HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE

TheWall2

Hi everybody, I'm a newbie and have just installed pfSense on Virtualbox, where I have Kicksecure installed as well. I've followed exactly what's explained here:

https://www.ceos3c.com/pfsense/install-pfsense-on-virtualbox/

but, after changing the network adapter from NAT to intern in the VB Kicksecure settings, I cannot browse any websites.

I had a look at firewall rules, there are some default ones and I really don't know what to do. Please explain with simple words, I've already tried to solve this issue by myself with the help of some Youtube videos but I wasn't able to.
Thanks

Gertjan

@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:

https://www.ceos3c.com/pfsense/install-pfsense-on-virtualbox/

Be careful : things change. The guide you followed is from 2022.
If you are aware off all the things that changed from then up until today, you might be able to follow such a guide.

When you use a VM, you have to exactly match two complicated things.
if these two are unknown to you, why not making live easier on yourself : first, make a VM work for you in its most simple setup : make a VM, put a Windows (or whatever you like to use) ISO in it, and set that up.
pfSense : use a bare bone = dedicated hardware, an PC with one extra NIC will do just fine.
Later on, you can start experimenting with VM that has "more then one" interface, and how to set up each interface, etc etc.

@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:

I had a look at firewall rules, there are some default ones and I really don't know what to do

Exact.
A default pfSEnse has one WAN interface and one LAN interface with the correct firewall rules.
Actually, pfSense is like any other router firewall out there : it works out of the box.

Follow this guide : Virtualization

edit : this one is already more recent - but I didn't check

stephenw10

@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:

after changing the network adapter from NAT to intern in the VB Kicksecure settings, I cannot browse any websites.

Why did you do that? That's not a step in the guide.

The pfSense VM WAN NIC has to be either bridged or NAT'd from the host to access anything external. If you set it to an internal network pfSense has no external route.

TheWall2

@stephenw10 I did that because I read it in another guide. Could you provide a link with detailed instructions on what to do? I'm not an expert and "bridged or NAT'd from the host" means nothing to me

stephenw10

In the NAT setting there VirtualBox provides NAT, routing and DHCP as though it is a virtual router between that virtual NIC and the host physical NIC. That works in almost any situation.

In the bridged setting it connects it dircetly to the host NIC as though it were a switch. That means that the Virtual NIC exists in the same subnet as the host. It will pull a DHCP lease from an external server etc.

When you set it to one of the internal networks it's completely isolated from the host NIC so cannot connect to anything external.

TheWall2

@stephenw10 so what should I set exactly in VB or pfSense, in order to make my Kicksecure work with pfSense running? I've also entered pfSense admin panel at 192.168.1.1 but don't know what to do

stephenw10

I've never used Kicksecure, I'm not entirely sure what it is. Are you running that in a VM behind pfSense in VBox?

VBox has specific settings for it?

stephenw10

Oh wait I see, you changed the vitual NIC on the Kicksecure VM from NAT to internal?

That makes more sense, you would want to do that so traffic to/from it goes through pfSense.

That should work as long as your choose the same internal network the pfSense LAN NIC is set to.

You also need to make sure the pfSense LAN is not using the same subnet as anything else in your network. 192.168.1.X is common.

TheWall2

This post is deleted!

TheWall2

@stephenw10 That's exactly what I did. Kicksecure is Debian.

That should work as long as your choose the same internal network the pfSense LAN NIC is set to. You also need to make sure the pfSense LAN is not using the same subnet as anything else in your network. 192.168.1.X is common.

I doesn't work unfortunately. What should I do exactly? Which settings should I change and where? I set the Kicksecure network adapter from NAT to internal, which is the same as pfSense LAN NIC is set to (in pfSense I set 3 network adapters, 1st NAT, 2nd and 3rd internal network).

I know it's boring for you, but I'm a newbie and if you don't provide precise instructions I won't be able to solve my issue

stephenw10

What exactly doesn't work?

Does the Kicksecure VM pull a DHCP lease from pfSense?

Can it access the pfSense webgui?

TheWall2

@stephenw10 I cannot browse from Kicksecure, tried with 2 browsers. No data. I don't get any error message in pfSense, I can access pfSense admin panel from Kicksecure

stephenw10

Ok so it must have a valid IP address in the pfSense LAN subnet.
Is that pulling a lease fro pfSense or statically configured in the Kicksecure VM?

Are you using the default 192.168.1.1 as the pfSense LAN IP address?

TheWall2

@stephenw10 I don't know, I didn't change anything in pfSense panel (which I can access from 192.168.1.1). DHCP is enabled, no static address has been set in Kicksecure. What should I do exactly?

stephenw10

In the pfSense webgui go to Status > DHCP Leases. Make sure the Kicksecure VM is shown there and note it's IP address.

Next go to Diag > Ping and try to ping 8.8.8.8.

Then try to ping google.com

If that fails go to Diag > DNS Lookup and try to resolve google.com.

Note the failure message in each case if it does.

TheWall2

@stephenw10 When launching the pfSense panel for the 1st time, I set Primary DNS Server to 8.8.8.8. and Secondary DNS Server to 8.8.4.4

In "Configure LAN Interface", LAN IP Address is 192.168.1.1 and Subnet Mask is 24.

I went to Status > DHCP Leases, in "Leases" I see an active 192.168.1.100 with its MAC Address (I don't know if it's Kicksecure, anyway Kicksecure is the ONLY operating system installed in my VB). In "Lease Utilization" there's a LAN interface, the Pool start is 192.168.1.10 and the Pool end is 192.168.1.245. The USED value is 1, Capacity is 236.

I pinged 8.8.8.8 and google.com and it worked. However, if I open a new tab in the same browser and enter www.google.com, it doesn't work.

Also, in pfSense webgui main screen I see 2 interfaces: a WAN 1000baseT full duplex (10.0.2.15) and a LAN 1000baseT full duplex (192.168.1.1)

TheWall2

I also had a look at the command window in pfSense inside VB, there's an error message: arprequest_internal: cannot find matching address

stephenw10

Ok, that seems good.

Can you ping 8.8.8.8 and/or google.com from Kicksecure?

stephenw10

Does it show the address that is failing in that arp error?

TheWall2

@stephenw10 No, if I ping them in Kicksecure (same browser used to access pfSense webgui but different tab) it doesn't work, it says it cannot contact google.com server. I've tried also using Tor in Kicksecure, it doesn't resolve any address so it's not a browser-related issue. I also pinged 8.8.8.8. in Kicksecure's terminal window, it didn't work.

In pfSense webgui main window I can see the following DNS servers: 127.0.0.1, 10.0.0.243, 192.168.1.1, 8.8.8.8, 8.8.4.4

Moreover, in the same window the USER is admin@192.168.1.100 (Local Database), so I don't know if 192.168.1.100 is Kicksecure. Anyway, this address is the only one shown in DHCP Leases.