No Internet to WAN from LAN

  • Hi all

    I have been searching for an answer to this but it seems I may be running into some things I havent seen others run into.

    My setup is as follows:

    Uverse NVG599 Gateway > pfSense running on Intel Atom box > ASUS router running as AP > ASUS unmanaged switch

    I have my gateway setup to passthrough to my pfSense box
    pfSense is in fact displaying the external IP of my service
    DHCP is working from pfSense as the one client I am testing with is grabbing an IP

    Uverse gateway WAN: <– internal side
    pfSense LAN:

    I can ping from the WAN side of pfSense
    I can run an nslookup with no issues on the WAN side of pfSense

    Anything on the LAN side however times out

    Looking at the firewall logs I see a lot of errors talking about default ip rules blocking because the traffic isnt matching anything. The two default rules pfSense creates are the only rules under Firewall > Rules

    Is there anything else I am missing?

  • You need to sort out if it is a routing or DNS problem.
    From LAN can you ping internet stuff by IP address?


    If not, then traceroute and see where the responses stop coming back. Check what packets are coming in and out of LAN and WAN with packet capture on the pfSense.
    If it just using a name that does not work, then how is the DNS (resolver or forwarder) set up?

  • LAYER 8 Global Moderator

    "Uverse gateway WAN: <– internal side"
    "pfSense is in fact displaying the external IP of my service"

    These 2 statements seem to be in conflict.  In the one it seems pfsense is behind a nat network of 192.168.1, while in the other you seem to indicate that pfsense has a public on its wan?

    While either will work, I can see where you could have problems if not natting on pfsense, where its 10.x network is not known about in your isp facing router.  If pfsense is natting your isp facing router should only ever see pfsense 192.168.1 wan IP.

    You could also have issue with maybe your AP is not really AP and is also natting?

    Could you post up some of these logs your seeing, and validate that pfsense has public on its wan or not.  Also that your clients behind your AP be it wired or wireless are getting IP from pfsense dhcp..

  • @martylavender:

    The two default rules pfSense creates are the only rules under Firewall > Rules

    Out of interest, what rules are these exactly? In PFS version 2.3.x, the LAN side should have three default rules (One anti-lockout and two LAN-2-any rules for IPv4 and IPv6). The WAN side is what has two default rules. Could you have mistakenly set your WAN interface internally? That might account for the blocks you're seeing in the logs.

Log in to reply