I have no internet access to sites other than Google & youtube through pfSense?

Pagger · Jun 20, 2018, 7:56 PM

Hello, i have this setup: Cable modem > Nic1 and then Nic2 > Switch > clients
pfSense is running inside HyperV.
HyperV network is set up as with 2 external switches, "LAN" and "WAN"

pfSense is using both theese NIC's and LAN/WAN is setup on the correct one.

pfSense is getting a 128.x.x.x IP on the WAN, LAN is setup 10.0.0.1.

The rest of the pfSense setup is pretty basic, which to my understanding should give Internet acess?
The thing is, pfSense (and client on the LAN aswell) can actually ping out, both IP's and host names, but when browsing the internet, I can't access anything other than Google or Youtube (steam and blizzard chat works aswell, could even launch up WoW)
This seemed very weird to me, and after thinking about what could cause this my initial thought was maybe these sites use IPv6, and thus the problem is Ipv4 only, but I'm really not sure, since (correct me if i'm wrong) I wouldnt be able to ping ipv4 adresses then?
When i initially thought that might be the issue, I was thinking what would be able to cause that, and it struck me: NAT
So I went and looked at the NAT rules, and to my awe there were 2 default rules configered, and (again correct me if i'm wrong) it should work already by default?
I have been reading alot of documentation, watching alot of videos, and googled alot of stuff theese past couple of days, thinking it would be awesome to learn alot of the stuff anyway, but i'm running out of data on my cellphone, so now I want to fix this ASAP :D
I wanna say thanks if you made the time to read this, whether you have a solution or not, I sencerely appreciate it, and if you do have a (possible) solution please let me know.

mateusscheper · Jun 20, 2018, 7:56 PM

I'm new at pfSense, but I would check my firewall logs and try to traceroute some sites from the webgui.

Status > System Logs > Firewall
Check if when you enter a link, it gets blocked (press F5 to update);

Try "tracert insersitehere" from Windows CMD (traceroute if Linux);
Try tracertoute from pfSense webgui itself: Diagnostics > Traceroute;

You can disable the firewall to see if something works:
System > Advanced > Firewall & NAT > Check "Disable Firewall"

As I said, I'm new to pfSense, so if something does not work, we can try something else. :)

Pagger · Jun 20, 2018, 11:04 PM

When disabling the Firewall, I also disable NAT, and I can't ping out no more, I can't watch videos on youtube or anything, basically no connection.
So my best bet is that its the firewall blocking connections

I tried getting the logs you asked for, aswell as posting my Firewall rules and Nat setup, hopefully this helps.
I do see all the blocked connections, so I assume this is the problem, but I have no idea what is causing it.

https://imgur.com/a/gr5CLUl

I can try a tracert, but I assume it works, since I can ping out from both hosts on lan and pfSense.

mateusscheper · Jun 20, 2018, 11:49 PM

Maybe you have to set a rule to allow connections from your router to pfsense and from pfsense to PCs.
I have two: allowing everything on all ports to 192.168.1.3:80 (pfsense) and another rule saying the same, but to port 443. (I used easy rule)

Try to tracert to sites that does not work to see if where the packages stops.

Pagger · Jun 21, 2018, 1:14 AM

I have 1 rule on WAN, and one one LAN that should allow everything

TraceRT don't seem to be a problem.
https://imgur.com/a/v1DUHc6

mateusscheper · Jun 21, 2018, 2:12 AM

I'm sorry, but I'm out of ideas. :(
Let's wait for someone else.

AndyC · Jun 21, 2018, 4:41 AM

@pagger said in I have no internet access to sites other than Google & youtube through pfSense?:

I have 1 rule on WAN, and one one LAN that should allow everything

TraceRT don't seem to be a problem.
https://imgur.com/a/v1DUHc6

Remove that WAN any/any rule. Go do that now.
From the nslookup output it seems you are not using pfsense for DNS. What does your DNS setup look like?

Pagger · Jun 21, 2018, 1:05 PM

@andyc My DNS setup is is: 2 Windows DC's with DNS, one at 10.1.0.20 and the next et 10.1.0.21.
Clients are set to use those and primary/sencondary DNS, and both of the servers have 10.0.0.1 (pfSense LAN IP) set as a forwarder.

Do you want me to delete the file because it's bad practice, or because It's part of the problem?:p

motific · Jun 21, 2018, 3:59 PM

@pagger because you’re using AD, your DNS is correct. Client machines use the AD DNS and that should forward to pfSense (so you can use things like pfBlockerNG).

motific · Jun 21, 2018, 4:14 PM

The block rule shows that it was dropping traffic from 10.0.0.1 to 10.0.0.24.

What have you got in system>routing and what packages are you running?

Pagger · Jun 21, 2018, 6:13 PM

@motific Under Gateway i have DHCP and It shows my WAN IP, nothing is set under static rouges og Gateway groups.

I got the following services running:
Dpinger
Ntpd
Syslogd
Unbound

saquibahmed42991 · Dec 6, 2020, 7:37 AM

@pagger i disable my WAN ipv6 and everything is solved .