PFSense box not allowing Internet on LAN side

Beserker

To help eliminate some of the obvious problems:

WAN: 192.168.1.5/24 - no DHCP - Upstream Gateway: 192.168.1.1 (Router)
LAN: 192.168.10.1/24 - DHCP enabled

Firewall:

WAN: Left as Default
LAN: Allow all - Set to Pass - Port: Any

Block private Networks from entering via WAN - Enabled
Block Bogon Networks - Enabled

Will try and post logs in a few hours when I get home

Beserker

@Gertjan:

Hi,

A router (p

Think you only posted half the reply :P

Gertjan

See above, I edited my post (my train went in a tunnel …)

@Beserker:

…
Block private Networks from entering via WAN - Enabled
....

Perfect.

So you have this IP "RFC 1918 (10/8, 172.16/12, 192.168/16)" on your WAN and Block private Networks from entering via WAN set.
Using other words : your WAN IP will be blocked.

=> Undo the check ;)

Beserker

Thanks for the help so far @Gertjan

Followed the troubleshooter and I am still having trouble. I figured the easiest way for me to get all the info on my Firewall across is to make a video going through all the settings. Had to wait a little for my public IP to change before posting. If you dont mind watching a little and letting me know if you see anything out of place.

Thanks again

General Settings: https://youtu.be/EuZTMaYkBAU

Firewall Log: https://youtu.be/MMoOl8TNshM

NogBadTheBad

My guess would be the Mikrotik needs a static route for your pfSense LAN subnet pointing to the pfSense WAN IP address.

Get rid of the Mikrotik, you'll have a double NAT going on.

PS the videos don't play.

Beserker

Sorry let me change them from Private to Unlisted.
I'll look into that though, thanks a lot!

Beserker

So I spoke to my ISP, since I have no idea how to setup static routes in the mikrotik, and they recommended turning off NAT on the PFSense Box, since I still have phones and tablets connect to the mikrotik via wifi.

Would turning off NAT on the PFSense box fix this problem?

Beserker

We've tried adding static routes from both the Router and from the Pfsense box, and neither seem to work. Still completely stumped on this. If anyone has any idea of what I could do next it would be greatly appreciated.

cyberzeus

@beserker Is this still not working?

stephenw10

You are running 32bit and not even the latest 32bit version. That CPU can run 2.4.3_1 so you should be on that really.

You have no DNS resolution at the client. Is Unbound even running? Check Status > Services. Try Diag > DNS lookup which should try pfSenses own DNS servers.

You can ping 192.168.10.1 from the client but can you ping 192.168.1.20 or 192.168.1.1?

Steve