Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Internet on second lan

    Scheduled Pinned Locked Moved Routing and Multi WAN
    13 Posts 5 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOMK
      KOM
      last edited by

      Do you have a Default Allow rule on the igb4 interface? Only the first LAN gets such a rule by default. All other added interfaces have no rules and no access.

      1 Reply Last reply Reply Quote 0
      • D
        DaveB
        last edited by

        I believe so.
        Under Firewall/Rules/SecondLan I have
        Protocol IPv4 *
        Source SecondLan net
        Port *
        Destination *
        Port *
        Gateway *
        Queue None

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Did you modify your outbound NAT rules recently? If your first LAN is working, then usually the extra LANs are a cinch with just the addition of the Default Allow rule.

          1 Reply Last reply Reply Quote 0
          • D
            DaveB
            last edited by

            outbound_nat.png

            These are my current (hybrid) outbound nat rules .
            The automatic rules have obviously changed by the addition of 192.168.3.0/24

            1 Reply Last reply Reply Quote 0
            • kiokomanK
              kiokoman LAYER 8
              last edited by

              can you ping 8.8.8.8 from secondlan ? maybe a dns problem?

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              1 Reply Last reply Reply Quote 0
              • D
                DaveB
                last edited by

                No I cannot ping 8.8.8.8 from SecondLan.

                The address of my WAN is given as 146.xxx.xxx.xxx and I can ping that

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  I'm not sure what's going wrong here. I will say that I've had a few cases this week where simply deleting everything and starting again fixed several weird problems.

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Do you have Don't pull routes checked or unchecked in the purevpn client config?

                    If it's unchecked, check it.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • D
                      DaveB
                      last edited by

                      Well definitely a step forward thank you.

                      Checking don't pull routes does indeed provide internet access on SecondLan. However the computer on igb1 that should be going through my VPN now displays my public IP address.☹

                      Further advice welcome as I am well out of my depth here.

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by Derelict

                        You have two choices:

                        Disable Don't pull routes and policy route everything you DON'T want to go over the VPN to the WAN Gateway.

                        Enable Don't pull routes and policy route everything you DO want to go over the VPN to the VPN Gateway.

                        When you pull routes from a VPN server they usually push a default route to you (actually two routes 0.0.0.0/1 and 128.0.0.0/1 which covers the IPv4 space in two routes.) This means you need to policy route exclusions to that out the WAN.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • GertjanG
                          Gertjan @KOM
                          last edited by

                          @KOM said in No Internet on second lan:

                          I will say that I've had a few cases this week where simply deleting everything

                          Included the fact that there was an "AP" between OPT and the device - pfSense worked well, it was the AP .....

                          @DaveB : what is between your OPT interface and your device - just a cable or some box ?
                          What was the IP the device got using DHCP ?
                          Netmask ?
                          DNS ?
                          Gateway ?

                          No "help me" PM's please. Use the forum, the community will thank you.
                          Edit : and where are the logs ??

                          1 Reply Last reply Reply Quote 0
                          • D
                            DaveB
                            last edited by

                            I believe I am now sorted.

                            I have left don't pull roots unchecked and in firewall/rules/secondlan advanced options/gateway I chose WAN_PPPoE.

                            I now have internet connection via VPN on igb1 and igb2 and connection not through VPN on igb4 just as I wanted.

                            Many thanks for the help

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.