UCSI en0 ! -
@musthafa
Seems well.Is the computer able to resolve hostnames?
Is the pfSense outbound NAT in automatic mode and has it added a rule to WAN for LAN sources?
-
@viragomann said in New Installation - No internet on LAN:
@musthafa
Seems well.Is the computer able to resolve hostnames?
No. I tried ping from terminal on mac.Is the pfSense outbound NAT in automatic mode and has it added a rule to WAN for LAN sources?
All default settings. Nothing changed or added from mysideComputer is able to connect to internet when using VPN service
-
@musthafa
So since you cannot resolve host names, it would be interesting if you can ping 8.8.8.8 or 1.1.1.1.pfSense runs the DNS resolver out of the box and the DHCP hands the interface IP out. But is your device using it?
-
@viragomann
Here is the ping from pfsense
ping from LAN
https://www.dropbox.com/scl/fi/s4h7572v0w17x2jm2nui1/pfsense-00002.png?rlkey=sgwuqrvixw06upe098yvbifur&dl=0ping from WAN
https://www.dropbox.com/scl/fi/ob8m17tu39ryf68tcumm3/pfsense-00003.png?rlkey=2j92owdn5746fxxjmrtsl2ot1&dl=0however ping from computer is not resolved
-
@musthafa
I saw these screens, but the question is if the computer can ping an IP directly with resolving the host name. -
musthafa@Musthafas-MacBook-Pro-2 ~ % ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1): 56 data bytes 64 bytes from 1.1.1.1: icmp_seq=0 ttl=58 time=11.402 ms 64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=13.829 ms 64 bytes from 1.1.1.1: icmp_seq=2 ttl=58 time=10.313 ms 64 bytes from 1.1.1.1: icmp_seq=3 ttl=58 time=10.094 ms 64 bytes from 1.1.1.1: icmp_seq=4 ttl=58 time=12.572 ms ^Z zsh: suspended ping 1.1.1.1 musthafa@Musthafas-MacBook-Pro-2 ~ % ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=58 time=14.137 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=7.267 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=17.667 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=8.189 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=58 time=10.764 ms 64 bytes from 8.8.8.8: icmp_seq=5 ttl=58 time=6.689 ms ^Z zsh: suspended ping 8.8.8.8 musthafa@Musthafas-MacBook-Pro-2 ~ % ping google.com ping: cannot resolve google.com: Unknown host musthafa@Musthafas-MacBook-Pro-2 ~ % -
@musthafa
So the internet works well, but it cannot resolve host names...Which DNS server does it use?
On the LAN you have to allow access to the interface IP, port 53 if pfSense is used. But by default there is an any-to-any rule on LAN, so nothing special needed.
-
DNS Server Settings
https://www.dropbox.com/scl/fi/7xvarr987ubqzeur89f7k/pfsense-00005.png?rlkey=s3th3nss444hpgfivi4490tcp&dl=0WAN firewall rules
https://www.dropbox.com/scl/fi/fe1xq2aej3fqnxsydr5ph/pfsense-00006.png?rlkey=ml9bllt3s6ew8nd1giqxr3pqh&dl=0LAN Firewall Rules
https://www.dropbox.com/scl/fi/jba2ocpnyb9wg37jzc3xg/pfsense-00007.png?rlkey=ulv0nrk1ewc4wef73cdcvxzqw&dl=0DNS Resolver Settings
https://www.dropbox.com/scl/fi/9i16phnhc2ebzojnzu6vg/pfsense-00009.png?rlkey=d344ruldsig55ct31s3xdgdbi&dl=0 -
@musthafa
The big question is still, which DNS server your computer is using.pfSense cannot do anything if the computer requests any other server.
-
-
@musthafa
So it should work actually, but the computer doesn't resolve.You can to go to the DNS Resolver > ACLs page and add an allow ACL for the LAN subnet.
This shouldn't be necessary though, but sometimes there went something wrong obviously. -
Have you tried to flush the dns cache on your laptop? Your system is not resolving properly. In dos run: Ipconfig /flushdns
Sometimes it holds on to records. Also have you set a rule to allow port 53 on your firewall ACL lists? Or nat ?
-
Your laptop looks to have two interfaces connected to pfSense. Is that Ethernet and WIFI? Try disabling WIFI if so.
-
@stephenw10 yeahhh or he can set to to allow use of both in the bios we had to do they for some equipment years ago, one would disable the other for some reason
-
-
@JonathanLee said in New Installation - No internet on LAN:
Sometimes it holds on to records. Also have you set a rule to allow port 53 on your firewall ACL lists? Or nat ?
No. I'm new to pfSense. please guide me on it
-
@stephenw10 said in New Installation - No internet on LAN:
Your laptop looks to have two interfaces connected to pfSense. Is that Ethernet and WIFI? Try disabling WIFI if so.
I'm using usb ethernet on MAC OS to connect to pfSense. Im disabling wifi while testing pfSense.
-
@musthafa said in New Installation - No internet on LAN:
192.168.2 link#27 UCS en12 !
192.168.2 link#15 UCSI en0Your routing table shows two interfaces in that subnet which is a conflict.
Have you tried testing fro some other device?
You shouldn't need to do anything the DNS setup by default. It will allow queries from the LAN subnet.
