LAN clients can access internet but pfSense itself can't



  • I'm experiencing some odd behaviour on my firewall.

    When the WAN is connected with an internet address (i.e. not RFC1918), all the LAN clients can access the Internet, as well as pfSense itself (e.g. for updating packages, or pfBlockerNG lists etc).

    But when the WAN has an RFC1918 address (i.e. double NATted), while the LAN clients can still access the Internet without any problem, pfSense itself cannot. i.e. package updates fail, as do pfBlockerNG or Snort updates. (I'm stuck with the double NAT, but I don't think that's the problem here).

    Block private networks is not checked on WAN (bogon networks is checked).

    There's no blocking of packets being shown on the firewall logs.

    Any ideas what might be causing this please?

    Andrew


  • Netgate

    Sounds like whatever the issue is is probably in your WAN Firewall > NAT, Outbound settings. You probably want to post those.



  • Thanks for replying.

    For whatever reason, the issue appears only to arise after a configuration restore when pfSense seeks to reinstall all packages (which then fails due to lack of internet connectivity).

    If I connect to a WAN with a real internet address to do that, it works. If I subsequently (i.e. after the restore has completed ok) switch the WAN to the RFC1918 address it still works ok and pfSense can access the internet.

    It looks like a quirk that affects package reinstallation only (e.g. perhaps pfBlockerNG, DNSBL or DNS Resolver related before the packages have been properly restored). Given I can get it working as above, I suspect I'll just leave it for now.

    Thanks.


  • Netgate

    I'd fix it. But OK.