Users on the LAN network do not surf the internet
-
yes, the two items of the WAN configuration are disabled. I can not run the "curl" command because it is not installed, and I can not install it (I mean the virtual machine) because it can not connect to the internet, but pinging to google DNS works.
-
@sparviero79 said in Users on the LAN network do not surf the internet:
yes, the two items of the WAN configuration are disabled. I can not run the "curl" command because it is not installed,
Good news for you : read https://forum.netgate.com/topic/140637/update-pfsense-packages-to-protect-against-nginx-libzmq4-and-curl-vulnerabilities
which implies that the command 'curl' is installed by default.Instead of using de dumb "Diagnostics => Command Prompt", use the console access.
Enter option 8.
Type curl.... VLAN10 (opt4) -> fxp0.10 -> v4: 192.168.9.1/24 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell Enter an option: 8 [2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: curlIf curl isn't there, consider your system broken. Re install.
-
ok sorry, I thought the command had to run from the virtual desktop machine. the result from the pfsense console is this:
-
Perfect.
It's resolving and http works.Now, throw away 'your' LAN rules (the second and third, the first is auto generated) and make it look like
(ditch the Destination : "WAN net" on the IPv4 rule - dono where that came from, somewhat missed that earlier this morning) -
I did, but without result
-
Notice the lan rule doesn't even show any hits its 0/0
You sure your clients are even talking to pfsense to get to the internet?
You should see hits on your lan rule
You have zero?
-
I guess he took a screen shot right after applying without testing LAN access first ;)
-
Actually now I have encountered this problem, the LAN gateway is offline
-
there shouldn't be a LAN gateway.. Is that a gateway to get to downstream networks? If so then it should be connected via transit network.. Using a network with hosts on it as transit is going to be an an issue with asymmetrical routing.
-
I guess I could mention right away : if you 'did' anything with gateways, undo that.
More general : re do the entire setup. Just set up WAN (the access to the up stream router) and do not touch anything else.
It will work.
At that point, start applying your personalization, and test thoroughly every step - as soon as your connection is lost, undo the last step and study more about. -
Guys thank you very much for the help you are giving me. I'm starting now to study the firewall world and then learn more and more because I have a great passion for this world. sorry if I disturb you with my inexperience, but I have to start somehow to learn.
Now I'm doing a clean installation and I'll let you know ;-) -
I made a clean new installation, but the result does not change. I think I did everything you told me ... I'm almost giving up
-
In your General Setup screen, I don't think you need the gateways defined for those 2 Google DNS servers. Of the 5-6 pfsense boxes I've installed and managed, I never have to put in a value there.
Set those values to "None", save your settings, maybe even reboot the pfsense instance, then try the internet from your LAN network again...
Jeff
-
Agree with that.
One shouldn't even touch anything related to DNS the first 48 hours after initial setup.
No where it has been said in any firewall setup-doc that a DNS should be set ! Not in the official Netgate support doc, and no where else.
These "8.8.8.8" and "4.4.4.4" are like "Christmas" and "Antivirus" : they were invented for pure commercial reasons.
(IMHO) -
VirtualBox does tend to use it's own DHCP server on internal networks, that might conflict with pfSense. So check the network settings on your client VM.
@sparviero79 said in Users on the LAN network do not surf the internet:
sorry if I disturb you with my inexperience, but I have to start somehow to learn.
First learn the details about your virtualization environment, then learn the details about the guest systems.
-
Ok because my questions seem to be causing bad mood, I remove the trouble and look elsewhere.
Thanks anyway -
Hoho : No bad mood at all on this side.
All reflexions are here to help you.
Remember : we all have been there - and most of us seen it all already. We're all expert in doing this fast, good and stable (so you can pass on to other things fast !)Using a VM - not a small affair and using pfSense, not your basic classic "OS" setup neither, isn't an easy thing.
What about VM and an OS you already know
and
pfSense on an old PC with extra network card
and learn in parallel.
You will be a winner in the learning process. -
@gertjan said in Users on the LAN network do not surf the internet:
Hoho : No bad mood at all on this side.
All reflexions are here to help you.
Remember : we all have been there - and most of us seen it all already. We're all expert in doing this fast, good and stable (so you can pass on to other things fast !)Thank you so much for your encouragement. I also thought about abandoning Virtualization, because that's the problem in my opinion.
Thanks again
