Having trouble getting Lan to talk to internet
-
Firewall->Rules LAN tab should already have a rule allowing all traffic originating from LAN. If there are no rules on LAN, then yes, you do have to add a rule to pass the traffic you want (for starters, pass all and get it working)
-
the rule is there as you said I did not have to create anything, any other ideas.
-
This route DIagnostic should that look that way
-
There is Rule that passes all Lan activity on Lan interface but should there be something on the WAN
-
That all looks good. This standard config just works out of the box, so I am really struggling to see what has gone wrong without being on the system to click around for 1 minute.
I can only suspect NAT. Make sure you have set Firewall->Rules, Outbound NAT to Automatic Outbound NAT.
pfSense will make good NAT rules for this configuration.
and make sure there is NO gateway defined on LAN. -
Phil,
Im no pro at PFsesne, I actually like what ive read about it, and want to start getting a full understanding of it. I have no problem with you logging in as like i said its just for learning, Im Central time so if you were serious about that I have no problem probably going to crash here in a few. I came across one thing on the forums where one guy stated dont use the installer to set the interfaces. I myself did set those when installing, Could this be an issue or is that other guys experience isolated.
I will check those other Nat settings in the morning, maybe when I had originally disabled the firewall and the NAT it took out those automatic setups
My thinking was that if i disabled those things it would work then keep working with the firewall to add things and test with because I knew that it worked before a specific setting. But Ill check out that Nat Rules to see whats there, also honestly I am confused. If I need to re-install too no biggy, trying to learn and I appreciate the help you have been providing
-
Goto System -> Setup Wizard
And just go through all the steps again.
-
Computer: (Static) IP 10.10.10.5
Sub 255.0.0.0
Gat NoneIf your LAN sides clients do not have gateway configured they won't be able to talk to anything outside their own subnet, which is what you're experiencing. If they are using DHCP then the default settings should have sent them the pfSense LAN address as a gateway. If they're using static IPs then add it manually.
Steve
Edit: I see Phil already pointed that out! ::)
What gateway address did you give them though? -
I looked and there are default rules for Nat outbound Lan to Wan, localhost to Wan, and isakmp lan to wan, as for gateway i set as the pfsense box of 10.10.10.1.
-
Hmm.
So if you try and ping, say, google.com from a client machine what is the response? Is DNS working? Can it see a route?
Is there any particular reason you're using static addressing?Steve
-
It times out on client when trying to ping google.com
I statically set the client static to test it out as if I had another DHCP server already giving out IPs, is my thinking wrong there was just trying to set as if it had been in real life scenario with microsoft. Microsoft having DNS and DHCP internally but having clients shotting out through the web though a proxy.
So I set it static to try and poorly emulate that, but have not got it to work,
My main goal is to test proxy with squid, never had used one so i heard some things about pfsense, looked it up and seen all the neat stuff that it could do figured it would be an awesome learning tool
Hope I didnt confuse anyone with those extra details. Main thing is still cant get out on client. Maybe I should try to allow it to DHCP and see if I get out, to be honest I dont know why that would work , but dont know why its not working statically either.
What do you think I should do?
-
It should work just fine with static IPs it's just easier to overlook something or mis-configure it. It won't hurt to try dhcp though.
The fact that it timeout trying to ping implies it's finding the IP via DNS and has a route to that IP it's just not receiving a reply.
If pfSense was blocking that traffic I would expect to see something in the firewall logs which I'm assuming you're not seeing. So why is it not routing the traffic? Like Phil suggested it looks like it's not NATing correctly but, as he also said, your NAT rules look good. ???Is it possible you have something else using 192.168.1.1 on your network? A switch or AP perhaps? Check the pfSense ARP table.
Steve
-
Diagnostics -> Ping -> 8.8.8.8, source address: LAN. What happens?
-
Big Update!
I read in another post of a guy who stated don't use the initial install to set up the pfsense box only set interface and dont mess with ip settings use only the gui.
So I re installed pfsense, but this time I only set the interface up and kept the Wan unplugged. i logged into the pfsense box through its initial config of the 192.168.1.1, i used the wizard to change ips to what I had previously stated, when I was done doing that the last page asked to push reload so I did, I waited another 5 minutes and then reloaded through the server directly once i did this it came back up and I can search internet no issues.
So is that a bug or is this common knowledge
-
uh oh, spoke to soon now I can get to interent from lan but wan is having some trouble
-
What you're saying is making no sense. You can access the internet from LAN machines but WAN (which is your internet access side) is having trouble?
You had/have a misconfiguration somewhere. If this were a bug, this issue would be reported often.
-
blowing me mind, have no clue how lan is working
-
Again, you're making no sense. Please be descriptive on what exactly is working (can you ping out to the internet, like 8.8.8.8, from a machine on your LAN? Can you ping out to the internet, like 8.8.8.8, from your WAN interface within pfSense?) and what isn't. When you say that LAN is working, WAN isn't, but you can get out to the internet, it leads me to believe you're not sure yourself what is actually working.
-
so I see what I did different. I set the client to have its only DNS entry to 192.168.1.1 this is the ip of the router/modem combo. previously i set the DNS on the client as 10.10.10.1 which is the lan ip of the pfsense box. Still though settings for wan are no diffent than they were before so i am confused again
When I ping from pfsense box on wan or lan interface i get complete loss of packets to google.com
pinging the 8.8.8.8 i get all those packets.
However if you read through all posts, Wan interface was working, just not lan interface going out to internet. Reinstalled same same setting just applied in a different way now Wan interface doesnt appeaar to be gettting out, but Lsn interface appears to be passing traffic.
However i did set DNS on client to go to 192.168.1.1 which is the ip of the modem router, i think i really want that to be set to the 10.10.10.1 though as that is the pfsense lan interface
-
I changed the Wan static to DHCP to pull from the modem router, and both side work now, dont know why that made a difference but it works
