can't access to internet from LAN side



  • Hello veryone,
    I'm a noob in networking and in pfsense and I try to create a small infrastructure in virtualbox :
    infra

    Currently I can't access to the internet from my vm windows 7 and I don't know what to do ?

    I opened all ports on the firewall to test :
    firewall

    this is my LAN interface :
    LAN

    I also tried to add NAT unbound rules :
    NAT
    NAT

    I can access to my WAN branch from my windows7 VM :
    wan branch

    and I can ping google from pfsense :
    ping google

    someone knows what I'm doing wrong ? it will help me a lot

    Thanks



  • Clear the gateway in the LAN interface settings.



  • Thanks for your answer , i just did it and I still can't have access to the internet form my VM



  • Check if you can ping Google from the W7 machine by using the IP address.
    You don't allow UDP on LAN which is needed for DNS.



  • I tried to ping 8.8.8.8 and it doesnt work from my vm,
    it's working from pfsense command line interface , DNS also ( I can ping google.com from pfsense command line interface)



  • Check the network configuration on the W7 vm.

    What gives "tracert 8.8.8.8" on that machine?



  • I launched a tracert , it stopped at my LAN branch of my router ( first step )
    alt text



  • I have now access to internet from my VM windows7,
    the issue was the firewall rules "Block Logon Network" blocking local IP to pass WAN side ,and so access to my physical router ( DOUBLE NAT )

    Now I can even ping my phisical computer from my VM , but I still can't access to my VM from my physical computer event if all is open in my firewall.

    Any idea?



  • If WAN is facing to the internet, WAN rules should not affect access from the VM behind pfSense.

    Your computers in the network in front of pfSense need a static route for the network behind pointing to pfSense.


  • Netgate Administrator

    If you have removed the gateway from the LAN you should switch outbound NAT rules back to automatic.
    The rule you have there currently has source 'any' which is almost always wrong. It will NAT even traffic from the firewall itself which can cause all sorts of odd issues.

    Steve