Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Second LAN connection has no internet access

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      garethrobson
      last edited by

      Hi,

      We have a vmware PFSense installation that has an existing LAN connection (172.17.0.1/19) with 2 WAN connections (Load balanced).
      This all works fine.

      I am now however adding a new LAN interface which is on a seperate VLAN (configured on the host side not PFSENSE) which for some reason cannot access the internet.

      I already added a catchall rule to allow access to everything from this interface and when viewing logs, there is no blocked traffic. The problem appears to be with routing I believe.

      I can talk to the PFSENSE from a machine on this new VLAN but cannot ping 8.8.8.8
      I also cannot ping 8.8.8.8 from the PING section of diagnostics when selecting the new LAN interface (the existing LAN interface works fine).

      Any ideas where to look next?

      Thanks,
      Gareth

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        I am now however adding a new LAN interface which is on a seperate VLAN (configured on the host side not PFSENSE) which for some reason cannot access the internet.

        Sorry. No idea what this means. But you probably need outbound NAT rules for those source addresses if they are passed by the firewall rules on the interface.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • G
          garethrobson
          last edited by

          Thanks that's done the trick :)

          There was an outbound nat rule for RFC1918 on one of the WAN interfaces but the other was explicitly stating 172.17.0.0/19

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Why do people turn off automatic nat… I just do not get it...

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              At least use hybrid if you need something special. Only place manual really makes sense is HA. And even then it's easier to leave it on auto until all the interfaces are defined then switch to manual.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.