How to config the LAN interface users to Internet (Basic configuration)

coachever

@isolatedvirus
Okey, the firewall is running on VIrtualBox
Pfsense WAN is in VirtualBox NAT mode 10.0.2.15
LAN is in an internal mode 192.168.1.1

So ping from client machine to 105.57.94.2 is

Ping from Pfsense wan side to 105.57.94.2 is

Nslookup from client machine to 105.57.94.2 and www.duckduckgo.com is

No changes to DNS settings and the DNS resolver config is

isolatedvirus

ok whatever that IP is, it isnt working. Remove it from your config (Could be under the WAN configuration via allow DHCP override of DNS or something to that affect)

Looks like pfsense is hitting 8.8.8.8 and getting results, but when it trys that IP it gets no responses.

coachever

@isolatedvirus
You mean this? I have uncheck the System=>General Setup=>Allow DNS server list to be overrided by DHCP/PPP on WAN and added 8.8.8.8 and 8.8.4.4 DNS servers.

This is the tutorial that i have followed, is it possible to using this setup to connect to Internet?

Thank you for your time @isolatedvirus

coachever

https://www.tecmint.com/installation-and-configuration-of-pfsense-firewall-router/
This is the tutorial link,

isolatedvirus

review the first screenshot in the topic (105.57.94.2) is listes as a DNS server. Yes, uncheck that, you have the firewall performing as a DNS server itself (listed as 127.0.0.1). its capable of looking up DNS itself would the use of an upstream DNS server from WAN.

coachever

@isolatedvirus
Is this right?

But after that, there is no ping response from WAN side to yahoo.com

I think we'are very to close to succeed, but my knowledge and experience is too low, sorry

isolatedvirus

hostname www.yahoo.com

coachever

@isolatedvirus

Ping to www.yahoo.com

isolatedvirus

Before doing any of the following, perform this:
System->Advanced->Netowrking
Disable Checksum/TCP Seg/ Large Receive offloading.
On windows: Ping 8.8.8.8
On windows: Navigate to www.duckduckgo.com or perform nslookup
If this is working, perform a nslookup on pfsense to confirm you can resolve www.duckduckgo.com

what are the outgoing DNS interfaces set as in the DNS resolver?

Confirm the following: System-> General Setup
-No DNS servers configured.
-DNS Override UNCHECKED
-Disable DNS Forwarder UNCHECKED

Services -> DNS Forwarder
-Enable DNS Forwarder UNCHECKED

Services -> DNS Resolver
-Enable DNS Resolver CHECKED
-Network Interfaces ALL
-Outgoing Interfaces WAN (or whatever your uplink interface is)
-DNS Query Forwarding UNCHECKED

On windows:
Ping 8.8.8.8
In a browser, navigate to www.duckduckgo.com, or perform a nslookup

On pfsense
ping 8.8.8.8
perform nslookup for www.duckduckgo.com

Gertjan

@coachever said in How to config the LAN interface users to Internet (Basic configuration):

https://www.tecmint.com/installation-and-configuration-of-pfsense-firewall-router/
This is the tutorial link,

That's an old version of pfSense.
Never ever use these kind of videos. Use the official videos first. And because you don't want to find differences, errors or whatever issue exists between old version and recent version, you should stick with the official videos.

If WAN is setup - then you do not need to think or do anything related to DNS.
It works out of the box.
pfSense behaves like any other router/firewall : set up WAN and you have a connection to the net.

By (incompletely) following some video you broke your DNS setup. (because the video isn't right, some needed settings aren't mentioned or because the situation changed).

It's like you're using an Windows XP tuto for Windows 10.

Btw : Official videos are here.

JeGr

@coachever

In your first Post your pfSense WAN interface was configured (via DHCP?) to 192.168.1.8.
In later posts it happens to be 10.0.2.15.

What is your WAN connection? How do you connect pfSense to your ISP/uplink/Internet? DNS may be a problem, but I think you don't have your WAN running correct. Also if your WAN is indeed a private IP, uncheck the "block private IPs" checkbox on "Interfaces / WAN".

coachever

I think the problem is on DNS Resolver, which is, when I uncheck the DNS Resolver

then the client can connect to the internet. On the other hand, when I check (enable) the DNS Resolver

clients then unable to connect to the internet. So the problem is DNS Resolver, i guess. What should I do?

Gertjan

The Resolver should be activated, or the Forwarder.
One or the other.
Both : impossible.

Up to you to choose one.
However : The Resolver (or Forwarder) has to be set up correctly.
When you installed pfSense, the Resolver is activated and will work right out of the box. No changes from you are needed.

Running pfSense with no Resolver neither Forwarder is no advised at all.

And what about answering questions ?
Like the one @JeGr asked ?