No Internet Access From OPT1 Interface

ckay

Hi everyone,

So, I've spent hours pouring over the settings and changing things, but now it seems like I am going around in circles. I have studied other threads detailing virtually the same problem. Whilst those issues were resolved by settings the rules on the interface correctly, I have had no such luck.

I have WAN, LAN and LAN2 (renamed from OPT1) physical interfaces. DHCP is configured on both LAN and LAN2. A standard switch is connected to both LAN and LAN2 respectively.

• Devices connected to LAN get a DHCP address and can access the internet with no problem

• Devices connected to LAN2 get a DHCP address and CANNOT access the internet

• LAN connected devices can ping an IP address of a connected LAN2 device, but not the other way around (I want these to be isolated from each other eventually, but thought I'd mention it for diagnostic reasons)

• LAN connected devices can ping the LAN interface IP address and gateway IP address, LAN2 connected devices can do neither

• LAN2 connected devices can ping/access other LAN2 connected devices

• In diagnostics, an internet host can be pinged successfully when source is set to LAN2

Interfaces

WAN: 192.168.1.1* via DHCP with reserved network blocking unchecked (for now)
LAN: 192.168.10.1 (24) static with DHCP enabled, no gateway set
LAN2 (OPT1): 192.168.11.1 (24) static with DHCP enabled, no gateway set

*The WAN address is a local address at the moment because I'm testing the pfSense configuration within another (192.168.1.0/24) network environment and the WAN is connected directly to this, so I am double NATing.

Outbound NAT (automatic)

WAN....127.0.0.0/8 192.168.10.0/24 192.168.11.0/24.....*.....*.....500.....WAN address.....*.....YES.....Auto created rule for ISAKMP
WAN....127.0.0.0/8 192.168.10.0/24 192.168.11.0/24.....*.....*.....*.....WAN address.....*.....NO.....Auto created rule for ISAKMP

I haven't added a manual rule for 192.168.11.0/24 because it is included in the automatically generated rule.

WAN Rules

None at this time (default), which seems okay for LAN clients

LAN Rules (untouched defaults)

IPv4 *.....LAN net.....*.....*......*.....*.....none.....Default allow LAN to any rule	    
IPv6 *.....LAN net.....*.....*......*.....*.....none.....Default allow LAN IPv6 to any rule

LAN2 Rules (copied from default LAN rules)

IPv4 *.....LAN2 net.....*.....*......*.....*.....none.....Default allow LAN2 to any rule	    
IPv6 *.....LAN2 net.....*.....*......*.....*.....none.....Default allow LAN2 IPv6 to any rule

IPv4 Routes

default.....192.168.1.1.....UGS
127.0.0.1.....link#7.....UH
192.168.1.0/24.....link#3.....U
192.168.1.1.....<mac address="" of="" wan="" adapter="">.....UHS
192.168.1.52.....link#3.....UHS
192.168.10.0/24.....link#1.....U
192.168.10.1.....link#1.....UHS
192.168.11.0/24.....link#2.....U
192.168.11.1.....link#2.....UHS</mac> 

Other Settings

• No additional gateways configured, using default WAN gateway

• No static routes configured

• No aliases

• No bridges

• No captive portal

I've tried to provide as much useful information as possible. Maybe I've been looking at this too long and I am missing something really simple.

Any advice or suggestions would be very much appreciated!

Thanks for your time!

johnpoz

"A standard switch is connected to both LAN and LAN2 respectively."

So this is 2 different switches then?

"LAN connected devices can ping the LAN interface IP address and gateway IP address, LAN2 connected devices can do neither"

If lan 2 devices can not ping pfsense lan2 IP with any any rules then you have something wrong yes, and no internet would not work.. You sure that rule you created is not just tcp only?  You sure lan 2 are getting the correct dhcp info, etc.  Where gateway and dns point to pfsense lan2 IP.  And you have dns on pfsense running on lan2 interface.

marvosa

You'll need to go through a troubleshooting progression and isolate whether you have a physical, router, firewall, NAT or DNS issue.

A few things to check:

• Verify cabling is good, switch is good and layer 2 (link light) on all connections

• Using Diagnostics -> Ping,  can PFsense itself ping 8.8.8.8 when sourced from LAN2?

• Using Diagnostics -> Ping,  can PFsense itself ping google.com when sourced from LAN2?

• What DNS servers is PFsense handing out to it's clients?  Does the DNS server respond to telnet on port 53?  Does the DNS server respond to queries?

• If using PFsense's DNS forwarder or Resolver, verify it's listening on LAN2.  I once had a DNS issue where the forwarder would not resolve queries unless it was manually set to listen on specific LAN interfaces instead of "All".

• Verify you're on Automatic outbound NAT.  *** You've already that you are, but I double check it ***

• Verify the clients are receiving PFsense (192.168.11.1) as the default gateway.

• Verify the clients can ping the default gateway

• I would put any/any rules on all your LAN interfaces until basic IP connectivity is resolved

• Have you checked your system logs?  Are you seeing any blocks on the LAN2 interface?

• Verify there are no persistent routes on your client's routing table.  *** This is unlikely, but I've seen it happen ***

ckay

Hi,

After everything, it turned out to be the network card itself. It just so happened to have a USB ethernet adapter lying about, when I used this as my LAN2 interface, everything worked as it should.

It was the last thing I thought of checking as I was totally convinced it was a routing issue.

I kept the configuration exactly the same as in my first post, so maybe this will help others to check for the correct settings if they are experiencing something similar (and it's not a hardware issue).

Thank you both for your time!

Cheers.

Harley99

There is a problem like this.