PFSense box not allowing Internet on LAN side
-
Hi Guys
I am very new to Networking and PFSense, but I have followed all tutorials and guides possible and I still cant seem to get my PFSense box to work.
The PFSense box itself has internet connectivity, it can check for updates, trace route and Ping external addresses, but when I try to access a web page from a PC connected on the LAN side, it wont says that it cant find the page.
I am assuming that it has something to do with the NAT or DNS?I have also checked hardware checksum offloading, which got my gateway to become active, but has still not fixed my connectivity issues.
Attached is a diagram of my network setup.Please let me know what you would need from my side to help diagnose this problem
Thanks in advance for your help!
-
Hi,
Try this one : https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
And, what about posting what is wrong ? This way we can answer you right away.On a PC :
ipconfig /all ping 8.8.8.8 ping google.comand do not forget to mention the pfSense LAN settings - anything you changed on LAN (DHCP server ..).
Also : just in case : on the WAN interface : what is the IP ? and is "Block private networks and loopback addresses" checked, or not ?
A router (pfSense) after a router after a router(?). Ok, why not. Love it already.
-
To help eliminate some of the obvious problems:
WAN: 192.168.1.5/24 - no DHCP - Upstream Gateway: 192.168.1.1 (Router)
LAN: 192.168.10.1/24 - DHCP enabledFirewall:
WAN: Left as Default
LAN: Allow all - Set to Pass - Port: AnyBlock private Networks from entering via WAN - Enabled
Block Bogon Networks - EnabledWill try and post logs in a few hours when I get home
-
-
See above, I edited my post (my train went in a tunnel …)
…
Block private Networks from entering via WAN - Enabled
....Perfect.
So you have this IP "RFC 1918 (10/8, 172.16/12, 192.168/16)" on your WAN and Block private Networks from entering via WAN set.
Using other words : your WAN IP will be blocked.=> Undo the check ;)
-
Thanks for the help so far @Gertjan
Followed the troubleshooter and I am still having trouble. I figured the easiest way for me to get all the info on my Firewall across is to make a video going through all the settings. Had to wait a little for my public IP to change before posting. If you dont mind watching a little and letting me know if you see anything out of place.
Thanks again
General Settings: https://youtu.be/EuZTMaYkBAU
Firewall Log: https://youtu.be/MMoOl8TNshM
-
My guess would be the Mikrotik needs a static route for your pfSense LAN subnet pointing to the pfSense WAN IP address.
Get rid of the Mikrotik, you'll have a double NAT going on.
PS the videos don't play.
-
Sorry let me change them from Private to Unlisted.
I'll look into that though, thanks a lot! -
So I spoke to my ISP, since I have no idea how to setup static routes in the mikrotik, and they recommended turning off NAT on the PFSense Box, since I still have phones and tablets connect to the mikrotik via wifi.
Would turning off NAT on the PFSense box fix this problem?
-
We've tried adding static routes from both the Router and from the Pfsense box, and neither seem to work. Still completely stumped on this. If anyone has any idea of what I could do next it would be greatly appreciated.
-
@beserker Is this still not working?
-
You are running 32bit and not even the latest 32bit version. That CPU can run 2.4.3_1 so you should be on that really.
You have no DNS resolution at the client. Is Unbound even running? Check Status > Services. Try Diag > DNS lookup which should try pfSenses own DNS servers.
You can ping 192.168.10.1 from the client but can you ping 192.168.1.20 or 192.168.1.1?
Steve
