Help?! No internet from LAN unless using a vpn client?
So I came home yesterday to no internet on anything on then LAN. I checked phone, laptop, FreeSat box and nothing. Jumped on the pfsense box and did a ping test, it was fine. So the pfsense has access to the internet.
I was tired last night so after restarting the pfsense box and then updating to the latest version I left it.
Today I thought I'd try and have a proper look. While looking around I noticed that the facebook app on my phone works, as does the mail client on Windows 10 but I still cannot access any websites. I ran the mullvad VPN client on my laptop and can no access the internet and view websites fine. If I turn the the client off / disconnect from the VPN I loose access to the internet and websites again.
Anyone have any thoughts on this? I am still new to pfsense and its capabilities.
I think your connectivity is probably fine but your DNS is not fine.
From a computer on the lan, like a desktop or laptop console, type:
Yes I can ping 18.104.22.168 from my laptop.
I currently have Cisco/openDNS set as the DNS on pfsense. I have just tried ticking to allow DNS to be overridden by dhcp. Still the same issue.
Its your DNS, so focus there. Also look for firewall rules that would block DNS.
That's what I am thinking. But nothing changes when I change the DNS settings. The FW wasn't touched over the weekend, but something obviously happened for it to suddenly stop working yesterday.
I have attached a shot of the nat rules and LAN rules. if it helps. Again, none of these have changed though.
![firewall rules.PNG](/public/imported_attachments/1/firewall rules.PNG)
![firewall rules.PNG_thumb](/public/imported_attachments/1/firewall rules.PNG_thumb)
![nat rules.PNG](/public/imported_attachments/1/nat rules.PNG)
![nat rules.PNG_thumb](/public/imported_attachments/1/nat rules.PNG_thumb)
Add a rule, which you can delete later on the Lan to allow any to any. See what happens.
I created a new LAN rule to allow any to any and put it just under the anti-lockout rule. No difference.
"I currently have Cisco/openDNS"
Could you try resolver and see if it works?
Sorry, what do you mean try resolver? DNS resolver is enable on the fw if that's what you mean?
I'm confused now… I though you were using an external Cisco/openDNS for DNS?
Sorry I should have explained better. When I set up the fw I put openDNS server IPs into the DNS server under the general setup. 22.214.171.124 and 126.96.36.199, both of which I am able to ping.
I have also tried replacing with google DNS IPs and enabling the over ride with DHCP/PPP on WAN.
All with no luck.
Yes - But in your services TAB…
Do you have resolver or forwarder activated?
sorry resolver is enabled, forwarder is not.
If you are trying to get your DNS served from another place, turn off resolver and turn on forwarder.
Thanks. I have tried that to no avail. I'll have to keep looking tomorrow and try to work out what has changed over the weekend.