Internet access from lan

mer

Client on the LAN side, do you have it's default GW set to be 10.10.10.2?

muswellhillbilly

Your NAT rules look ok, but check your Firewall rules as well. Remember rules apply from the top down, so the first rule that wins will be the topmost one. You don't have any block rules in place which might be stopping your ICMP traffic?

Might be worth posting your Firewall rules as well, just in case.

elessargr

@mer:

Client on the LAN side, do you have it's default GW set to be 10.10.10.2?

Yes. On my lan pc I have set it IP 10.10.10.7/24 GW 10.10.10.2 DNS 10.10.10.2

@muswellhillbilly:

Your NAT rules look ok, but check your Firewall rules as well. Remember rules apply from the top down, so the first rule that wins will be the topmost one. You don't have any block rules in place which might be stopping your ICMP traffic?

Might be worth posting your Firewall rules as well, just in case.

On Wan and Lan I have the same rule
IPv4 *  *  *  *  *  *  none

and on Lan there is one extra line

• • • LAN Address 80 * *

viragomann

If you're pinging from pfSense itself (Diagnostics->ping) there are no firewall rule applied.

Your packet capture shows
13:48:41.346544 IP 10.10.10.7 > 8.8.8.8: ICMP echo request, id 2, seq 415, length 40
Whose IP is 10.10.10.7?

Anyway, it isn't translated to WAN address while your NAT rules are okay. This may happen, if you change your LAN subnet.
Go to outbound NAT and try click Save button and reboot pfSense and see if it helped.

elessargr

@viragomann:

If you're pinging from pfSense itself (Diagnostics->ping) there are no firewall rule applied.

what do you mean with that? sould it work or not?

@viragomann:

Your packet capture shows
13:48:41.346544 IP 10.10.10.7 > 8.8.8.8: ICMP echo request, id 2, seq 415, length 40
Whose IP is 10.10.10.7?

Its a pc on the lan, behind the pfsense

@viragomann:

Anyway, it isn't translated to WAN address while your NAT rules are okay. This may happen, if you change your LAN subnet.
Go to outbound NAT and try click Save button and reboot pfSense and see if it helped.

This may happen, if you change your LAN subnet. ?????
save without do any new changes?

viragomann

@elessargr:

@viragomann:

If you're pinging from pfSense itself (Diagnostics->ping) there are no firewall rule applied.

what do you mean with that? sould it work or not?

Yes this should work anyway.

@elessargr:

@viragomann:

Anyway, it isn't translated to WAN address while your NAT rules are okay. This may happen, if you change your LAN subnet.
Go to outbound NAT and try click Save button and reboot pfSense and see if it helped.

This may happen, if you change your LAN subnet. ?????
save without do any new changes?

In former versions there were no changes necessary to reset NAT rules. But you may also switch to hyprid rule generation and save it to ensure it is saved.

elessargr

@viragomann:

@elessargr:

@viragomann:

If you're pinging from pfSense itself (Diagnostics->ping) there are no firewall rule applied.

what do you mean with that? sould it work or not?

Yes this should work anyway.

@elessargr:

@viragomann:

Anyway, it isn't translated to WAN address while your NAT rules are okay. This may happen, if you change your LAN subnet.
Go to outbound NAT and try click Save button and reboot pfSense and see if it helped.

This may happen, if you change your LAN subnet. ?????
save without do any new changes?

In former versions there were no changes necessary to reset NAT rules. But you may also switch to hyprid rule generation and save it to ensure it is saved.

on the ping nothing from the lan interface

I have also change the NAT outbound to Hybrid Outbound NAT rule generation (Automatic Outbound NAT + rules below)

viragomann

look for pings to the destination address (8.8.8.8 ). In the packet capture tab you can enter this address at host for filtering.
The packet capture must be taken from WAN interface. Have you done this above?
The pings there should come from your WAN address regardless, what's the real source, cause of NAT.

elessargr

@viragomann:

look for pings to the destination address (8.8.8.8 ). In the packet capture tab you can enter this address at host for filtering.
The packet capture must be taken from WAN interface. Have you done this above?
The pings there should come from your WAN address regardless, what's the real source, cause of NAT.

10:03:41.159463 IP 10.10.10.7 > 8.8.8.8: ICMP echo request, id 2, seq 1342, length 40
10:03:45.804347 IP 10.10.10.7 > 8.8.8.8: ICMP echo request, id 2, seq 1343, length 40
10:03:50.804364 IP 10.10.10.7 > 8.8.8.8: ICMP echo request, id 2, seq 1344, length 40
10:03:55.804314 IP 10.10.10.7 > 8.8.8.8: ICMP echo request, id 2, seq 1345, length 40

viragomann

If this capture is taken from WAN your outbound NAT isn't working. On LAN it should look like this, apart from missing responses.

Have you disabled firewall and NAT in pfSense? System > Advanced > Firewall / NAT > Disable Firewall.

elessargr

@viragomann:

If this capture is taken from WAN your outbound NAT isn't working. On LAN it should look like this, apart from missing responses.

Have you disabled firewall and NAT in pfSense? System > Advanced > Firewall / NAT > Disable Firewall.

ok so before this was checked. now its working because I have uncheck it. so now its on or off the firewall? I dont get it.

johnpoz

You don't get "DISABLE all packet filtering" ??

States turns pfsenes into ROUTER only!!
States also turns off NAT

That clearly is not checked out of the box… So you must of on purpose checked that... But you don't understand what it says?

What is it exactly that confuses you about that box and its wording??  And that is says DISABLE FIREWALL???

English is not your native language maybe?  And your putting that into say google translate and its coming out confusing in your language to if that turns on or off the firewall??

I don't get it is right ;)

viragomann

If this is unchecked firewall and NAT is turned off. Hence your outbound NAT didn't work.

It's unchecked by default, as johnpoz wrote. You may have checked it to prevent double NAT, cause your route also do NAT. If it's possible it's better to turn off NAT at the router. However, double NAT should also work.

elessargr

@johnpoz:

You don't get "DISABLE all packet filtering" ??

States turns pfsenes into ROUTER only!!
States also turns off NAT

That clearly is not checked out of the box… So you must of on purpose checked that... But you don't understand what it says?

What is it exactly that confuses you about that box and its wording??  And that is says DISABLE FIREWALL???

English is not your native language maybe?  And your putting that into say google translate and its coming out confusing in your language to if that turns on or off the firewall??

I don't get it is right ;)

I dont remember check in it; so I think its check out of the box.
now Im confuse because its says "disable firewall  [checkbox]" that means if I check it the firewall is OFF (check=yes, uncheck=no correct?) and viragomann says otherwise.

@viragomann:

If this is unchecked firewall and NAT is turned off. Hence your outbound NAT didn't work.

It's unchecked by default, as johnpoz wrote. You may have checked it to prevent double NAT, cause your route also do NAT. If it's possible it's better to turn off NAT at the router. However, double NAT should also work.

Are you sure? because now its working fine. Im going to firewall->rules-> and I put ICMP allow and its passing. I set it off and its blocking. Before no matter what it was always off; no ping was passing through the lan.

phil.davis

If this is unchecked firewall and NAT is turned off. Hence your outbound NAT didn't work.

That sentence is the wrong way around, it should say:

If this is checked firewall and NAT is turned off. Hence your outbound NAT didn't work.

viragomann

@phil.davis:

If this is unchecked firewall and NAT is turned off. Hence your outbound NAT didn't work.

That sentence is the wrong way around, it should say:

If this is checked firewall and NAT is turned off. Hence your outbound NAT didn't work.

Yes. Sorry, my mistake.