Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    First time setup with private WAN

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 460 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nerdile
      last edited by

      Hey folks, I decided to try out pfSense for the first time, so I set it up behind my existing home router. My client behind pfSense can ping the pfsense router, resolve names, ping addresses like 8.8.8.8, but can't access the internet e.g. apt update or wget.

      Setup is:

      • Version 2.7.2 CE
      • pfSense and client are both VMs (on xcp-ng)
      • WAN is private, e.g. 192.168.21.0/24
      • LAN is private, e.g. 192.168.40.0/24
      • Client on lan, set to route through pfsense
      • WAN interface - disabled the options to block private ips and bogons
      • Routing - only WAN gateway is set, no LAN gateway set up
      • NAT - the default automatic rule is there, to nat lan networks onto the wan ip
      • Tried going back through the setup wizard a few times just to be safe
      • Double NAT, of course, since my main gateway is also a NAT

      I also did a clean install of opnsense the same way, same setup wizard (again, first time user of that too), but in that case it DOES route traffic to the internet for me.

      Any known issues in pfSense with xcp-ng (Xen), double NAT, private WAN ports, etc.? For reference I'm new to pfSense/opnSense but not new to network engineering, so just not sure what configs to compare between the working (opnsense) and non-working pfsense, and logs, diagnostics, etc.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @nerdile
        last edited by

        @nerdile
        Did you disable TX Checksum Offload on the virtual Interfaces in XEN?

        And also in pfSense System > Advanced > Networking > Hardware Checksum Offloading?

        N 1 Reply Last reply Reply Quote 1
        • N
          nerdile @viragomann
          last edited by

          @viragomann This was exactly it. Thank you!

          N 1 Reply Last reply Reply Quote 0
          • N
            nerdile @nerdile
            last edited by

            @nerdile In case anyone is struggling with a similar issue in the future, one thing I noticed that could indicate this issue is that the firewall shows allowing the SYN packets from the LAN client but never shows any responses later. (You have to turn on logging of your default allow rule to see this traffic flowing.)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.