Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No internet on OPT1

    Scheduled Pinned Locked Moved NAT
    12 Posts 3 Posters 7.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shubakas
      last edited by

      Hello
      I installed pfsense with the following configuration :

      IP box : 192.168.0.254
      IP WAN : 192.168.0.253 with Gateway 192.168.0.254
      LAN : 192.168.27.254
      OPT1 : 192.168.28.1

      (DHCP server actived on LAN and OP1, it's ok).

      I want to separate the LAN from OPT1 (we should not be able to access pfsense or the box from opt1).

      I have internet on the LAN but not on opt1.

      What did not I do for it to work please?

      Thank you

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Be sure you have the following on OPT1, or at least available to the clients on OPT1:

        DHCP Server
        DNS Server
        Firewall Rules blocking or passing the desired traffic
        Outbound NAT

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • S
          shubakas
          last edited by

          DHCP server and DNS it's ok.

          On the firewall outbound i choose AON et i can see :
          WAN SOURCE 192.168.28.0/24 PORT DESTINATION 500 WAN ADRESS
          and the same but it's a "*" and not 500 in port destination

          Firewall i have no rules, i don't know which rules create.

          thank for your help

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You need rules that pass or block the desired/undesired traffic from OPT1 hosts.

            Start by putting the default rule as found on LAN but adjusted for OPT1.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • S
              shubakas
              last edited by

              I put the same 2 rules as the LAN on OPT1 but I can not create the rule ANTI LOCKOUT RULE (port 443-80).
              I don't think it's the cause of the problem.

              I don't see what to do  :-[

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Post your rules.

                https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • S
                  shubakas
                  last edited by


                  The name "BLEU" is "OPT1"

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Your rules are not just like the LAN rules. They are TCP-only. Change them to protocol any.

                    What are those three alerts in the upper right corner?

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • S
                      shubakas
                      last edited by

                      Thaaaaaaaankssssss !!!!!
                      it was "ANY" and not "TCP"

                      Perfect !!!

                      The 3 alerts came from a bad old configutaion dhcp.

                      Thank you Derelict !!

                      1 Reply Last reply Reply Quote 0
                      • S
                        shubakas
                        last edited by

                        Sorry but now, i want add a web filter on OPT1 only.

                        I installed Squid and Squidguard, I followed tutorials but how to assign filtering on OPT1 ??

                        Thanks

                        1 Reply Last reply Reply Quote 0
                        • KOMK
                          KOM
                          last edited by

                          Start a new thread in the Cache/Proxy forum.

                          1 Reply Last reply Reply Quote 0
                          • S
                            shubakas
                            last edited by

                            Ok thanks

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.