Second LAN connection has no internet access

garethrobson

Hi,

We have a vmware PFSense installation that has an existing LAN connection (172.17.0.1/19) with 2 WAN connections (Load balanced).
This all works fine.

I am now however adding a new LAN interface which is on a seperate VLAN (configured on the host side not PFSENSE) which for some reason cannot access the internet.

I already added a catchall rule to allow access to everything from this interface and when viewing logs, there is no blocked traffic. The problem appears to be with routing I believe.

I can talk to the PFSENSE from a machine on this new VLAN but cannot ping 8.8.8.8
I also cannot ping 8.8.8.8 from the PING section of diagnostics when selecting the new LAN interface (the existing LAN interface works fine).

Any ideas where to look next?

Thanks,
Gareth

Derelict

I am now however adding a new LAN interface which is on a seperate VLAN (configured on the host side not PFSENSE) which for some reason cannot access the internet.

Sorry. No idea what this means. But you probably need outbound NAT rules for those source addresses if they are passed by the firewall rules on the interface.

garethrobson

Thanks that's done the trick :)

There was an outbound nat rule for RFC1918 on one of the WAN interfaces but the other was explicitly stating 172.17.0.0/19

johnpoz

Why do people turn off automatic nat… I just do not get it...

Derelict

At least use hybrid if you need something special. Only place manual really makes sense is HA. And even then it's easier to leave it on auto until all the interfaces are defined then switch to manual.