Unable to access internet from LAN

rtrice81

I am trying to get my pfsense appliance inplace, however when i put the device in place I can no longer access the internet, i can ping the internet but can not access via IE.

My pfsense device is really just a router for me with a Accesslist on it, to block traffic into a secondary subnet on my network

here is how it is placed

internet –> checkpoint fireall --> wan switch ---> pfsense ---> secondary network
                                                  |
                                                  |-----> Lan

I can ping my other network and other networks that are connected to the wan switch, so i don't believe it is a route issue

My pfsense device does not have internet access its seem, like i said its more of a pass through device, the secondary network does have internet access in the checkpoint firewall

Does my pfsense device have to have internet access for anything behind it to have internet access, if it does why?

Thanks
Richie

btw I love the pfsense software its great and is going to do a great great, maybe replace my checkpoint firewalls soon

eyewittness

Can you ping on hostname like ping google.com or only ping to ip?
This must be a dns issue then.

rtrice81

Yes i can ping google.com from the command prompt, i thought the same thing, i thought maybe it was an dns issue as well

jahonix

@rtrice81:

Does my pfsense device have to have internet access for anything behind it to have internet access, if it does why?

I'm not sure I can follow you.

pfSense WAN is where it usually routes all traffic not intended for local subnets to. If that's the internet, fine. If it cannot access the desired hosts from WAN then how should it route to them?

rtrice81

Ok, here is what i did, I give my Pfsense WAN Address internet access and now my clients behind the PFsense can now access the internet. So i am thinking my PFsense is doing more of a Hide NAT using the WAN Address then just passing the traffic through.

Does this sound right does the WAN Port NAT all traffic to its access?

So i am going use an optional port with my so called wan port

Thanks
Richie

GruensFroeschli

Yes pfSense NAT's per default everything to the WAN.
You can disable NATing under Firewall –> NAT --> outbound --> "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))"
and then delete all the rules below.
--> You now have a firewalling routing plattform.

rtrice81

Thank you very much that was it

thanks again