No traffic from LAN to WAN

seyico

Hello everyone, I have just setup a simple homelab using vmware on my Computer, i also installed Pfsense.

The Setup is:

ISP -> Modem -> Pfsense -> LAN

No Gateway on LAN.

My WAN IP is a Private IP ( I have unchecked "Block Private networks and..." and "Block bogon networks").

Pfsense is configured with DHCP on WAN.

Firewall rules are set to default.
pfsense connected to ISP/Modem in bridge mode.
WAN Gateway is online.

I can ping hosts in my LAN, I can ping WAN GATEWAY, but can not ping WAN or access the internet.
I can not ping 8.8.8.8, I can not ping google.

I am thinking I need to add a rule to allow traffic from WAN in order to access the internet, since I can ping the WAN gateway and the Gateway is online. If I need to add a rule, what would the rule be?

Thanks.

Robert 0

Yes, could indeed be a missing firewall rule. But could also be more complicated like some NAT issues.

First:
I would recommend to check that you don't block private networks on your WAN interface settings.

Then:
As there is no "the internet" destination and you need to create an firewall alias first.
Create an alias, add these three networks for this alias.
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

And Then:
Create the missing firewall rule for you LAN interface with destination is not (invert!) the alias and specify the desired port, say ICMP.

And maybe then:
Maybe this will solve your problem to ping public IPs.
If that worked, don't forget to also allow UDP 53 (DNS) from your LAN to your DNS server, if you want to get dns resolution as well.

johnpoz

@robert-0 said in No traffic from LAN to WAN:

yes, could indeed be a missing firewall rule.

Not on the wan it wouldn't be.. On the lan the default rules are any any, so unless that was deleted or modified.. There are no rules that would need to be created to get access out of the box.

More than likely your problem has to do with your vmware setup. Your saying that pfsense is getting a public IP on its wan? And it shows its gateway up, which is some other public IP.

But pfsense itself can not ping 8.8.8.8?

seyico

Thank you! Hosts in my LAN can now communicate with WAN. But there is no internet access to both WAN and LAN. What rule/port to i need to allow on the Firewall to have access to the internet.

Thanks for your help!

johnpoz

@seyico said in No traffic from LAN to WAN:

What rule/port to i need to allow on the Firewall to have access to the internet.

There is no rule that you would have to add.. Out of the box the lan has an any any rule.. Which would allow access to internet. Since really the internet could be any IP or any port..

When you say no internet - you mean you can not resolve say www.google.com to an IP? Or you can not ping say 8.8.8.8?

seyico

@johnpoz I Can't do either of the two. I can't ping 8.8.8.8 and google.com isnt reachable.

johnpoz

@seyico

From pfsense - not your client?

See my ping before. If you can not ping 8.8.8.8 from pfsense.. Then something upstream is broken..Pfsense is not connected to the internet.. You say your gateway shows up and you can ping your gateway?

This is a VM right? If so that is broken.. Your vm network..

seyico

@johnpoz Nope! I can't ping 8.8.8.8 from pfsense. And Yes! It is a vm. I have been on this for days, trying to figure out the problem, but couldn't.

johnpoz

Well if pfsense can not even ping 8.8.8.8 from its wan - then it doesn't have internet. Unless whatever you have in front of pfsense is blocking 8.8.8.8?

Again - does your pfsense have a public IP on its wan? You say you bridged your modem.. And you say pfsense is able to ping its gateway?

Is this a cable modem? So you rebooted your modem after you changed the device connected to it?

seyico

@johnpoz My pfsense has a private IP on its WAN since i connected it to my home network. Yes! pfsense is able to ping its gateway; gateway is online. Its a cable modem. I connected to the host system hosting the virtual lab to the home network via usb wifi (I dont think that should be an issue).

I remember reading one of your posts on this forum saying since pfsense, out of the box config blocks incoming traffic to WAN and allows all outgoing traffic from LAN, a rule needs to be added in order to allow communication to the internet. Is this correct

johnpoz

NO RULE is needed to be added or adjusted to allow internet out of the box!

If your pfsense has a private IP on its wan.. And you can not get to the internet - then look upstream.. Cable Modems don't do nat! You mean you have a cable gateway?

Is pfsense wan IP in the 192.168.100 range? This is IP range cable modems hand out, when they don't have internet..

You don't have the same network on pfsense wan as you do lan do you..

seyico

@johnpoz Okay, i'll check that when i get home. The wan IP is in the 192.168.*.
Pfsense and my lan are on different network. Devices on my home network lan can access internet without issues.

The only issue is to have pfsense get to the internet, with that done, my lab environment will have internet.

Thanks

seyico

@johnpoz Thank you, issue resolved. It had to do with my VMware setup. Its all good now.