Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    No Internet to WAN from LAN

    Installation and Upgrades
    4
    4
    637
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      martylavender last edited by

      Hi all

      I have been searching for an answer to this but it seems I may be running into some things I havent seen others run into.

      My setup is as follows:

      Uverse NVG599 Gateway > pfSense running on Intel Atom box > ASUS router running as AP > ASUS unmanaged switch

      I have my gateway setup to passthrough to my pfSense box
      pfSense is in fact displaying the external IP of my service
      DHCP is working from pfSense as the one client I am testing with is grabbing an IP

      Uverse gateway WAN: 192.168.1.254 <– internal side
      pfSense LAN: 10.0.0.1

      I can ping from the WAN side of pfSense
      I can run an nslookup with no issues on the WAN side of pfSense

      Anything on the LAN side however times out

      Looking at the firewall logs I see a lot of errors talking about default ip rules blocking because the traffic isnt matching anything. The two default rules pfSense creates are the only rules under Firewall > Rules

      Is there anything else I am missing?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        You need to sort out if it is a routing or DNS problem.
        From LAN can you ping internet stuff by IP address?

        ping 8.8.8.8

        If not, then traceroute and see where the responses stop coming back. Check what packets are coming in and out of LAN and WAN with packet capture on the pfSense.
        If it just using a name that does not work, then how is the DNS (resolver or forwarder) set up?

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          "Uverse gateway WAN: 192.168.1.254 <– internal side"
          "pfSense is in fact displaying the external IP of my service"

          These 2 statements seem to be in conflict.  In the one it seems pfsense is behind a nat network of 192.168.1, while in the other you seem to indicate that pfsense has a public on its wan?

          While either will work, I can see where you could have problems if not natting on pfsense, where its 10.x network is not known about in your isp facing router.  If pfsense is natting your isp facing router should only ever see pfsense 192.168.1 wan IP.

          You could also have issue with maybe your AP is not really AP and is also natting?

          Could you post up some of these logs your seeing, and validate that pfsense has public on its wan or not.  Also that your clients behind your AP be it wired or wireless are getting IP from pfsense dhcp..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

          1 Reply Last reply Reply Quote 0
          • M
            muswellhillbilly last edited by

            @martylavender:

            The two default rules pfSense creates are the only rules under Firewall > Rules

            Out of interest, what rules are these exactly? In PFS version 2.3.x, the LAN side should have three default rules (One anti-lockout and two LAN-2-any rules for IPv4 and IPv6). The WAN side is what has two default rules. Could you have mistakenly set your WAN interface internally? That might account for the blocks you're seeing in the logs.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post