Unable to browse the web
-
I just installed PFSense, but now i cannot browse the web, i just get a white page, i believe the firewall needs a rule to let the traffic get in, does anyone can suggest a solution?
ThanksAlso, when i try to do a search on this site, i see the topics coming in while i write in the search field, but when i click on them, nothing happen....
-
Check / Read:
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html
-
Read the doc provided above.
Pfsense comes default ready to go. You should easily be online in most cases.
No the firewall does not need any rules to allow traffic in. Outbound connections open the return traffic automatically.
-
@ptt
Thanks for the link, i am following the instructions and i am trying all the tests in the diagnostic part of this document, they have been all succesfull apart from this one, so i am trying to fix it with the info provided."Test NAT: Try to ping 8.8.8.8 (Diagnostics > Ping) using LAN as the Source Address
If this fails but the other tests work, then the problem is likely Outbound NAT (See the WAN/LAN gateway checks above)"
-
So far, the problem seems to be with the "Outbound NAT".
I believe that it might be the default gateway, but i am not able to understand this scheme:IPv4 Routes
Destination Gateway Flags Use Mtu Netif Expire
default 192.168.1.1 UGS 622 1500 re1
1.1.1.1 192.168.1.1 UGHS 20 1500 re1
8.8.8.8 192.168.1.1 UGHS 36 1500 re1
127.0.0.1 link#4 UH 104 16384 lo0
172.16.1.0/24 link#1 U 4 1500 re0
172.16.1.254 link#1 UHS 0 16384 lo0
192.168.1.0/24 link#2 U 16946 1500 re1
192.168.1.254 link#2 UHS 0 16384 lo0 -
Your WAN IP address is ?
Your LAN IP address is ?
pfSense's "default" (out of the box) outbound NAT config should/must work
-
@ptt
WAN 192.168.1.254/24
LAN 172.16.1.254/24
Default Gateway 192.168.1.1 -
Go to- Firewall / NAT / Outbound
Click "save".. see if that makes things work.
-
Have you unticked Block private networks and loopback addresses on your WAN interface.
-
block bogon and rfc1918 would have nothing to do with being behind a double nat. They only come into play when there are devices on your wan (the rfc1918 network) that would be wanting to access any port forwards you have setup.
-
@chpalmer said in Unable to browse the web:
Go to- Firewall / NAT / Outbound
Click "save".. see if that makes things work.
Everytime i do that, PFSense stop working (basically i can no longer see the interface and a white page saying the connection is taking too long is displaied), so i click 8 (Shell) directly inside the pc where PFSense is installed, the DOS looking one, then "pfctl -d" and it restart working.
NAT it's set on "automatic"
Automatic Rules:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN 127.0.0.0/8 ::1/128 172.16.1.0/24 * * 500 WAN address * Auto created rule for ISAKMP
WAN 127.0.0.0/8 ::1/128 172.16.1.0/24 * * * WAN address * Auto created rule -
@NogBadTheBad said in Unable to browse the web:
Have you unticked Block private networks and loopback addresses on your WAN interface.
Yes, all unticked as suggested on the "connectivity troubleshooting" guide
-
can pfsense ping its gateway? Can pfsense do dns lookups?
-
@johnpoz
Yes i did try all the troubleshooting tests suggested on the guide, they were all succesfull apart from this:Test NAT: Try to ping 8.8.8.8 (Diagnostics > Ping) using LAN as the Source Address
If this fails but the other tests work, then the problem is likely Outbound NAT (See the WAN/LAN gateway checks above)
-
well if you turned off NAT, then not sure how you think clients are going to be working.. Since your upstream is not going to nat those - unless you set it up too.
pfctl -d
-
Tom:
Do a packet capture on your WAN using the diagnostic menu and then repeat the ping attempt from a LAN client.
-
@Tom8888 said in Unable to browse the web:
NAT it's set on "automatic"
Are you sure your upstream router is 192.168.1.1 ?
-
@chpalmer
I did try to post here the results, but i get an error message telling me that Akismet flagged my content as spam.Yes the default gateway is definetely 192.168.1.1, but if you look at this, for the LAN the default gateway is set as " link#1 "
IPv4 Routes
Destination Gateway Flags Use Mtu Netif Expire
default 192.168.1.1 UGS 622 1500 re1
1.1.1.1 192.168.1.1 UGHS 20 1500 re1
8.8.8.8 192.168.1.1 UGHS 36 1500 re1
127.0.0.1 link#4 UH 104 16384 lo0
172.16.1.0/24 link#1 U 4 1500 re0
172.16.1.254 link#1 UHS 0 16384 lo0
192.168.1.0/24 link#2 U 16946 1500 re1
192.168.1.254 link#2 UHS 0 16384 lo0 -
@johnpoz said in Unable to browse the web:
well if you turned off NAT, then not sure how you think clients are going to be working.. Since your upstream is not going to nat those - unless you set it up too.
pfctl -d
What should i do exactly? (sorry i am not an IT)
-
you shouldn't be running that cmd, if you want pfsense to actually nat, that disable firewall and natting.
That is not the default gateway for the lan, that is the interface in the lan address.. So yeah that is how it talks to that network.. You didn't set a gateway on the lan interface did you?