I have no internet access to sites other than Google & youtube through pfSense?



  • Hello, i have this setup: Cable modem > Nic1 and then Nic2 > Switch > clients
    pfSense is running inside HyperV.
    HyperV network is set up as with 2 external switches, "LAN" and "WAN"

    pfSense is using both theese NIC's and LAN/WAN is setup on the correct one.

    pfSense is getting a 128.x.x.x IP on the WAN, LAN is setup 10.0.0.1.

    The rest of the pfSense setup is pretty basic, which to my understanding should give Internet acess?
    The thing is, pfSense (and client on the LAN aswell) can actually ping out, both IP's and host names, but when browsing the internet, I can't access anything other than Google or Youtube (steam and blizzard chat works aswell, could even launch up WoW)
    This seemed very weird to me, and after thinking about what could cause this my initial thought was maybe these sites use IPv6, and thus the problem is Ipv4 only, but I'm really not sure, since (correct me if i'm wrong) I wouldnt be able to ping ipv4 adresses then?
    When i initially thought that might be the issue, I was thinking what would be able to cause that, and it struck me: NAT
    So I went and looked at the NAT rules, and to my awe there were 2 default rules configered, and (again correct me if i'm wrong) it should work already by default?
    I have been reading alot of documentation, watching alot of videos, and googled alot of stuff theese past couple of days, thinking it would be awesome to learn alot of the stuff anyway, but i'm running out of data on my cellphone, so now I want to fix this ASAP :D
    I wanna say thanks if you made the time to read this, whether you have a solution or not, I sencerely appreciate it, and if you do have a (possible) solution please let me know.



  • I'm new at pfSense, but I would check my firewall logs and try to traceroute some sites from the webgui.

    Status > System Logs > Firewall
    Check if when you enter a link, it gets blocked (press F5 to update);

    Try "tracert insersitehere" from Windows CMD (traceroute if Linux);
    Try tracertoute from pfSense webgui itself: Diagnostics > Traceroute;

    You can disable the firewall to see if something works:
    System > Advanced > Firewall & NAT > Check "Disable Firewall"

    As I said, I'm new to pfSense, so if something does not work, we can try something else. :)



  • When disabling the Firewall, I also disable NAT, and I can't ping out no more, I can't watch videos on youtube or anything, basically no connection.
    So my best bet is that its the firewall blocking connections

    I tried getting the logs you asked for, aswell as posting my Firewall rules and Nat setup, hopefully this helps.
    I do see all the blocked connections, so I assume this is the problem, but I have no idea what is causing it.

    https://imgur.com/a/gr5CLUl

    I can try a tracert, but I assume it works, since I can ping out from both hosts on lan and pfSense.



  • Maybe you have to set a rule to allow connections from your router to pfsense and from pfsense to PCs.
    I have two: allowing everything on all ports to 192.168.1.3:80 (pfsense) and another rule saying the same, but to port 443. (I used easy rule)

    Try to tracert to sites that does not work to see if where the packages stops.



  • I have 1 rule on WAN, and one one LAN that should allow everything

    TraceRT don't seem to be a problem.
    https://imgur.com/a/v1DUHc6



  • I'm sorry, but I'm out of ideas. :(
    Let's wait for someone else.



  • @pagger said in I have no internet access to sites other than Google & youtube through pfSense?:

    I have 1 rule on WAN, and one one LAN that should allow everything

    TraceRT don't seem to be a problem.
    https://imgur.com/a/v1DUHc6

    Remove that WAN any/any rule. Go do that now.
    From the nslookup output it seems you are not using pfsense for DNS. What does your DNS setup look like?



  • @andyc My DNS setup is is: 2 Windows DC's with DNS, one at 10.1.0.20 and the next et 10.1.0.21.
    Clients are set to use those and primary/sencondary DNS, and both of the servers have 10.0.0.1 (pfSense LAN IP) set as a forwarder.

    Do you want me to delete the file because it's bad practice, or because It's part of the problem?:p



  • @pagger because you’re using AD, your DNS is correct. Client machines use the AD DNS and that should forward to pfSense (so you can use things like pfBlockerNG).



  • The block rule shows that it was dropping traffic from 10.0.0.1 to 10.0.0.24.

    What have you got in system>routing and what packages are you running?



  • @motific Under Gateway i have DHCP and It shows my WAN IP, nothing is set under static rouges og Gateway groups.

    I got the following services running:
    Dpinger
    Ntpd
    Syslogd
    Unbound


Log in to reply