OPT1 can't get Internet

Derelict

No. Don't set a gateway on LAN interfaces.

All hosts on OPT1 should have 192.168.1.11 as their default gateway.

Your OPT1 rule is fine.

What are your settings in Firewall > NAT, Outbound? Is 192.168.1.0/24 listed as a source network on WAN?

Hosts having pfSense as the default gateway, rules on OPT1, and outbound NAT are really all there is to it.

newest_newbie

Yes I believe - both LAN and OPT1
WAN 127.0.0.0/8 192.168.0.0/24 192.168.1.0/24 * * 500 WAN address * Auto created rule for ISAKMP
WAN 127.0.0.0/8 192.168.0.0/24 192.168.1.0/24 * * * WAN address * Auto created rule

newest_newbie

During my search, looked like this is a very common problem, and no one has a sure way of fix it.
Meanwhile I am trying to find a solution.
If someone has some tip…

Derelict

It is not a common problem.

• pfSense as the hosts' default gateway

• firewall rules on the inside interface passing the traffic

• Outbound NAT

• It just works

newest_newbie

I'm sure it works, since it was designed to be a firewall… :P ...but not smoothly

More information

My physical map

OPT1 (192.168.1.11) <------> SWITCH <-----> (192.168.1.238 STATIC) WINDOWS PC FIREWALL DISABLED
                                              SWITCH <-----> (192.168.1.9 STATIC) ANOTHER HOST                           
Testing the port

PF/DIAGNOSTICS/PING 
PING 192.168.1.238 (192.168.1.238): 56 data bytes
64 bytes from 192.168.1.238: icmp_seq=0 ttl=128 time=0.314 ms
64 bytes from 192.168.1.238: icmp_seq=1 ttl=128 time=0.159 ms
64 bytes from 192.168.1.238: icmp_seq=2 ttl=128 time=0.372 ms
--- 192.168.1.238 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.159/0.282/0.372/0.090 ms
Success !!! Physically everythings okay

The rule at OPT1

States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
0 /0 B        IPv4 * OPT1 net * * * * none   ALLOW OPT1 TO ANY

Testing the rule

If I enable it at PF/FIREWALL/RULES/OPT1, I ping to 192.168.1.238, it answers.
If I disable it at PF/FIREWALL/RULES/OPT1, I ping to 192.168.1.238, it times out.
So the rule is surely working, but not allows to pass on, or something in the back is not working as it should.

How I know it works ?

I made a batch which run at windows PC and constantly pings realms
PING 192.168.1.9    (another host at same switch) - OK
PING 192.168.1.11  (gateway port at OPT1) - OK
PING 192.168.0.11  (gateway port at LAN) - TIMES OUT
PING 192.168.2.100 (gateway port at WAN) - TIMES OUT
PING 8.8.4.4            (dns server at internet - no name translation) - TIMES OUT
PING www.???????.com.br (my website at intenet - name translation) - TIMES OUT

Suggestions ?

Derelict

Might want to start here:

https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

johnpoz

What I can tell you is this is clickity clickity.. Add a opt interface, give it an IP, setup rules on that interface = works right out the box!!

That you have realtek interfaces might be the problem - what is common is users using realtek or usb interfaces having issues.

"During my search, looked like this is a very common problem"

What search - please post to articles/forum threads you think is common to your issue.. Where "and no one has a sure way of fix it. " Could almost promise you your problem is either PEBAC.. or hardware issue..

kpa

It's not a common problem at all. There are just a few people out of literally thousands who can't get this working because either they have some crazy ideas of how networking works or they are in the small minority with broken/badly working/poorly supported hardware.

newest_newbie

I found the problem…

All of this began when i needed to build a Captive Portal.

I've notice that OPT1 wasn't working.
I've been trying to ping but didn't seem to work.

So I found out that Captive Portal was still enabled although not fully configured.
I never thought CP would block ICMP - but I should. :o
I disabled CP and voila !! it worked....

I found this following this step-by-step that Derelict showed me, although everything was setup properly.

When I said this is a common problem I mean I found a lot of posts regarding this, people gets stuck trying to found out how stuff work and behave. A bit like "if you are here you can't get things easy - you've got to sweat".
This is a part of getting knowledge to something new.

Anyway it's all up and running.
I was a Smoothwall Express user and now I'm a happy PFsense user...

Thanks buddies.

PS: Now another hill to climb - captive portal using vouchers.

johnpoz

So chalk another one up to PEBKAC ;)

newest_newbie

Normally that happens when you are at full multitasking with just one core processor (head)…  :)