No outbound traffic in AWS deployment



  • I’m really hoping someone out there can help me.  I’ve been working on getting pfsense to work on Amazon Web Services periodically for a couple weeks now and am close to throwing in the towel. No matter what I do, I can’t get traffic to flow out of the Lan subnet. I have port 3389 forwarded to a Server 2016 instance and can remote in without any trouble.  However I can not get any internet connectivity once I am logged into the server.  It feels like a NAT issue, but I'm not sure. I have added the Lan subnet to the outgoing NAT addresses as well as to the Networks_to_nat alias, but it doesn’t seem to be working.

    When I run a packet capture on the Lan interface and try to connect to a website the traffic shows up, which I believe means the traffic is being routed to pfSense properly. When I run a packet capture on the WAN interface it doesn’t pick up anything.

    I really want to get pfSense set up in AWS instead of using some of the other options. I’ve been using pfSense for about 5 years now and I love it. On top of it being cheaper, I also find it to be a far superior product.

    I have a pretty straightforward AWS setup.
    VPC Cloud: 10.20.0.0/16
    Wan subnet: 10.20.0.0/24
    Lan Subnet: 10.20.10.0/24 with one Windows 2016 ec2 instance running.
    Wan Routing table is pointing 0.0.0.0/0 to the internet gateway
    Lan Routing table is pointing 0.0.0.0/0 to the pfSense Lan network interface
    I also have the security groups completely opened up.

    Any ideas anyone?



  • Have you tried "disable Source/Destination Check" on the AWS pfSense instance?  Just a thought.