(newbie) How connect WAN and LAN to internet
-
Hello,
I think my question is stupid … I spend hour on it without finding the solution ...
The role of my pfsense box is :
have an openVPN network (not tested yet)
use a DNS forwarding to access internally some resources with internal IP and externaly with the external IP (this is working)
Internet is comming to the WAN port of PFsense (ip like 192.168.0.10) , gateway is 192.168.1.1
my Lan is connected to the LAN port who is going to a router(192.168.1.10) , ip of the port 192.168.1.1the internal network is on the subnet 192.168.2.x (IP with DHCP or fixed)
I don't have any internet connection on the LAN port of pfsense... do I need to set up a gateway? if yes witch one? (I did multiple try without success). should I put a proxy between both ...I probably miss something easy ... help please ??? ???
-
lease provide a diagram of your configuration. I can't make sense of your description:
@marciton:my Lan is connected to the LAN port who is going to a router(192.168.1.10) , ip of the port 192.168.1.1
Your LAN is connected to the LAN port of what?
Internet is comming to the WAN port of PFsense (ip like 192.168.0.10) , gateway is 192.168.1.1
This seems like it could be a problem but its impossible to say because you haven't given the network mask on the pfSense WAN port, hence it is impossible to say if the gateway and the WAN port are on the same IP subnet and hence impossible to say if this configuration is valid. (The gateway needs to be on the same IP subnet as the WAN interface.)
But then you go on to say the gateway is on the same subnet as the pfSense LAN interface which is wrong.You don't seem to understand IP subnetting and IP routing. I suggest you read wikipedia articles on those topics.
-
ok I'm not so newbie on networking , just with pfsense …
you right I forgot to said I'm on /24
yes my LAN is connected to the LAN port and the WAN to the WAN Port (who is connected to internet)
if I do a simple ping on the WAN port , it's ok. if it's on the the LAN Port it's notI've attached a diagram
-
ok I'm not so newbie on networking , just with pfsense …
you right I forgot to said I'm on /24
yes my LAN is connected to the LAN port and the WAN to the WAN Port (who is connected to internet)
if I do a simple ping on the WAN port , it's ok. if it's on the the LAN Port it's notI've attached a diagram
Thanks for the diagram. The 192.168.2.1/24 will be a problem because it is not the subnet of the pfSense LAN interface and you have given no indication how pfSense is to send traffic there. The pSense LAN interface and the LAN network need to be in the same IP subnet OR you need an additional router that isn't shown in your diagram.
Its hard to tell you what to change because there isn't enough information about your other networking equipment nor why the 192.168.2.1/24 is shown on your diagram.
To illustrate the problem: suppose a system on the LAN with IP address 192.168.2.97/24 issues a ping to the pfSense LAN interface IP address and suppose it actually arrives at the pfSense LAN interface. pfSense will generate a response, but the destination IP address of the response is not on any of the pfSense interfaces so the routing table will be consulted, the default route chosen (unless you have configured something you haven't yet mentioned) and the response will go out the WAN interface which might not be what you want.
Your description @marciton:
if I do a simple ping on the WAN port , it's ok. if it's on the the LAN Port it's not
is ambiguous (what system did you issue the ping from? what was the target of the ping? IP address? hostname?) and doesn't provide enough detail (what is reported when you do the pings you describe?)
-
Your description @marciton:
if I do a simple ping on the WAN port , it's ok. if it's on the the LAN Port it's not
is ambiguous (what system did you issue the ping from? what was the target of the ping? IP address? hostname?) and doesn't provide enough detail (what is reported when you do the pings you describe?)
ok let focus on that part. I'm doing the ping from pfsense (the web site) to www.google.com
on that menu you can select to do the ping from the WAN or from the LAN portfrom the WAN port I've a feedback , nothing from the LAN
-
Try a network diagram like this. (I used libreoffice draw)
-
I think that one is more accurate
-
I'm doing the ping from pfsense (the web site) to www.google.com
on that menu you can select to do the ping from the WAN or from the LAN portfrom the WAN port I've a feedback , nothing from the LAN
If you send the ping to www.google.com out the LAN port how is it going to get to www.google.com?
By "nothing from LAN" do you mean there was nothing reported at all or there was no ping response reported but something else was reported? If something other than a ping response was reported what was reported? Reporting the actual response to system commands is almost always more informative than "summaries" like "nothing" or "didn't work".
Regarding your network configuration diagram: the non-pfsense router doesn't appear to add any value (other than, perhaps, it saved buying a switch) and actually complicates things a bit: If this router doesn't do NAT then you need to add a static route to pfSense so it knows to get to the 192.168.2.0/24 network through 192.168.1.100.
-
ok I'll try to add the route …. it's because of it that I don't have internet access from the LAN (192.168.2.x) ?
-
ok I'll try to add the route …. it's because of it that I don't have internet access from the LAN (192.168.2.x) ?
Maybe! If that router does NAT the route won't be needed? Does it do NAT?
-
If the "192.168.2.x router" does do NAT the static route won't be necessary but won't do any harm.
If the "192.168.2.x router" doesn't do NAT the static route will be necessary (but may not be sufficient). Just add the static route.