No internet acces via pfsense from a subnet behind a routing server

arosoft

I have a routing server behind the pfsense system and
I can not access the internet from the client in a subnet of the routing server.
The routing on the routing server is on.

The routing server has one interface in the psense LAN and one interface in the dedicated subnet.

WANNET pfsense = Internet IP address
LANNET pfsense 10.16.16.0/20 IP=10.16.31.254
static route on pfsense 10.10.22.0/24 via 10.16.18.1

LANNET routing server 10.16.16.0/20 IP=10.16.18.1
SUBNET routing server 10.10.22.0/24 IP=10.10.22.2
default gateway 10.16.31.254

SUBNET client 10.10.22.11
default gatway 10.10.22.2

On the pfsense I can make a ping to the client 10.10.22.11
On the client I can make a ping to any host in the network 10.16.16.0/20
(e.g. ping 10.16.16.2)

Because the client use the LAN address of the pfsense as the DNS server address,
the client can mak an nslookup for any internet address.

But I can not access the web address of google in my browser on the client.

All clients in the LAN network 10.16.16.0/20 have no problems to access
the internet pages.

Any idea or solution ?

viragomann

Since the subnet 10.10.22.0/24 isn't defined on pfSense itself, it doesn't create an outbound NAT rule automatically for it.
So you have to switch the outbound NAT into the hybrid mode and add a outbound NAT rule for the subnet to the WAN interface.

arosoft

The hybrid mode is already on.

I have found an already created auto rule.

WAN 127.0.0.0/8 ::1/128 10.10.22.0/24 10.10.23.0/24 10.16.16.0/20 192.168.8.0/24 10.0.10.0/24 * * * WAN address * Auto created rule

I have add the following extra mapping

WAN 10.10.22.0/24 * * * WAN address *

But it does not work.

viragomann

So the outound NAT rule for 10.10.22.0/24 was already added automatically:
@arosoft said in No internet acces via pfsense from a subnet behind a routing server:

WAN 127.0.0.0/8 ::1/128 10.10.22.0/24 10.10.23.0/24 10.16.16.0/20 192.168.8.0/24 10.0.10.0/24 * * * WAN address * Auto created rule

What do the filter rules look alike on pfSense LAN interface. Is the upstream traffic allowed from 10.10.22.0/24?

To investigate, ensure to allow ping to the internet and try a ping to 8.8.8.8 and also to google.com to rule out DNS issues.

arosoft

@viragomann

The LAN rules has this content

States Protocol Source Port Destination Port Gateway Queue Description
1 /1.16 GiB * * * LAN Address 10443,80,22 * * Anti-Lockout Rule

4.203 K/11.99 TiB IPv4* LAN net * * * * none Default allow LAN to any

arosoft

SOLVED

The following LAN rule solved the problem

StatesProtocol Source Port Destination Port Gateway Queue Schedule Description
66/4.92 MiB IPv4* 10.10.122.0/24 * * * * none

Thanks to viragoman !!!