• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Problems to access Internet

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
16 Posts 4 Posters 4.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wallabybob
    last edited by Sep 11, 2012, 8:12 PM

    @johnpoz:

    but you clearly stated your NOT natting on pfsense.

    but robertog said
    @robertog:

    i have just nat in modem, means i havent setup nat on pfsense.

    which could mean that because he hasn't done anything to setup NAT in pfSense he assumes pfSense is not NATing. But my recollection is that NAT is on by default in pfSense between LAN and WAN.

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Sep 11, 2012, 8:27 PM

      Yup I agree nat is on by default normally.  but way I read it was he turned nat off.

      Why would he mention that he was not running it??  Unless he knew for sure it was on or off?

      @robertog can you verify for us if you turned NAT off?

      here
      http://doc.pfsense.org/index.php/Outbound_NAT

      To completely disable NAT and all firewall function from all interfaces, do the following. Note that you will skip the previous section ("Disable NAT") when taking this approach.

      Go to the System: Advanced page and click the Firewall / NAT tab.
          Check the box to "Disable Firewall / Disable all packet filtering."
          Save changes.

      To completely disable NAT to have a routing-only firewall, do the following.

      Go to the Firewall -> NAT page, and click the Outbound tab.
          Select the option "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and click Save.
          Remove all automatically generated NAT rules at the bottom of the screen.
          Apply changes
      –-

      Did you do either of those on your pfsense box?  If not then NAT would be on, and would explain why it works atleast some times - because if you had turned NAT off I don't see how it would work at all.

      So again I would suggest you remove the "modems" nat and allow pfsense to handle your nat/firewall/etc

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • R
        robertog
        last edited by Sep 12, 2012, 7:02 AM

        Hello!
        thanks for your reply but at moment I cant verify if Nat off..Im in business trip sorry, I repeat you I havent setup nat on pfsense so if this means defaults pfsense has nat i didnt know….
        But do u think that can create problems and sometimes internet connection is up and down?
        thanks roberto

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Sep 12, 2012, 8:50 AM

          As the others said by default pfSense will NAT between WAN and LAN. You almost certainly have this enabled. This means you are double NATing but that doesn't usually cause a problem. I have run double NAT setups for testing purposes for months before and never once experienced any issue. However you should be aware that under specific circumstances it can be a problem.

          You need to determine where the failure is occurring and you will probably need to be doing that locally. We could speculate what might be happening but without testing it will only be speculation.  ;)

          The first thing I would look at is the pfSense logs. Look for WAN disconnects. Look at the RRD graphs of connection quality. Are there periods of packet loss or high latency?

          How is your WAN address assigned? Static IP?

          Steve

          1 Reply Last reply Reply Quote 0
          • R
            robertog
            last edited by Sep 12, 2012, 11:24 AM

            hello,
            thanks for reply when i come back in office i will do of course.
            I have wan ip static.

            bye
            roberto

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator
              last edited by Sep 12, 2012, 1:03 PM

              "Look at the RRD graphs of connection quality. Are there periods of packet loss or high latency?"

              But that is really not testing his internet connection in the current setup because pfsense gateway is his modem.  His ISP could be offline and pfsense would still think internet is happy with a <1ms response time because he is just talking to the lan of his modem.

              Which is why I suggest he puts pfsense on the border so that yes now he can see what the internet connection is doing.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • S
                stephenw10 Netgate Administrator
                last edited by Sep 12, 2012, 6:10 PM Sep 12, 2012, 6:08 PM

                @johnpoz:

                But that is really not testing his internet connection in the current setup because pfsense gateway is his modem.

                That's true. However if it does show something that will be a big clue.  ;)
                The fact that the connection is solid when the pfSense box is removed suggests a problem on the local side of the modem.
                Having a static WAN means that it's unlikely to show anything in the system logs except perhaps if it's a faulty cable.

                Having a public IP on the pfSense WAN and a single NAT config is a better setup but that should not stop it working as it is.

                Steve

                1 Reply Last reply Reply Quote 0
                • J
                  johnpoz LAYER 8 Global Moderator
                  last edited by Sep 12, 2012, 6:17 PM

                  I agree it can work with double nat, as stated before it is not ideal sort of setup.  But it should work - but he mentions

                  "Can pfsense talk to your "modem" – is the modem online - YES"

                  Well that tells me its his ISP or pfsense.  I would look to ISP first, but since his pfsense is not directly connected and behind a nat.  It is impossible to tell if pfsense can not talk to the gateway.  Which he would see instantly if pfsense was on public IP.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • S
                    stephenw10 Netgate Administrator
                    last edited by Sep 12, 2012, 6:25 PM

                    @johnpoz:

                    he mentions

                    "Can pfsense talk to your "modem" – is the modem online - YES"

                    Good point. Though that doesn't mean it's continuously online. However that should show up in the logs.

                    Much as I'm enjoying this speculating I think I'll wait for more information.  ;)

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • R
                      robertog
                      last edited by Sep 12, 2012, 7:38 PM

                      hi,
                      thanks guys for sharing your ideas and suggestions. I can't wait when i am physically back in the office (cc. 24.9) in order to try suggested options & share back with you all results. Roberto

                      1 Reply Last reply Reply Quote 0
                      16 out of 16
                      • First post
                        16/16
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received