Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems to access Internet

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    16 Posts 4 Posters 4.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wallabybob
      last edited by

      @johnpoz:

      but you clearly stated your NOT natting on pfsense.

      but robertog said
      @robertog:

      i have just nat in modem, means i havent setup nat on pfsense.

      which could mean that because he hasn't done anything to setup NAT in pfSense he assumes pfSense is not NATing. But my recollection is that NAT is on by default in pfSense between LAN and WAN.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Yup I agree nat is on by default normally.  but way I read it was he turned nat off.

        Why would he mention that he was not running it??  Unless he knew for sure it was on or off?

        @robertog can you verify for us if you turned NAT off?

        here
        http://doc.pfsense.org/index.php/Outbound_NAT

        To completely disable NAT and all firewall function from all interfaces, do the following. Note that you will skip the previous section ("Disable NAT") when taking this approach.

        Go to the System: Advanced page and click the Firewall / NAT tab.
            Check the box to "Disable Firewall / Disable all packet filtering."
            Save changes.

        To completely disable NAT to have a routing-only firewall, do the following.

        Go to the Firewall -> NAT page, and click the Outbound tab.
            Select the option "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and click Save.
            Remove all automatically generated NAT rules at the bottom of the screen.
            Apply changes
        –-

        Did you do either of those on your pfsense box?  If not then NAT would be on, and would explain why it works atleast some times - because if you had turned NAT off I don't see how it would work at all.

        So again I would suggest you remove the "modems" nat and allow pfsense to handle your nat/firewall/etc

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • R
          robertog
          last edited by

          Hello!
          thanks for your reply but at moment I cant verify if Nat off..Im in business trip sorry, I repeat you I havent setup nat on pfsense so if this means defaults pfsense has nat i didnt know….
          But do u think that can create problems and sometimes internet connection is up and down?
          thanks roberto

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            As the others said by default pfSense will NAT between WAN and LAN. You almost certainly have this enabled. This means you are double NATing but that doesn't usually cause a problem. I have run double NAT setups for testing purposes for months before and never once experienced any issue. However you should be aware that under specific circumstances it can be a problem.

            You need to determine where the failure is occurring and you will probably need to be doing that locally. We could speculate what might be happening but without testing it will only be speculation.  ;)

            The first thing I would look at is the pfSense logs. Look for WAN disconnects. Look at the RRD graphs of connection quality. Are there periods of packet loss or high latency?

            How is your WAN address assigned? Static IP?

            Steve

            1 Reply Last reply Reply Quote 0
            • R
              robertog
              last edited by

              hello,
              thanks for reply when i come back in office i will do of course.
              I have wan ip static.

              bye
              roberto

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                "Look at the RRD graphs of connection quality. Are there periods of packet loss or high latency?"

                But that is really not testing his internet connection in the current setup because pfsense gateway is his modem.  His ISP could be offline and pfsense would still think internet is happy with a <1ms response time because he is just talking to the lan of his modem.

                Which is why I suggest he puts pfsense on the border so that yes now he can see what the internet connection is doing.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  @johnpoz:

                  But that is really not testing his internet connection in the current setup because pfsense gateway is his modem.

                  That's true. However if it does show something that will be a big clue.  ;)
                  The fact that the connection is solid when the pfSense box is removed suggests a problem on the local side of the modem.
                  Having a static WAN means that it's unlikely to show anything in the system logs except perhaps if it's a faulty cable.

                  Having a public IP on the pfSense WAN and a single NAT config is a better setup but that should not stop it working as it is.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    I agree it can work with double nat, as stated before it is not ideal sort of setup.  But it should work - but he mentions

                    "Can pfsense talk to your "modem" – is the modem online - YES"

                    Well that tells me its his ISP or pfsense.  I would look to ISP first, but since his pfsense is not directly connected and behind a nat.  It is impossible to tell if pfsense can not talk to the gateway.  Which he would see instantly if pfsense was on public IP.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      @johnpoz:

                      he mentions

                      "Can pfsense talk to your "modem" – is the modem online - YES"

                      Good point. Though that doesn't mean it's continuously online. However that should show up in the logs.

                      Much as I'm enjoying this speculating I think I'll wait for more information.  ;)

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • R
                        robertog
                        last edited by

                        hi,
                        thanks guys for sharing your ideas and suggestions. I can't wait when i am physically back in the office (cc. 24.9) in order to try suggested options & share back with you all results. Roberto

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.