Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Private WAN IP and Private LAN IP

    Scheduled Pinned Locked Moved NAT
    8 Posts 5 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      terragon
      last edited by

      Hi Everyone,

      I am very new to pfsense, like a week old. I have been having some issues configuring my box in many different ways, but the most is not being able to connect my LAN network to the internet. Here's my current setup:

      Modem – Router --- Internal network (192.168.11.0/24)
                                            |_ pfsense WAN (192.168.11.250) -- pfsense box -- pfsense LAN (10.0.16.0/24)

      Pfsense version: 2.1 (if that accounts for anything)

      The goal is to create another LAN segment for guest access and not give them access to the internal network. But as I've said the main issue is the LAN segment not being able to access the internet.

      Steps taken:

      1. Diagnostics > Ping - ping using WAN int can access the internet, ping using LAN int CANNOT
      2. Changed between DNS forwarder and manual DNS (Interface > General).
      3. Read some part of pfsense Cookbook 2.
      4. Prayed a lot last night for divine intervention.

      So yeah. I'm going towards the possibility that using 2 private IPs are what is causing this issue and/or NAT. I haven't done anything with NAT. Almost everything are at default value except for the usual interface config for WAN and LAN.

      I know I am missing something. Any help would be very much appreciated.

      Thanks,

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        That really does just work out of the box, LAN some private subnet, WAN some private IP sitting on a different private subnet with gateway to an upstream router.
        Maybe you did something weird, like specifying a gateway on LAN? That breaks it, because actually LAN has no gateway, it is WAN that has a gateway.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • T
          terragon
          last edited by

          That's exactly what I heard. It should've worked outside the box. I did read something somewhere that someone experienced the same after upgrading to 2.1 so he rolled back to an older version and it just worked.

          As for the LAN gateway, at first I did add a gateway. But after reading cookbook 2 I removed all the little mistakes I made. I should probably do a clean install just in case I really messed up the settings. If it still doesn't work, I'll try an older version. Thanks.

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            You might still have a gayeway for LAN in System->Routing that is set as the default gateway. Select WANGW as the default gateway and completely delete the LAN GW.
            But yes, at this early stage it will be easier and safer to return to factory defaults and do your settings again.
            And there is definitely no reason to go back to an older version. 2.1 has loads of bugs fixed compared to 2.0.3. Your configuration is really simple and standard, so it will work with 2.1.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            R 1 Reply Last reply Reply Quote 0
            • T
              terragon
              last edited by

              THAT WORKED!! You're right. I still have an entry on System > Routing for LAN. So totally removing that entry did it for me!! My LAN can now access the internet. Thank you so much for the help phil.davis! I really appreciate it!  ;D

              Please mark this issue as solved!  :)

              1 Reply Last reply Reply Quote 0
              • D
                dark.neo29
                last edited by

                I know this is a old topic but what about NAT?  Would the packets not be written with private IP's for both WAN and LAN so when the packet returns to the real WAN IP how would it make its way back?

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Double NAT. Or disable NAT in pfSense and instruct the outside router to do the NAT for the pfSense LAN IP network too.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • R
                    rodrigrc @phil.davis
                    last edited by

                    @phil-davis
                    Have the same situation even removing gw on lan doesn't work. Anything config needed on NAT.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.