Connectionproblems with WAN Network



  • Hello @ all,

    I have installed pfSense on an old Terra Black Dwarf to trail pfSense.
    Before I installed pfSense I had a Sophos installed.
    My pfsense has the basic configuration
    My problem is that i can not access the wan network from the lan network. I have tested it with an any any any rule on both interfaces(wan and lan)
    My network configuration:
    Router/FritzBox : 10.0.0.1
    WAN pfSense : 10.0.0.2
    LAN pfSense: 192.168.150.1

    The pfSense has connection to the internet because i have installed one package.
    From the WAN Network i can ping and access the Wan interface from the pfsense.

    Hope anyone can help me ^^
    And sorry for my bad english :D

    I attache 3 images from my firewall rules





  • Hi,

    I'm not sure to understand your need, you want access Internet from LAN Subnet ?

    If I'm right, I need to see your WAN configuration, you probably not set a gateway on your interface (WAN).

    Where do you come from (first language) ?

    Best regards,
    Alex.


  • LAYER 8 Global Moderator

    what are you trying to access on your wan network??  Where do the devices on that network point for their gateway.. Did you disable nat.. Yeah kind of need to see your wan connection setup, it points to 10.0.0.1 for its gateway?  You have no gateway on your lan do you?

    Also all those rules you added on your lan completely pointless..

    You put a any any on your wan - that is just BAD BAD BAD BAD idea..


  • LAYER 8 Netgate

    And I see lots of rules that are TCP-only. Ping is not TCP, it is ICMP.

    Too many mistakes there to enumerate. Since you are so early in the process I would probably factory reset and start over.

    Accessing WAN from LAN is not governed by rules on WAN, but on LAN, and the default rules allow it so you were adding horribly open rules reducing your security for zero gain in solving the problem at-hand.

    If you do not see the packets in question blocked in the Status > System Logs, Firewall adding a rule generally will not help.


Log in to reply