Pfsense cant connect on lan

jonfil0130

Hi, anybody can help me figure out the problem i got after setting up the pfsense box. WAN is fine. It can ping and do nslookup using public ip but the LAN is offline. Thanks

Wolf666

We need more info, like topology, your connection type, current Outgoing NAT rules and firewall rules…...

As a start check outgoing nat, check if LAN net is routed to WAN gateway (default, I assume you are on single WAN). Then check firewall rules on LAN tab, you should put a pass.

In outbound nat, choose AON (manual), delete all rules and add:

Do not NAT = [] (unchecked)
Interface = [ WAN ▼]
Protocol = [ any ▼]
Source = [] Not (unchecked)
              Type: [ Network ▼]
              Address: [ yourip subnet ] / [ 24 ▼]
              Source port: [] (empty/blank)

Not (unchecked)

              Type = [ Any ▼]
              Address: [] / 24 ▼
              Destination Port: [_____] (empty/blank)
Translation: Address = [ Interface Address ]
Description = [ LAN to WAN ]

In Firewal rules, LAN TAB, you should add:

Action = [ Pass ▼]
Interface = [LAN ▼]
TCP/IP Version = [IPv4 ▼]
Protocol = [Any ▼]
Source = [] Not (UNCHECKED)
              Type: [ LAN Subnet ▼]
              Address: [] (BLANK)
Destination = [] Not (UNCHECKED)
                    Type: [ Any ▼]
                    Address: [__] (BLANK)
Description = [✎ ALLOW LAN OUTBOUND]

That's it!

jonfil0130

Hi Wolf666,

Thanks for the very informative reply. I will give it a shot tomorrow and keep you posted. Actually, I do have a single WAN and using a model/router what i did is that i configured the modem/router to bridge then connect it to the WAN nic of pfsense server. I configured it to PPPOE and everything works fine. I connected the LAN nic to the switch to share internet connection. DHCP is running from the pfsense server. When I check the Status "Gateway" its only the WAN interface that's online and as mentioned it can ping and do nslookup. I checked the firewall under LAN and there's only 3 default rules and all of it are configured as "PASS" and for WAN there's 2 default rules which are both under "BLOCK". Maybe its something to do with the routing that's why i can't go online thru LAN. I appreciate your reply Wolf. Thanks again!

stephenw10

I have to say I would always advise you leave outbound NAT set to automatic unless you really need to set manual rules. The suggested rule should work though.

@jonfil0130:

When I check the Status "Gateway" its only the WAN interface that's online

This implies there might be more than one gateway. A common mistake is to add a gateway to the LAN interface which is almost always incorrect. Remove it if you have and then make sure the WAN gateway is set as default in System: Routing: Gateways:

@jonfil0130:

for WAN there's 2 default rules which are both under "BLOCK". Maybe its something to do with the routing that's why i can't go online thru LAN.

The two rules you are seeing 'block bogons' and 'block private networks' are not a problem if your WAN interface is receiving a public IP via PPPoE. Even if it isn't it won't prevent internet access from LAN.

Steve