LAN traffic blocked from accessing Internet
-
My bad I read that as HAS been setup ;) – sorry about that!
Why would you have turned off outbound nat to manual.. Pfsense works out of the box auto devices connected on the lan.. If you disabled the outbound nat that is most likely your problem. Post up your outbound nat settings.
Rules on lan are any any out of the box - did you change those?
Do your clients on lan get an IP, can they ping pfsense IP on the lan?
-
I turned outbound nat to manual when In my troubleshooting quest. The below is my summary for the outbound nat to manual:
WAN 127.0.0.0/8 -> port 500 -> WAN address ->ISAKMP
WAN 127.0.0.0/8 -> * -> Auto created rule - localhost to WAN
WAN 192.168.1.0/24 ->port 500 WAN address (Auto created rule for ISAKMP - LAN to WAN)
WAN 192.168.1.0/24 -> WAN address -> (Auto created rule - LAN to WAN)If I choose automatic outbound NAT no lan rules are created
-
If you automatic and it doesn't create the nats for you lan networks then you have something wrong..
Here is mine for example… I have it in hybrid mode, notice all the networks it created nats for to the wan interface. Even creates nats for vpn tunnel networks.
This really is clickity clickity up and running.. You really should not have to do anything other than setup whatever dhcp pool you want, etc.
Did you modify the lan rules? Can your dhcp client ping your pfsense wan IP? Lan rules are default any any - so how would you get anything listed and default deny rule on your lan? So you must of changed something in the rules or you client is from different IP range than your lan? Or the traffic is out of state anyway, etc.
-
I've figured out how to attach stuff.
![nat settings.png](/public/imported_attachments/1/nat settings.png)
![nat settings.png_thumb](/public/imported_attachments/1/nat settings.png_thumb) -
automatic nat
![automatic mode.png](/public/imported_attachments/1/automatic mode.png)
![automatic mode.png_thumb](/public/imported_attachments/1/automatic mode.png_thumb)
![automatic mode.png](/public/imported_attachments/1/automatic mode.png)
![automatic mode.png_thumb](/public/imported_attachments/1/automatic mode.png_thumb) -
So those are the auto created rules when you switched to manual… Again there is ZERO reason to be in manual - why would you change to that??
So can your clients on 192.168.1.0/24 that get a dhcp address which points to pfsense as the gateway actually ping pfsense lan IP which is what? 192.168.1.1? What are the rules on your lan interface?
-
i took the screenshot in manual to show the rules. It's currently in auto at the moment. the lan ip is 192.168.1.1. The rules on the interface are to allow 80/443 on the lan network and a rule allowing all traffic from LAN all outbound access which I added for testing.
-
Screenshots are always the best option..
Well then it would work - can you ping pfsense IP 192.168.1.1? If not with an any any rule then something not right for sure.. Can you ping your wan IP? If you can ping your want IP and say no internet - you mean no dns? Can you ping your ISP gateway, and outside IP like 8.8.8.8 or 4.2.2.2?
-
the problem was caused by a faulty nic which i was using for LAN. I changed the card and without any configuration, it started working as expected.
-
Don't remember having a NIC failed on me after thousands… probably like 30 years! Ur a lucky man.