Pfsense 2.4.4 no internet access! Help please! (Solved)

smrehan00 · Mar 4, 2019, 9:05 PM

@KOM

I tried those steps but it didn't work.I can't get to the internet. Did you check the logs and configuration file?

KOM · Mar 4, 2019, 9:32 PM

I tried those steps but it didn't work

If I had a dollar every time I heard that one...

Did you check the logs and configuration file?

Nope. Trying to decipher a mishmash of xml isn't what I call fun.

From Diagnostics - Ping, can you ping 8.8.8.8?

smrehan00 · Mar 5, 2019, 4:23 AM

@kom I tried to ping 8.8.8.8 from diagnostics but it didn't work. What I found out is that the monitor IP (8.8.8.8) which I use to check the status of the default gateway is showing down. I just got to work. Let me post the screenshots for a better understanding.

smrehan00 · Mar 5, 2019, 7:20 AM

@KOM Here are the screenshots!
login-to-view

login-to-view

KOM · Mar 5, 2019, 2:19 PM

Hmmm. You have some weirdness going on. Unbound (DNS Resolver) not being to bind to a socket, and the WAN gateway showing offline.

Has this ever worked or is it a new installation? Whats on the WAN side, just a cable modem? If so, you should see if your ISP can flip it to bridged mode so that you're not double-NATing.

Gertjan · Mar 5, 2019, 2:56 PM

You said your WAN IP is a 'private IP' :
@smrehan00 said in Pfsense 2.4.4 no internet access! Help please!:

I have configured WAN as DHCP (private ip)

192.168.0.x, right ?

Now, check your first rule on the WAN interface :

@smrehan00 said in Pfsense 2.4.4 no internet access! Help please!:

login-to-view

You're blocking private networks - such as, for example 192.168.0.x.

It's time to make a choice ^^

KOM · Mar 5, 2019, 2:58 PM

That RFC block on WAN would only affect incoming traffic to any NATs he might define. It's not going to affect outgoing LAN traffic and their replies.

Gertjan · Mar 5, 2019, 3:03 PM

@kom said in Pfsense 2.4.4 no internet access! Help please!:

That RFC block on WAN would only affect incoming traffic to any NATs he might define

Such as the third WAN firewall rule ?

Any, I stand corrected, just checked mine, using a 192.168.10.5 WAN IP : nothing changed (could post this message).

akuma1x · Mar 5, 2019, 4:08 PM

A couple of observations...

You're probably double-NAT'ed by using a cable modem that is already running NAT. That could potentially cause trouble, unless you know how to work around it. Like has been said above, see if you can get your cable modem put into bridge mode, that makes setting up your WAN interface a lot less trouble-free when it comes to overlapping or conflicting network address space and NAT rules.
I don't think you need to set the Gateway addresses under System -> General Setup -> DNS Server Settings. In my several pfsense installs, these fields are always empty.
On your LAN General Config page, you've got a /16 subnet mask. That's a pretty big range, allowing you to have 65,000 plus host machines on that network. Do you need a network that big for this project?
Your WAN is using a private IP address of 192.168.0.106, normally this doesn't cause a problem, unless your ISP modem is also using the same network space somewhere in it's network settings.

Jeff

smrehan00 · Mar 5, 2019, 5:52 PM

@akuma1x
@KOM

I was able to resolve the issue.It was because of the internet connection as it was blocking dns and moreover the internet connection had asymmetric routing done.
I tested the same scenario remotely from my UK office and it worked without a problem.

smrehan00 · Mar 5, 2019, 5:55 PM

@akuma1x
@KOM

Thanks guys for your help.