Routing issue to internet on LAN

anogmus

Correct I had type it is 10.5.1.10 - 10.5.1.254

I connected my pc directly to LAN without switch at this point. no luck

I'm not able to bing routing IP 70.168.57.35
If I do traceroute it's not able to get out of lan.

I restored to default settings still no luck…

What can I do in firewall to make it work?
Any other thoughts?

timthetortoise

Ah. If you're not using a switch, you have to use a crossover cable to connect the two machines directly (assuming that both are not gigabit NICs).

anogmus

@timthetortoise:

Ah. If you're not using a switch, you have to use a crossover cable to connect the two machines directly (assuming that both are not gigabit NICs).

It's soekris net6501 device.
And I use switch too same bad results

timthetortoise

Okay, so are you able to ping 10.5.1.1?

anogmus

@timthetortoise:

Okay, so are you able to ping 10.5.1.1?

Yes I am able to ping 10.5.1.1

timthetortoise

So make sure there's a rule in your LAN section to pass any protocol, any source, any destination. If there is already, then it's down to a routing issue.

anogmus

@timthetortoise:

So make sure there's a rule in your LAN section to pass any protocol, any source, any destination. If there is already, then it's down to a routing issue.

I added such rule, no luck :(

What in routing can cause it?

anogmus

So likely I am 27 years old who has been using linux ever since been 12.
So after log digging and routing tests I have fixed the problem and this happened to be a bug in pfsense that is runing on some hardware such as soekris net6501 in my case.

Here is the problem:
When you first install pfsense than configure WAN and Lan, assuming you don't do any changes to LAN it will allow you to go out and ping outside from LAN.

1. But soon as 2-3 minutes later LAN can't ping internet.
2. Lan stops accessign internet soon as you do change to LAN address.

Problem cause:
The internal gateway route have been removed from DCHP! Also firewall rule removed also! by pfsense software!! Ridicules!

FIX:
Create following rules:
In my case my LAN is 10.5.1.1
Firewall > Rules
Select tab LAN
Create Rule

Protocol: Any
Source: Any
Destination: Any
Port: Any
Gateway: Wan gateway here

Than once this done:
Services > DHCP server
in field Gateway enter your LAN's gateway, in my case it is 10.5.1.1

Volya! Now LAN got access to internet!

Let me know if you have any question!

timthetortoise

There's no bug, you simply did something wrong. I am posting this from a fresh install in which I tested what you're claiming happened. My guess is that you didn't update your DHCP scope. When I change my interface address and adjust the DHCP scope for it, then release/renew my IP, it works as expected.

timthetortoise

Gotta eat my words on this, it looks like you did indeed discover a bug in the DHCP code. I'm able to reproduce this on 2.1.2, and I'm assuming it applies to 2.1.1 as well.
In my case, my DHCP client was never assigned a gateway in general, and this is reflected by there not being an "option routers" directive in the dhcpd.conf file. I am investigating where this is happening.

Documented here with a temporary fix: https://forum.pfsense.org/index.php?topic=75766