PFSense box not allowing Internet on LAN side



  • Hi Guys

    I am very new to Networking and PFSense, but I have followed all tutorials and guides possible and I still cant seem to get my PFSense box to work.
    The PFSense box itself has internet connectivity, it can check for updates, trace route and Ping external addresses, but when I try to access a web page from a PC connected on the LAN side, it wont says that it cant find the page.
    I am assuming that it has something to do with the NAT or DNS?

    I have also checked hardware checksum offloading, which got my gateway to become active, but has still not fixed my connectivity issues.
    Attached is a diagram of my network setup.

    Please let me know what you would need from my side to help diagnose this problem

    Thanks in advance for your help!




  • Hi,

    Try this one : https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
    And, what about posting what is wrong ? This way we can answer you right away.

    On a PC :

    ipconfig /all
    
    ping 8.8.8.8
    
    ping google.com
    

    and do not forget to mention the pfSense LAN settings - anything you changed on LAN (DHCP server …).

    Also : just in case : on the WAN interface : what is the IP ? and is “Block private networks and loopback addresses” checked, or not ?

    A router (pfSense) after a router after a router(?). Ok, why not. Love it already.



  • To help eliminate some of the obvious problems:

    WAN: 192.168.1.5/24 - no DHCP - Upstream Gateway: 192.168.1.1 (Router)
    LAN: 192.168.10.1/24 - DHCP enabled

    Firewall:

    WAN: Left as Default
    LAN: Allow all - Set to Pass - Port: Any

    Block private Networks from entering via WAN - Enabled
    Block Bogon Networks - Enabled

    Will try and post logs in a few hours when I get home



  • @Gertjan:

    Hi,

    A router (p

    Think you only posted half the reply 😛



  • See above, I edited my post (my train went in a tunnel …)

    @Beserker:


    Block private Networks from entering via WAN - Enabled

    Perfect.

    So you have this IP “RFC 1918 (10/8, 172.16/12, 192.168/16)” on your WAN and Block private Networks from entering via WAN set.
    Using other words : your WAN IP will be blocked.

    => Undo the check 😉



  • Thanks for the help so far @Gertjan

    Followed the troubleshooter and I am still having trouble. I figured the easiest way for me to get all the info on my Firewall across is to make a video going through all the settings. Had to wait a little for my public IP to change before posting. If you dont mind watching a little and letting me know if you see anything out of place.

    Thanks again

    General Settings: https://youtu.be/EuZTMaYkBAU

    Firewall Log: https://youtu.be/MMoOl8TNshM


  • Galactic Empire

    My guess would be the Mikrotik needs a static route for your pfSense LAN subnet pointing to the pfSense WAN IP address.

    Get rid of the Mikrotik, you’ll have a double NAT going on.

    PS the videos don’t play.



  • Sorry let me change them from Private to Unlisted.
    I’ll look into that though, thanks a lot!



  • So I spoke to my ISP, since I have no idea how to setup static routes in the mikrotik, and they recommended turning off NAT on the PFSense Box, since I still have phones and tablets connect to the mikrotik via wifi.

    Would turning off NAT on the PFSense box fix this problem?



  • We’ve tried adding static routes from both the Router and from the Pfsense box, and neither seem to work. Still completely stumped on this. If anyone has any idea of what I could do next it would be greatly appreciated.



  • @beserker Is this still not working?


  • Netgate Administrator

    You are running 32bit and not even the latest 32bit version. That CPU can run 2.4.3_1 so you should be on that really.

    You have no DNS resolution at the client. Is Unbound even running? Check Status > Services. Try Diag > DNS lookup which should try pfSenses own DNS servers.

    You can ping 192.168.10.1 from the client but can you ping 192.168.1.20 or 192.168.1.1?

    Steve


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy