502 Bad Gateway when PFSense connect WAN port.
-
Ah, that's the issue. You should not have a gateway on OPT1-TV. And setting it as default is creating the loop.
Remove the gateway from OPT1-TV. Make sure the default IPv4 gateway is set back to WAN_DHCP.
-
I changed the default gateway to WAN_DHCP on 192.168.100.1 and now the Firewall logs only show permission logs to port 53 on 192.168.2.1 and no permission logs for websites or other addresses.Also, the 8.8.8.8 ping has now changed to a timeout error.
I have been dealing with this problem for quite a while, but it doesn't seem to get resolved.Is it a problem with the LAN card...
-
Do you see logs for the ping to 8.8.8.8?
What do the states looks like in Diag > States whilst the ping is running?
What does the routing table show now?
No it's almost certainly not the NIC. That would prevent you accessing anything.
-
I don't think it's the NIC's fault either, but if it doesn't work so well,
I'll have to think about it.Diag > States , I took a picture of it but didn't know where the routing table was.
-
The routing table is under Diag > Routes.
Try to run a continuous ping to 8.8.8.8 then filter the state table to find states containing 8.8.8.8.
You should have one state on OPT and one state on WAN with NAT. For example when I ping from my local LAN interface:
-
Hmm, when I set the DefaultGateway to 192.168.2.1, I get an error message that the packet is unreachable or that the TTL time has expired, but when I set it to 192.168.1.1 (WAN IP), I get the timeouterror message.Diag -> Route or State image when set to 192.168.2.1 is here and
Here's one when I set it to 192.168.1.1. 8.8.8.8's send or receive bytes, one of which seems to be 0B.
-
OK so you can see in that second see of images that the state for the ICMP 8.8.8.8 traffic on WAN does not have NAT applied.
That means either outbound NAT is not set to automatic (check Firewall > NAT > Outbound) or that there is no gateway on the WAN interface (check Interfaces > WAN).
The default route must be via the WAN gateway. There should not be a gateway on OPT.
-
@stephenw10 Thanks.But I've been busy with work lately and will check the PFSense settings again on Saturday or Sunday.Sorry.
-
I have checked the Outbound rules and it seems to be configured for Automatic outbound. As for the configuration, it is the one in this screenshot.
Is it ok? -
Ok those settings are good. But you can see it has added automatic rules on the OPT1_TV intreface which implies there is a gateway defined on it still. There should not be a gateway on OPT1_TV.
