LAN to WAN doesn't work?
BarryBKS last edited by
First I would like to apologize if this has already been covered.
I am new to pfsense and I am struggling to get a basic data pass from LAN to WAN.
I have installed pfsense on a box and it sits between my cable modem and my network.
Internet – Modem -- (WAN) pfsense [DHCP OFF] (LAN) – Network -- Windows Server (DNS,DHCP)
I don't have either a DMZ or a OPT1 interface.
I have installed version 2.3.4-RELEASE-p1 with the basic config.
WAN has the standard 'Nothing Allowed In' and LAN still has the standard 'Anti-Lockout Rule' and the 'All Allowed Rule'. Nothing else has been applied to the rules or the NAT.
DHCP is running on my internal Windows Server and points to the LAN port of pfsense as the gateway for the network.
With this in place, i am unable to access the internet from an internal PC, however if I remove pfsense from the network, I can config a PC to use the modem as my gateway and go straight out, so it is something I am missing on pfsense which allows the traffic to go out.
I can't see what I am missing? Probably being stupid and missing something simple, but at a loss.
Any help would be much appreciated.
"I can config a PC to use the modem as my gateway and go straight out,"
You have an actual cable modem - so pfsense wan gets a public IP? Or is this device you call a modem actually doing nat? Ie a gateway? If a modem did you reboot it when you put pfsense in place of the router you were using before?
You sure your clients are getting the new dhcp that points to pfsense as their gateway? Can these devices ping pfsense lan IP? If your double natting what IP is on pfsense wan and what network on you using on the lan? They can not overlap.
You sure its not just dns related problems? Out of the box pfsense will run unbound in resolver mode. Your clients seem to be pointing to your windows for dns - what is it doing, forwarding, resolving, etc.
The link ptt pointed should help you pinpoint your issue.
BarryBKS last edited by
Thanks for the link. I will look it through and see if I can find the fault.
In answer to your questions Johnpoz, I am double-natting as it were.
xxx.xxx.xxx.xxx – 192.168.100.1 -- 192.168.100.2 -- 192.168.0.1 -- Network
Internet (Public IP) -- Modem (Internal IP) -- pfsense (WAN) -- pfsense (LAN) -- Network
The modem passes everything both ways with no obstruction so there shouldn't be any issues with it.
I am currently testing with one laptop which I have applied a static IP, DNS and Gateway. I can ping the pfsense LAN IP and connect to the webUI at the same IP address, (192.168.0.1)
pfsense has DNS set as forwarder. This maybe incorrect. The windows server is the primary DNS for the network. It will resolve internal and forward to public DNS server for external resolving.
If you spot anything obvious, please let me know. I'll have a look at the link and let you know if I find a solution.
Harvy66 last edited by
LAN to WAN should work out of the box if you did not change any settings. But it does require that you chose the correct interface assigned WAN and LAN.
" Modem (Internal IP)"
Its not a "modem" its its doing nat ;) Its either a router or a gateway…
Out of the box pfsense does not use forwarder - it would resolve.. What I suggest you do is setup pfsense with default setup and have a client directly point to it - does this work... My guess is its working and you have a dns related problem.. Maybe you have pfsense forwarding to your windows DNS, and your windows dns is just forwarding back to pfsense ;) Have seen it more than once...
Simple ping to public IP or traceroute is simple enough test... Can client pfsense pfsense ping " Modem (Internal IP)" ?