Can't access internet
-
You didn't mentioned your firewall rules. Please verify that all is configured as desired.
Also, please have a look on your firewall logs and check if you see you web traffic passing or blocked. Make sure that you marked the "Log packets…" on each of your firewall rules. -
The lan rules ar the basic ones
Anti-lockout rule
Default allow LAN to any rule
Tried to go to google's IP 216.58.208.202 with the browser and the log shows as pass, but i can't reach the site.
-
You must not check "Block private networks" on WAN interface if you have a private subnet on WAN!
-
I've removed the "block private networks" and checked "Disable hardware checksum offload"
Still no access, but new fwall log that shows blocks
-
The two blocks on LAN are IPv6. Maybe you've disabled IPv6.
You can display the appropriate rule in the log by activate this in the log setting (Where to show rule descriptions).There are allowed access shown in the log to a private network. I don't know if this is on WAN or another internal one.
Is your outbound NAT configured correctly?
-
I do indeed block IPv6
My outbound NAT is set to automatic.
The Wan network range is 192.168.170.1/24 That's the ISP router internal network. -
The last log in your screenshot shows permitted https access to the internet. So if that doesn't work, I assume that responses do not come back to the source host.
If your outbound NAT is set to automatic packets source address should be translated to WAN address and everything should work properly.
Ensure that your WAN subnet is configured correctly at pfSense and your router. Check the mask.
For troubleshooting do a packet capture (Diagnostic menu) on WAN and LAN while you try to attempt a public site. -
The mask for the 192.168.170.0 network is 255.255.255.0
The one setup in the wan gateway is 192.168.170.1/24
Attaching the capture file[185.31 log.txt](/public/imported_attachments/1/185.31 log.txt)
-
For evaluating the packet capture, it's necessary to know on which interface it is taken.
If this is from LAN it's okay, if it's from WAN your outbound NAT doesn't work.If you do again a capture, please select IPv4 address family and TCP protocol for more clarity.
-
Here's a new capture
Interface: lan
address family:ipv4
protocol tcpThanks
[185.31 log.txt](/public/imported_attachments/1/185.31 log.txt)
-
As said above, for LAN the former capture was okay anyway. It depends on WAN.
-
Did another test.
From the pfsense console i was able to download a file with curl.
Tried from a std ubuntu server and it fails.
So there's really a block from lan to wan. :'( -
A misconfigured outbound NAT could cause the same effect.