Having trouble getting Lan to talk to internet
-
The Firewall and Nat are disabled still, I think Nat has to def. be turned off as the Modem/Router has this turned on, the firewall I wouldn't think would be blocking anything as I never set anything up in the first place.
Actually you will want NAT from LAN to WAN. The front-end modem/router will not know that the route back to 10.0.0.0/8 is through the pfSense at 192.168.1.27. But if you NAT out from LAN to WAN then the modem/router will see all the traffic coming from 192.168.1.27 and so have no trouble talking to it.
The other alternative is to add a static route on the modem/router to tell it that 10.0.0.0/8 is reached through 192.168.1.27.
And make sure that the default LAN allow all rule is still there. -
Per the advice above I have enabled the firewall and Nat, still no internet, spidy senses tingling saying maybe I need to configure a rule, but isnt this defaulted to pass traffic or am i down the wrong path.
-
Firewall->Rules LAN tab should already have a rule allowing all traffic originating from LAN. If there are no rules on LAN, then yes, you do have to add a rule to pass the traffic you want (for starters, pass all and get it working)
-
the rule is there as you said I did not have to create anything, any other ideas.
-
This route DIagnostic should that look that way
-
There is Rule that passes all Lan activity on Lan interface but should there be something on the WAN
-
That all looks good. This standard config just works out of the box, so I am really struggling to see what has gone wrong without being on the system to click around for 1 minute.
I can only suspect NAT. Make sure you have set Firewall->Rules, Outbound NAT to Automatic Outbound NAT.
pfSense will make good NAT rules for this configuration.
and make sure there is NO gateway defined on LAN. -
Phil,
Im no pro at PFsesne, I actually like what ive read about it, and want to start getting a full understanding of it. I have no problem with you logging in as like i said its just for learning, Im Central time so if you were serious about that I have no problem probably going to crash here in a few. I came across one thing on the forums where one guy stated dont use the installer to set the interfaces. I myself did set those when installing, Could this be an issue or is that other guys experience isolated.
I will check those other Nat settings in the morning, maybe when I had originally disabled the firewall and the NAT it took out those automatic setups
My thinking was that if i disabled those things it would work then keep working with the firewall to add things and test with because I knew that it worked before a specific setting. But Ill check out that Nat Rules to see whats there, also honestly I am confused. If I need to re-install too no biggy, trying to learn and I appreciate the help you have been providing
-
Goto System -> Setup Wizard
And just go through all the steps again.
-
Computer: (Static) IP 10.10.10.5
Sub 255.0.0.0
Gat NoneIf your LAN sides clients do not have gateway configured they won't be able to talk to anything outside their own subnet, which is what you're experiencing. If they are using DHCP then the default settings should have sent them the pfSense LAN address as a gateway. If they're using static IPs then add it manually.
Steve
Edit: I see Phil already pointed that out! ::)
What gateway address did you give them though? -
I looked and there are default rules for Nat outbound Lan to Wan, localhost to Wan, and isakmp lan to wan, as for gateway i set as the pfsense box of 10.10.10.1.
-
Hmm.
So if you try and ping, say, google.com from a client machine what is the response? Is DNS working? Can it see a route?
Is there any particular reason you're using static addressing?Steve
-
It times out on client when trying to ping google.com
I statically set the client static to test it out as if I had another DHCP server already giving out IPs, is my thinking wrong there was just trying to set as if it had been in real life scenario with microsoft. Microsoft having DNS and DHCP internally but having clients shotting out through the web though a proxy.
So I set it static to try and poorly emulate that, but have not got it to work,
My main goal is to test proxy with squid, never had used one so i heard some things about pfsense, looked it up and seen all the neat stuff that it could do figured it would be an awesome learning tool
Hope I didnt confuse anyone with those extra details. Main thing is still cant get out on client. Maybe I should try to allow it to DHCP and see if I get out, to be honest I dont know why that would work , but dont know why its not working statically either.
What do you think I should do?
-
It should work just fine with static IPs it's just easier to overlook something or mis-configure it. It won't hurt to try dhcp though.
The fact that it timeout trying to ping implies it's finding the IP via DNS and has a route to that IP it's just not receiving a reply.
If pfSense was blocking that traffic I would expect to see something in the firewall logs which I'm assuming you're not seeing. So why is it not routing the traffic? Like Phil suggested it looks like it's not NATing correctly but, as he also said, your NAT rules look good. ???Is it possible you have something else using 192.168.1.1 on your network? A switch or AP perhaps? Check the pfSense ARP table.
Steve
-
Diagnostics -> Ping -> 8.8.8.8, source address: LAN. What happens?
-
Big Update!
I read in another post of a guy who stated don't use the initial install to set up the pfsense box only set interface and dont mess with ip settings use only the gui.
So I re installed pfsense, but this time I only set the interface up and kept the Wan unplugged. i logged into the pfsense box through its initial config of the 192.168.1.1, i used the wizard to change ips to what I had previously stated, when I was done doing that the last page asked to push reload so I did, I waited another 5 minutes and then reloaded through the server directly once i did this it came back up and I can search internet no issues.
So is that a bug or is this common knowledge
-
uh oh, spoke to soon now I can get to interent from lan but wan is having some trouble
-
What you're saying is making no sense. You can access the internet from LAN machines but WAN (which is your internet access side) is having trouble?
You had/have a misconfiguration somewhere. If this were a bug, this issue would be reported often.
-
blowing me mind, have no clue how lan is working
-
Again, you're making no sense. Please be descriptive on what exactly is working (can you ping out to the internet, like 8.8.8.8, from a machine on your LAN? Can you ping out to the internet, like 8.8.8.8, from your WAN interface within pfSense?) and what isn't. When you say that LAN is working, WAN isn't, but you can get out to the internet, it leads me to believe you're not sure yourself what is actually working.