fresh install LAN cannot connect to WAN gateway
-
Hey specialists,
I'm feeling quite dump right now as the problem sounds really basic. If setup a new pair of pfsense physical boxes in HA mode and configured an easy setup.
ISP <->Fritzbox<->pfsense<->LAN switch
Fitzbox has 172.21.0.1 in /24
Pfsense WAN has 172.21.02 as CARP and .3 & .4
Pfsense LAN has 172.21.30.1 as CARP and 2. & .3- I can ping from the Firewall to Internet using WAN interface
- I cannot ping from the Firewall to Internet using LAN interface
- a LAN client can ping its default GW (the pfsense carp IP)
- a LAN client can ping the WAN IPs of the pfsense
- a LAN client cannot ping the Fritzbox gateway
- Pfsense can trace the internet using WAN source address
- Pfsense cannot trace the internet using LAN source address
For testing purposes I disabled firewalling completly via advancend menue. I can only imagine some NAT issues, but Outbound NAT is set to Automatic.
I'm quite puzzled. Anyone an idea what check?
Thanks much and let me know if you need more info.
Best Sebastian -
I'd check these Resources for any Config Errors first:
https://www.netgate.com/docs/pfsense/book/highavailability/high-availability-troubleshooting.html
https://www.netgate.com/docs/pfsense/book/highavailability/index.html
https://www.netgate.com/docs/pfsense/highavailability/configuring-high-availability.html
https://www.youtube.com/watch?v=VnBnnh81G7w-Rico
-
Hey Rico,
appriciate your reply on this. Your RTFM reply got me going :-) as I reviewed the NAT part of my setup and indeed I just had to configure manual NAT and change the rules to have the CARP address. re-enabling the firewall via advanced menu which also enables NAT'ing again did cost me another 30mins :-)
Again, many thanks for pointing me to the right direction. -
You're welcome, glad you have it up and running now.
-Rico
