Help me!!! 2.0-RELEASE Firewall Rule can't to access internet.

mots

Thank you. But it same can't to access internet.


Metu69salemi

am i right that the problem resides, when upper picture config is in use? if so, then add that dns service, like ericab mentioned
if the other picture rules is in use and is creating problems, then try to ping from firewall itself to 8.8.8.8 and www.google.com

mots

I'm try ping to 8.8.8.8 and www.google.com, It's no-problem. But if I try ping to other website it's problem.

My pfsense system

• pfsense 2.0 Release(1wan,1lan) + Squid proxy + Firewall Rule.

PING 8.8.8.8 (8.8.8.8) from 192.168.13.161: 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=51 time=59.702 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=60.070 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=51 time=59.951 ms

–- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 59.702/59.908/60.070/0.153 ms

PING www.l.google.com (209.85.175.103) from 192.168.13.161: 56 data bytes
64 bytes from 209.85.175.103: icmp_seq=0 ttl=51 time=60.588 ms
64 bytes from 209.85.175.103: icmp_seq=1 ttl=51 time=69.933 ms
64 bytes from 209.85.175.103: icmp_seq=2 ttl=51 time=69.371 ms

--- www.l.google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 60.588/66.631/69.933/4.279 ms

PING www.manager.co.th (202.57.155.203) from 192.168.13.161: 56 data bytes

--- www.manager.co.th ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

Metu69salemi

well i have fully working settings, and even i'm not capable of pinging www.manager.co.th, so that address don't allow icmp echo.
did you tried ping also from client?

mots

Yes, I'm try ping to www.manager.co.th, www.cnn.com, www.sanook.com from client. It's same.

Metu69salemi

well ping can't work only tcp connections.. it's done by icmp and udp53 works faster than tcp53

what you have selected to in those rules, to capture a log?

ericab

@mots:

Thank you. But it same can't to access internet.

you need to switch the protocol to UDP.

do your clients obtain their IP through DHCP, or are they setup up independently ?

if you were to ssh into pfSense, can you ping anything ?

johnpoz

"- pfsense 2.0 Release(1wan,1lan) + Squid proxy + Firewall Rule."

if you wanting your clients to use squid proxy, they would not be directly accessing anything on the internet anyway.  Why would they not be using your pfsense box for dns?  And or the proxy should be doing the dns lookups anyway.

If you wanting for clients to access the net while using a outside dns server, you rules need to allow for tcp http (80), and tcp/udp 53 (dns) to whatever dns server you wanting them to use say 8.8.8.8

But not understanding the point of the proxy if that is what you want to do?

podilarius

By default the firewall rule blocks. So if you disable the default allow rule, then it stops working. If all you want to allow is surfing, then LAN NET:any any:80|443|53 though with port 53 you need UDP and TCP. If you want to test ping, you must have an allow rule for ICMP.

mots

Thank you, All Comments.

Now, The pfsense 2.0 Release + Squid proxy + Firewall Rule can access to internet.
I disabled "Default allow LAN to any rule" and allow TCP port 80,53,UDP port 53,ICMP.

Metu69salemi

you might want to add https also
you got everything fixed?

johnpoz

"Squid proxy"

Still not understanding if you using a proxy why your directly letting machines out?  Who are you having use the proxy?