Pfsense 2.4.4 no internet access! Help please! (Solved)
-
Hello Everyone,
I am having problems accessing the internet from LAN side. I have a very simple setup.
Cable Net Router (tplink) - > Pfsense - > PC
The cablenet router uses a PPPOE connection to grant internet access to the devices on LAN. The Wan connection has a subnet of 192.168.0.x as defined on tplink router. I have configured WAN as DHCP (private ip) and lan interface as 172.22.101.1. The problem is that I am unable to access internet from LAN no matter what I do. The default allow to any rule is present. I have no other rule configured. I have a doubt that my internet connection may be restricted as internet works fine when I connect my laptop to it directly.
I am attaching the firewall logs for reference.
I am also attaching the configuration xml file that I backed up.Kindly let me know if you find any errors. Thank you in advance.0_1551730337227_config-pfSense.test-20190304171039.xml
0_1551730361032_logs.xlsThe check mark is next to all entries in the excel file for logs except for one which has an x mark next to it.
-
Have you gone through the Connectivity guide? It should just work right out of the box.
https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
-
I tried those steps but it didn't work.I can't get to the internet. Did you check the logs and configuration file?
-
I tried those steps but it didn't work
If I had a dollar every time I heard that one...
Did you check the logs and configuration file?
Nope. Trying to decipher a mishmash of xml isn't what I call fun.
From Diagnostics - Ping, can you ping 8.8.8.8?
-
@kom I tried to ping 8.8.8.8 from diagnostics but it didn't work. What I found out is that the monitor IP (8.8.8.8) which I use to check the status of the default gateway is showing down. I just got to work. Let me post the screenshots for a better understanding.
-
-
Hmmm. You have some weirdness going on. Unbound (DNS Resolver) not being to bind to a socket, and the WAN gateway showing offline.
Has this ever worked or is it a new installation? Whats on the WAN side, just a cable modem? If so, you should see if your ISP can flip it to bridged mode so that you're not double-NATing.
-
You said your WAN IP is a 'private IP' :
@smrehan00 said in Pfsense 2.4.4 no internet access! Help please!:I have configured WAN as DHCP (private ip)
192.168.0.x, right ?
Now, check your first rule on the WAN interface :
@smrehan00 said in Pfsense 2.4.4 no internet access! Help please!:
You're blocking private networks - such as, for example 192.168.0.x.
It's time to make a choice ^^
-
That RFC block on WAN would only affect incoming traffic to any NATs he might define. It's not going to affect outgoing LAN traffic and their replies.
-
@kom said in Pfsense 2.4.4 no internet access! Help please!:
That RFC block on WAN would only affect incoming traffic to any NATs he might define
Such as the third WAN firewall rule ?
Any, I stand corrected, just checked mine, using a 192.168.10.5 WAN IP : nothing changed (could post this message).
-
A couple of observations...
- You're probably double-NAT'ed by using a cable modem that is already running NAT. That could potentially cause trouble, unless you know how to work around it. Like has been said above, see if you can get your cable modem put into bridge mode, that makes setting up your WAN interface a lot less trouble-free when it comes to overlapping or conflicting network address space and NAT rules.
- I don't think you need to set the Gateway addresses under System -> General Setup -> DNS Server Settings. In my several pfsense installs, these fields are always empty.
- On your LAN General Config page, you've got a /16 subnet mask. That's a pretty big range, allowing you to have 65,000 plus host machines on that network. Do you need a network that big for this project?
- Your WAN is using a private IP address of 192.168.0.106, normally this doesn't cause a problem, unless your ISP modem is also using the same network space somewhere in it's network settings.
Jeff
-
-
