PFSense box not allowing Internet on LAN side
-
Hi,
Try this one : https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
And, what about posting what is wrong ? This way we can answer you right away.On a PC :
ipconfig /all ping 8.8.8.8 ping google.com
and do not forget to mention the pfSense LAN settings - anything you changed on LAN (DHCP server ..).
Also : just in case : on the WAN interface : what is the IP ? and is "Block private networks and loopback addresses" checked, or not ?
A router (pfSense) after a router after a router(?). Ok, why not. Love it already.
-
To help eliminate some of the obvious problems:
WAN: 192.168.1.5/24 - no DHCP - Upstream Gateway: 192.168.1.1 (Router)
LAN: 192.168.10.1/24 - DHCP enabledFirewall:
WAN: Left as Default
LAN: Allow all - Set to Pass - Port: AnyBlock private Networks from entering via WAN - Enabled
Block Bogon Networks - EnabledWill try and post logs in a few hours when I get home
-
-
See above, I edited my post (my train went in a tunnel …)
…
Block private Networks from entering via WAN - Enabled
....Perfect.
So you have this IP "RFC 1918 (10/8, 172.16/12, 192.168/16)" on your WAN and Block private Networks from entering via WAN set.
Using other words : your WAN IP will be blocked.=> Undo the check ;)
-
Thanks for the help so far @Gertjan
Followed the troubleshooter and I am still having trouble. I figured the easiest way for me to get all the info on my Firewall across is to make a video going through all the settings. Had to wait a little for my public IP to change before posting. If you dont mind watching a little and letting me know if you see anything out of place.
Thanks again
General Settings: https://youtu.be/EuZTMaYkBAU
Firewall Log: https://youtu.be/MMoOl8TNshM
-
My guess would be the Mikrotik needs a static route for your pfSense LAN subnet pointing to the pfSense WAN IP address.
Get rid of the Mikrotik, you'll have a double NAT going on.
PS the videos don't play.
-
Sorry let me change them from Private to Unlisted.
I'll look into that though, thanks a lot! -
So I spoke to my ISP, since I have no idea how to setup static routes in the mikrotik, and they recommended turning off NAT on the PFSense Box, since I still have phones and tablets connect to the mikrotik via wifi.
Would turning off NAT on the PFSense box fix this problem?
-
We've tried adding static routes from both the Router and from the Pfsense box, and neither seem to work. Still completely stumped on this. If anyone has any idea of what I could do next it would be greatly appreciated.
-
@beserker Is this still not working?
-
You are running 32bit and not even the latest 32bit version. That CPU can run 2.4.3_1 so you should be on that really.
You have no DNS resolution at the client. Is Unbound even running? Check Status > Services. Try Diag > DNS lookup which should try pfSenses own DNS servers.
You can ping 192.168.10.1 from the client but can you ping 192.168.1.20 or 192.168.1.1?
Steve