Resolved - New pfSense installation is blocking everything

sarmad · Nov 5, 2018, 5:38 PM

hello,
i have installed pfsense 2.4.4 on a pc with 3 NIC Gigabit Ethernet with these configurations
WAN - Static Public IP /25 with gateway specified
LAN - 192.168.1.200 /16 no DHCP - no gateway
OP1 - Not configured
after complete the installation, i can't ping anything on a pc in the same LAN network and can't open any website.
i didn't change anything of the default firewall rules, and i can access the pfSense Web GUI normally. The status of the gateway is always OFFLINE.
i have tested my static public ip in a normal pc and the internet is working perfectly.
The firewall log have a lot of blocked packets by Default deny rule IPv4.
i have tried to change the wan interface with no luck.
what could be the problem?
thanks,

Derelict · Nov 4, 2018, 12:32 AM

@sarmad said in New pfSense installation is blocking everything:

after complete the installation, i can't ping anything on a pc in the same LAN network and can't open any website.

If you cannot ping anything on the local LAN from the local LAN it's not the firewall.

If you did not change the default LAN firewall rule and only changed to /16 (why?) then hosts on LAN should at least be able to ping 192.168.1.200. If they cannot, apply basic network troubleshooting techniques working from Layer 1 on up.

https://www.netgate.com/docs/pfsense/routing/connectivity-troubleshooting.html

sarmad · Nov 4, 2018, 12:35 AM

sorry, i can ping the LAN interface of pfsense. And about /16, i have tried /24 too

sarmad · Nov 4, 2018, 12:39 AM

when i tried to test the static public ip in a normal pc, i can ping google and i can ping the default gateway, but in pfsense gui can't ping gateway because it's status is offline

Derelict · Nov 4, 2018, 12:41 AM

Pretty much impossible to say what you did wrong based on what we have

https://www.netgate.com/docs/pfsense/routing/connectivity-troubleshooting.html

You can't just change netmasks. Everything on the segment has to match. It is either /16 or /24. Set it to the correct value. Only you know what that is.

Is pfSense's address the test client's default gateway
Are there firewall rules on the LAN interface that pass the desired traffic
Is the WAN gateway the firewall's default route
Is proper outbound NAT in place for the LAN subnet

sarmad · Nov 4, 2018, 12:51 AM

thank you for reply,
I am testing the new installation on just one pc, so my lan is just one pc connected directly to pfsense lan interface.
the pc is always in the same segment with pfsense and pfsense is the default gateway of the testing pc and always i can access pfsense gui without any problem.
The firewall has the default lan rule that allow everything from lan to outside. thw wan interface has no rules.
yes, the wan gateway is the default route.
The outbound NAT is Automatic outbound NAT (default).

Derelict · Nov 4, 2018, 12:52 AM

Then it would be working. Check it all again.

Start posting screenshots of everything already mentioned from the test PC out to the WAN, Rules, Outbound NAT, etc.

sarmad · Nov 4, 2018, 12:54 AM

After finishing a new installation and set the correct IPs for wan and lan, pfsense allow everything from LAN to outside right?

sarmad · Nov 4, 2018, 1:51 AM

Derelict · Nov 4, 2018, 5:10 PM

OK that should be working fine. If not check your WAN connection.

Can pfSense ping the gateway address from Diagnostics > Ping? How about pinging from there setting the source address as LAN? Pinging 8.8.8.8? Resolving names using Diagnostics > DNS Lookup?

Again: https://www.netgate.com/docs/pfsense/routing/connectivity-troubleshooting.html

sarmad · Nov 4, 2018, 5:18 PM

no, pfsense can't ping neither gateway nor 8.8.8.8
in System > General, i have added the 4 DNSs, two that is provided from ISP and the other two are google's DNS 8.8.8.8 and 8.8.4.4
i can't try Diagnostics > DNS Lookup now because the firewall isn't near me now, i will give it a try ASAP.
But, could be a hardware problem?

Derelict · Nov 4, 2018, 5:20 PM

Then you need to figure out why your WAN is not working.

could be a hardware problem?

Really hard to tell from here. What does Status > Interfaces say for WAN?

Please look at the things in that connectivity troubleshooting document. We can't see your network. You can.

sarmad · Nov 4, 2018, 5:21 PM

the WAN connection should be a cross cable? because i am using the same straight CAT5e cable for testing the internet directly using a normal PC and is working fine

Derelict · Nov 4, 2018, 5:25 PM

Depends on what it is connected to. If you don't have auto-mdix then maybe you will need a crossover cable.

I was assuming this whole time, since I forwarded that connectivity troubleshooting document to you several times, that you had verified you at least had link up on all of your interfaces.

sarmad · Nov 4, 2018, 5:32 PM

thank you,
the NIC lights of WAN are on normally, but i will try a crossover cable ASAP and try to check all steps in that connectivity document link.
So the problem isn't the configuration, it is the hardware or the cable assuming that pfSense working fine with NIC Gigabit

stephenw10 · Nov 4, 2018, 10:57 PM

You should be able to see in Status > Interfaces exactly what state the WAN is in.

Steve

sarmad · Nov 5, 2018, 5:37 PM

i changed the hardware of pfsense and now it is working
thanks,

akuma1x · Nov 6, 2018, 5:30 PM

@sarmad said in Resolved - New pfSense installation is blocking everything:

i changed the hardware of pfsense and now it is working
thanks,

That's cheating! LOL

Jeff

sarmad · Nov 7, 2018, 2:16 PM

i discovered, it was the external NIC