Having trouble getting Lan to talk to internet
-
Computer: (Static) IP 10.10.10.5
Sub 255.0.0.0
Gat NoneIf your LAN sides clients do not have gateway configured they won't be able to talk to anything outside their own subnet, which is what you're experiencing. If they are using DHCP then the default settings should have sent them the pfSense LAN address as a gateway. If they're using static IPs then add it manually.
Steve
Edit: I see Phil already pointed that out! ::)
What gateway address did you give them though? -
I looked and there are default rules for Nat outbound Lan to Wan, localhost to Wan, and isakmp lan to wan, as for gateway i set as the pfsense box of 10.10.10.1.
-
Hmm.
So if you try and ping, say, google.com from a client machine what is the response? Is DNS working? Can it see a route?
Is there any particular reason you're using static addressing?Steve
-
It times out on client when trying to ping google.com
I statically set the client static to test it out as if I had another DHCP server already giving out IPs, is my thinking wrong there was just trying to set as if it had been in real life scenario with microsoft. Microsoft having DNS and DHCP internally but having clients shotting out through the web though a proxy.
So I set it static to try and poorly emulate that, but have not got it to work,
My main goal is to test proxy with squid, never had used one so i heard some things about pfsense, looked it up and seen all the neat stuff that it could do figured it would be an awesome learning tool
Hope I didnt confuse anyone with those extra details. Main thing is still cant get out on client. Maybe I should try to allow it to DHCP and see if I get out, to be honest I dont know why that would work , but dont know why its not working statically either.
What do you think I should do?
-
It should work just fine with static IPs it's just easier to overlook something or mis-configure it. It won't hurt to try dhcp though.
The fact that it timeout trying to ping implies it's finding the IP via DNS and has a route to that IP it's just not receiving a reply.
If pfSense was blocking that traffic I would expect to see something in the firewall logs which I'm assuming you're not seeing. So why is it not routing the traffic? Like Phil suggested it looks like it's not NATing correctly but, as he also said, your NAT rules look good. ???Is it possible you have something else using 192.168.1.1 on your network? A switch or AP perhaps? Check the pfSense ARP table.
Steve
-
Diagnostics -> Ping -> 8.8.8.8, source address: LAN. What happens?
-
Big Update!
I read in another post of a guy who stated don't use the initial install to set up the pfsense box only set interface and dont mess with ip settings use only the gui.
So I re installed pfsense, but this time I only set the interface up and kept the Wan unplugged. i logged into the pfsense box through its initial config of the 192.168.1.1, i used the wizard to change ips to what I had previously stated, when I was done doing that the last page asked to push reload so I did, I waited another 5 minutes and then reloaded through the server directly once i did this it came back up and I can search internet no issues.
So is that a bug or is this common knowledge
-
uh oh, spoke to soon now I can get to interent from lan but wan is having some trouble
-
What you're saying is making no sense. You can access the internet from LAN machines but WAN (which is your internet access side) is having trouble?
You had/have a misconfiguration somewhere. If this were a bug, this issue would be reported often.
-
blowing me mind, have no clue how lan is working
-
Again, you're making no sense. Please be descriptive on what exactly is working (can you ping out to the internet, like 8.8.8.8, from a machine on your LAN? Can you ping out to the internet, like 8.8.8.8, from your WAN interface within pfSense?) and what isn't. When you say that LAN is working, WAN isn't, but you can get out to the internet, it leads me to believe you're not sure yourself what is actually working.
-
so I see what I did different. I set the client to have its only DNS entry to 192.168.1.1 this is the ip of the router/modem combo. previously i set the DNS on the client as 10.10.10.1 which is the lan ip of the pfsense box. Still though settings for wan are no diffent than they were before so i am confused again
When I ping from pfsense box on wan or lan interface i get complete loss of packets to google.com
pinging the 8.8.8.8 i get all those packets.
However if you read through all posts, Wan interface was working, just not lan interface going out to internet. Reinstalled same same setting just applied in a different way now Wan interface doesnt appeaar to be gettting out, but Lsn interface appears to be passing traffic.
However i did set DNS on client to go to 192.168.1.1 which is the ip of the modem router, i think i really want that to be set to the 10.10.10.1 though as that is the pfsense lan interface
-
I changed the Wan static to DHCP to pull from the modem router, and both side work now, dont know why that made a difference but it works
-
However i did set DNS on client to go to 192.168.1.1 which is the ip of the modem router, i think i really want that to be set to the 10.10.10.1 though as that is the pfsense lan interface
Yes, you want the LAN clients to ask pfSense for DNS queries.
I changed the Wan static to DHCP to pull from the modem router, and both side work now, dont know why that made a difference but it works
I imagine that the modem/router DHCP server handed pfSense WAN a gateway and a DNS server address that work.
When setting a static WAN IP you have to manually set the WAN gateway IP (modem/routers "LAN-side" address), and in System->General Setup put a DNS server IP (so that pfSense knows somewhere to go to on the WAN side to get DNS service). -
Ok, set to DNS on client to the 10.10.10.1 and still works,
thanks for the help guys, ill continue on if I run into more trouble ill post in appropriate forum
-
Interesting. So did you conclude that changing the LAN address from the console was causing problems? If so that might well explain a number of other users reported issues.
Steve
-
yes, I would say that by changing that info not through the GUI I had issues, so what seemed to correct any issues I had seen cam from setting up only the interfaces, then logging into the box at its default IP and changing the rest of the settings there fixed my issues
-
You had issues because you don't know what your doing, there is no no issues with changing IPs via the cli other than when you do so it asks for a gateway.. Which seems to confuse the shit out of users..
Matter of fact I just changed my dmz interface via the cli, bing bang zoom working just fine.
