Firewall not Routing Traffic
-
Hi all,
I have an unusual problem that I can't seems to figure out. I installed a new pfSense box and restored a configuration and for some reason, the internet isn't reachable by any client. So I decided to wipe and re-install pfSense and not restore a previous configuration and still, none of the machines on the LAN can access the internet even with the default settings and firewall rules. I know pfSense itself is getting to the internet as I can download updates and packages so the problem isn't my internet pipe, but any idea what the heck is going on here?
-
Have you set the LAN address to its former IP?
Have you configured DHCP, if used, and DNS? -
Have you set the LAN address to its former IP?
Have you configured DHCP, if used, and DNS?Same everything. I suppose I could try adding Google DNS, although I don't see where to add it except during the wizard during initial setup. I'm really at a loss with this one as it makes no sense at all.
-
System > General setup
You can try to access webservers by IP to find out if its on the DNS.
With these IPs you can access google.com:
108.177.9.139
108.177.9.102
108.177.9.101
108.177.9.100 -
System > General setup
You can try to access webservers by IP to find out if its on the DNS.
With these IPs you can access google.com:
108.177.9.139
108.177.9.102
108.177.9.101
108.177.9.100Thanks. Still no go so not a DNS issue. Any other ideas?
-
There are only three things left to check:
-
The network settings on clients and on pfSense (DHCP if used). Ensure that the network mask is set correctly and that the gateway is the pfSense LAN address.
-
The firewall rules. But if you haven't changed anything there should still exist the default allow any-to-any rule on LAN.
-
The outbound NAT. But in default settings, it should work also. There should exist a rule with source = LAN network and translation = WAN address.
If that doesn't help you can check the routes on the client and run packet capture on pfSense to find out if packets destined for a web address arrive on the LAN interface.
-
-
There are only three things left to check:
-
The network settings on clients and on pfSense (DHCP if used). Ensure that the network mask is set correctly and that the gateway is the pfSense LAN address.
-
The firewall rules. But if you haven't changed anything there should still exist the default allow any-to-any rule on LAN.
-
The outbound NAT. But in default settings, it should work also. There should exist a rule with source = LAN network and translation = WAN address.
If that doesn't help you can check the routes on the client and run packet capture on pfSense to find out if packets destined for a web address arrive on the LAN interface.
Tripled checked and all looks good. A clean install using default settings should work right out of the gate, but for some reason doesn't. I guess pfSense simply doesn't like this box for whatever reason. Just odd that the firewall itself can reach the internet and not a single client can do the same.
-