New install - cannot access internet websites



  • Here is another unable to access internet websites problem.  I am completely new with pfSense, but this is a very basic setup.  I am going out of town tomorrow, was hoping to resolve before.  I've searched the forums and tried many things for multiple weekends, but still not working.  I've also reset pfSense to factory defaults and verified basics were set correctly.  At the point I think I need to reinstall.

    I can successfully ping public IPs/sites and dns lookup public sites from WAN and LAN interfaces and Windows client on LAN.  When I attempt to access any internet site the IE / Chrome browsers response is check internet connection.  Firewall log shows 100% blocks from incoming unknown public IPs.  What is interesting is nothing shows in the log for outgoing requests every time I try to access any internet website.

    Internet | Comcast ISP /cable modem | pfSense | LAN
    Verified internet | cable modem works by connecting a Windows laptop to the modem.

    Details:
    pfSense 2.3.1 (not update 5) full install amd64 from memstick on SUPERMICRO SYS-5018A-FTN4 1U.
    I am not running virtual. No extra packages installed.

    Interfaces:
    Only WAN and LAN interfaces enabled.
    WAN blocks private and bogon. LAN does not block these.
    WAN set to DHCP and gets valid public IP with /24 mask, uses ISP DNS servers.  LAN uses default 192.168.1.1/24

    Gateway:
    WAN IPv4 gateway assigned to WAN interface and set as default.  LAN has no gateway assigned.
    I disabled IPv6 on WAN int. & gateway while troubleshooting. First tried while enabled.
    WAN IPv4 Gateway has online status.  Note: the gateway public IP does not respond to pings/blocked by ISP so I use one of the ISP's DNS server as monitor IP

    Firewall and NAT:
    Firewall rules are using default.  LAN allows any to any on any.
    NAT is set to Automatic Outbound NAT.

    Thank you for any guidance with resolving this issue!



  • So ICMP (ping) works and DNS also works (port 53 UDP/TCP) but ordinary web-browsing does not work (TCP port 80 and 443).
    If there is traffic coming back from your browser actions that is being blocked then that means the states are somehow not being created (or not created right) when the initiating browser request packets go out through pfSense.

    Your description of all your settings sounds fine and should "just work".

    Do some packet capture to know exactly what packets are received on LAN, sent out WAN, and what comes back in to WAN. That will at least make you confident in what flows where and how far.

    Then when you are really stuck, post screenshots of settings, as there must be something odd that you have accidentally done.


Log in to reply