Firewall not Routing Traffic



  • Hi all,

    I have an unusual problem that I can't seems to figure out.  I installed a new pfSense box and restored a configuration and for some reason, the internet isn't reachable by any client.  So I decided to wipe and re-install pfSense and not restore a previous configuration and still, none of the machines on the LAN can access the internet even with the default settings and firewall rules.  I know pfSense itself is getting to the internet as I can download updates and packages so the problem isn't my internet pipe, but any idea what the heck is going on here?



  • Have you set the LAN address to its former IP?
    Have you configured DHCP, if used, and DNS?



  • @viragomann:

    Have you set the LAN address to its former IP?
    Have you configured DHCP, if used, and DNS?

    Same everything.  I suppose I could try adding Google DNS, although I don't see where to add it except during the wizard during initial setup.  I'm really at a loss with this one as it makes no sense at all.



  • System > General setup

    You can try to access webservers by IP to find out if its on the DNS.
    With these IPs you can access google.com:
    108.177.9.139
    108.177.9.102
    108.177.9.101
    108.177.9.100



  • @viragomann:

    System > General setup

    You can try to access webservers by IP to find out if its on the DNS.
    With these IPs you can access google.com:
    108.177.9.139
    108.177.9.102
    108.177.9.101
    108.177.9.100

    Thanks.  Still no go so not a DNS issue.  Any other ideas?



  • There are only three things left to check:

    • The network settings on clients and on pfSense (DHCP if used). Ensure that the network mask is set correctly and that the gateway is the pfSense LAN address.

    • The firewall rules. But if you haven't changed anything there should still exist the default allow any-to-any rule on LAN.

    • The outbound NAT. But in default settings, it should work also. There should exist a rule with source = LAN network and translation = WAN address.

    If that doesn't help you can check the routes on the client and run packet capture on pfSense to find out if packets destined for a web address arrive on the LAN interface.



  • @viragomann:

    There are only three things left to check:

    • The network settings on clients and on pfSense (DHCP if used). Ensure that the network mask is set correctly and that the gateway is the pfSense LAN address.

    • The firewall rules. But if you haven't changed anything there should still exist the default allow any-to-any rule on LAN.

    • The outbound NAT. But in default settings, it should work also. There should exist a rule with source = LAN network and translation = WAN address.

    If that doesn't help you can check the routes on the client and run packet capture on pfSense to find out if packets destined for a web address arrive on the LAN interface.

    Tripled checked and all looks good.  A clean install using default settings should work right out of the gate, but for some reason doesn't.  I guess pfSense simply doesn't like this box for whatever reason.  Just odd that the firewall itself can reach the internet and not a single client can do the same.