Problem to navigate

gtramontana · Sep 28, 2020, 3:53 PM

good evening,
I have configured a Pfsense 2.4.5 firewall in my network but the connected PCs do not connect to the internet
These are the firewall rules

What could be the problem?

viragomann · Sep 28, 2020, 5:02 PM

Can pfSene connect to the internet?

Is the pfSense LAN IP the default gateway on the PC?

Can you ping it?

Is the outbound NAT working in automatic mode?

gtramontana · Sep 28, 2020, 8:22 PM

@viragomann said in Problem to navigate:

Can pfSene connect to the internet?

Is the pfSense LAN IP the default gateway on the PC?

Can you ping it?

Is the outbound NAT working in automatic mode?

Server Pfsense is connected to the internet
On the PC the default gateway is the pfsense LAN IP (192.168.1.1)
and the DHCP service also works
from the PC I can ping the pfsense server
the Outbound NAT Mode is = Automatic outbound NAT rule generation.(IPsec passthrough included)

thanks

viragomann · Sep 28, 2020, 8:27 PM

Are you able to ping 8.8.8.8?

gtramontana · Sep 28, 2020, 8:33 PM

@viragomann said in Problem to navigate:

Are you able to ping 8.8.8.8?

no of the PC
yes of the Server

viragomann · Sep 28, 2020, 8:45 PM

@gtramontana
Strange.

I'd investigate the problem with Packet Capture from the Diag menu.

Take a capture on LAN, filter for ICMP protocol and 8.8.8.8 while trying again to ping from the PC.
You should see ICMP request packets from the PC's IP to 8.8.8.8.

Then take a capture on WAN. Here you should see the packets coming from the WAN address and responses from the server.

gtramontana · Sep 28, 2020, 9:00 PM

@viragomann said in Problem to navigate:

@gtramontana
Strange.

I'd investigate the problem with Packet Capture from the Diag menu.

Take a capture on LAN, filter for ICMP protocol and 8.8.8.8 while trying again to ping from the PC.
You should see ICMP request packets from the PC's IP to 8.8.8.8.

Then take a capture on WAN. Here you should see the packets coming from the WAN address and responses from the server.

With Packet Capture I see the PC requests and responses.

I think the problem is "Automatic outbound NAT rule generation.
(IPsec passthrough included) ", in fact it does not create Automatic Rules

viragomann · Sep 28, 2020, 9:27 PM

@gtramontana said in Problem to navigate:

I think the problem is "Automatic outbound NAT rule generation.
(IPsec passthrough included) ", in fact it does not create Automatic Rules

The packet capture will show if it works or not.

gtramontana · Sep 28, 2020, 9:36 PM

@viragomann

I solved it by compiling in the WAN interface "IPv4 Upstream gateway" and saving again "Automatic outbound NAT rule generation.
(IPsec passthrough included) "
Automatic rules have been created

Thanks