Help me!!! 2.0-RELEASE Firewall Rule can't to access internet.
-
Picture my firewall rule.
 -
try adding a Pass rule for destination port 53
-
Thank you. But it same can't to access internet.
 -
am i right that the problem resides, when upper picture config is in use? if so, then add that dns service, like ericab mentioned
if the other picture rules is in use and is creating problems, then try to ping from firewall itself to 8.8.8.8 and www.google.com -
I'm try ping to 8.8.8.8 and www.google.com, It's no-problem. But if I try ping to other website it's problem.
My pfsense system
- pfsense 2.0 Release(1wan,1lan) + Squid proxy + Firewall Rule.
PING 8.8.8.8 (8.8.8.8) from 192.168.13.161: 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=51 time=59.702 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=60.070 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=51 time=59.951 ms–- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 59.702/59.908/60.070/0.153 msPING www.l.google.com (209.85.175.103) from 192.168.13.161: 56 data bytes
64 bytes from 209.85.175.103: icmp_seq=0 ttl=51 time=60.588 ms
64 bytes from 209.85.175.103: icmp_seq=1 ttl=51 time=69.933 ms
64 bytes from 209.85.175.103: icmp_seq=2 ttl=51 time=69.371 ms--- www.l.google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 60.588/66.631/69.933/4.279 msPING www.manager.co.th (202.57.155.203) from 192.168.13.161: 56 data bytes
--- www.manager.co.th ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss -
well i have fully working settings, and even i'm not capable of pinging www.manager.co.th, so that address don't allow icmp echo.
did you tried ping also from client? -
Yes, I'm try ping to www.manager.co.th, www.cnn.com, www.sanook.com from client. It's same.
-
well ping can't work only tcp connections.. it's done by icmp and udp53 works faster than tcp53
what you have selected to in those rules, to capture a log?
-
Thank you. But it same can't to access internet.
you need to switch the protocol to UDP.
do your clients obtain their IP through DHCP, or are they setup up independently ?
if you were to ssh into pfSense, can you ping anything ?
-
"- pfsense 2.0 Release(1wan,1lan) + Squid proxy + Firewall Rule."
if you wanting your clients to use squid proxy, they would not be directly accessing anything on the internet anyway. Why would they not be using your pfsense box for dns? And or the proxy should be doing the dns lookups anyway.
If you wanting for clients to access the net while using a outside dns server, you rules need to allow for tcp http (80), and tcp/udp 53 (dns) to whatever dns server you wanting them to use say 8.8.8.8
But not understanding the point of the proxy if that is what you want to do?
-
By default the firewall rule blocks. So if you disable the default allow rule, then it stops working. If all you want to allow is surfing, then LAN NET:any any:80|443|53 though with port 53 you need UDP and TCP. If you want to test ping, you must have an allow rule for ICMP.
-
Thank you, All Comments.
Now, The pfsense 2.0 Release + Squid proxy + Firewall Rule can access to internet.
I disabled "Default allow LAN to any rule" and allow TCP port 80,53,UDP port 53,ICMP. -
you might want to add https also
you got everything fixed? -
"Squid proxy"
Still not understanding if you using a proxy why your directly letting machines out? Who are you having use the proxy?
