Problem with FW itself Internet Access
-
Hello,
- The Mask in my lan is 255.255.255.0
- The Firewall network config as it is in the image is WAN - 192.168.1.1-255.255.255.0- GW-192.168.1.99 and LAN - 192.168.0.1-255.255.255.0 (no GW configured)
- I can ping the router of MOVISTAR from the firewall to the ip 192.168.1.99 without problem.
- Yes, all users in the LAN can access to all services of internet, HTTP, FTP, etc, but the Firewall can´t.
- No, there is no configuration in the router to block the firewall access to internet. I installed a old Zentyal 3.5 to test, and made the same configuration and the zentyal can access to internet.
As I have configured our public ip address in the outbount, I think that is not being used by the Firewall to access internet. I will post an image of the settings used. The configuration of the Port Forwarding is working well to access the services of our servers.
Many thanks for your help.
-
Ok, so what are the DNS settings for your firewall? And what DNS server(s) are you assigning your LAN clients (via DHCP I assume)? From the description, this sounds like a possible DNS issue. Have you tried remoting onto the firewall via SSH and running a dig or nslookup against some random remote hosts - bbc.co.uk or www.yahoo.com, for instance? If that works, have you tried running a telnet from the same command prompt on the firewall to a remote host on port 80 (eg: 'telnet www.bbc.co.uk 80')?
-
I didn´t change any DNS settings after the installation. So they are by default. The General Settings -> DNS Server Settings has got 127.0.0.1 and 192.168.0.12. All clients in the LAN are using 192.168.0.12 as the DNS Server.
When I make a nslookup in firewall shell, the address is resolved, and the same to ping or telnet.Any other idea?
Thanks
-
Post your firewall rules for both your WAN and LAN. It's starting to look like you either have a block rule for your firewall set somewhere in your rules, or the Movistar device is causing some kind of block.
-
Here I post the RULES for LAN and WAN. All of them have been created automatically when I configured the port forward for the access to the internal servers.
I don´t think that the problem is happening in the Movistar router, because If I use the old Zentyal Proxy with the same configuration it works well and can access to internet itselves.
Any idea with the rules?
Many thanks![RULES 1.JPG](/public/imported_attachments/1/RULES 1.JPG)
![RULES 1.JPG_thumb](/public/imported_attachments/1/RULES 1.JPG_thumb)
![RULES 2.JPG](/public/imported_attachments/1/RULES 2.JPG)
![RULES 2.JPG_thumb](/public/imported_attachments/1/RULES 2.JPG_thumb) -
From what I can see, there doesn't appear to be anything on the firewall blocking access to the internet from your firewall. Have you tried running a default config on the PFS first, without all the forwarding rules, etc? If you start with a basic, vanilla installation you ought to be able to access the internet directly from the firewall. From there you can then customise your setup and continue testing until the issue reappears.
-
Hello,
It just has the problem after the installation. When I install Pfsense, I configure both interfaces WAN and LAN. After that I have to manually configure the outbound because I need to configure the public IP to go to internet. If I don´t configure the public ip in the NAT outbound, anyone will go to internet.
So just when I do that, all Lan computers go to internet but the proxy doesn´t.Any other idea?
-
It just has the problem after the installation. When I install Pfsense, I configure both interfaces WAN and LAN. After that I have to manually configure the outbound because I need to configure the public IP to go to internet. If I don´t configure the public ip in the NAT outbound, anyone will go to internet.
So just when I do that, all Lan computers go to internet but the proxy doesn´t.Ok, so when you install PFS, you configure the WAN and LAN interfaces. Assumedly you have to set your WAN default gateway to the Movistar router to get out to the internet. At this point, assuming you don't have anything on the router which is blocking you, you ought to have a working firewall which allows all users out and allows the firewall to connect to any updates/packages/etc. Is this right?
If I don´t configure the public ip in the NAT outbound, anyone will go to internet.
What do you mean by this? What are you trying to acheive by not allowing anyone to get to the internet?
-
When I configure LAN and WAN, I put by default the MOVISTAR Gateway which is the ip 192.168.1.99.
This gateway is allowing us to go to internet if we change the source addres with the Public one. And when Movistar router receive connections from internet to our public ip, it only send all traffic to our WAN ip address which is 192.168.1.1That is why I need to use the manual outbound NAT, because the Movistar router is expecting to receive outbound traffic with public ip header.
-
From the sound of it, you're trying to run before you can walk. Start by configuring the firewall with the basic, out-of-the-box settings. Just configure your internal network settings, you WAN IP and gateway. Check that your LAN hosts can access the internet and that the PFS can pick up updates/packages. Once you get to this point, THEN look at trying to customise your outbound traffic and inbound NAT. After you make each change, check once more to see if your firewall can still pick up updates, etc. The point where things go awry will be when you make the change which breaks your connection. Then it will be easier to find out the fault and address it.