pfsense WAN on private network



  • Hi. I have an instance of pfsense running entirely on a private network where WAN interface is getting a DHCP of 192.168.x.x and 2 other interfaces: 172.16.5.x and 172.16.6.x. This whole setup is purely for learning.

    A host on either 172.16.x.x network can ping through the gateway to hosts on the WAN network (192.168.x.x), but I can't access any web servers, so port 80 and 443 are inaccessible.

    NAT appears to work correctly, a host on the WAN network sees icmp traffic as from the WAN interface.
    The "Reserved Networks" 2 check boxes are unchecked for both 172.16.x.x interfaces
    I can ping www.google.com, so routing also works. Any suggestions would be appreciated, next step probably would be to reinstall.



  • On the WAN interface did you uncheck "Block private networks and loopback addresses"?


  • LAYER 8 Global Moderator

    @penguin-nut said in pfsense WAN on private network:

    NAT appears to work correctly, a host on the WAN network sees icmp traffic as from the WAN interface.

    Great start.. So do sniff on pfsense wan - do you send pfsense send the SYN for the http/https connection to the host on your 192.168 wan network?

    What firewall rules do you have on your 2 172.16 interfaces? While the first lan side interface (lan) would default to any any... When you create a 2nd interface it would have no rules.

    You say you can ping google, but can you access google?



  • @teamits I did, that didn't seem to allow traffic through. I ended up doing a "Reset to factory defaults", it now works. Very strange. There is nothing different that I can tell from what I configured then and now. Maybe switching the configuration back and forth so many times something got messed up?


  • LAYER 8 Global Moderator

    @penguin-nut said in pfsense WAN on private network:

    Maybe switching the configuration back and forth so many times something got messed up?

    Zero mention of any of that in OP.



  • So I've discovered a couple things related to my test environment. My pfSense instance runs on Xenserver 7.x on Dell hardware. NICs are plugged into Cisco 2960 (IOS 15.x).

    1 - Reconfiguring interfaces, sometimes requires re-saving firewall rules. I reconfigured an interface, DHCP works but unable to ping gateway or dig/nslookup fails. Re-saving firewall allow rule for that interface fixed everything.
    2 - System->Advanced->Networking
    Disable hardware checksum offload
    Above fixed a recurring problem I could not resolve with pfSense running on Xenserver 7.x, Dell hardware.
    3 - VLANs configuration can get very confusing. There are VLANs configured on the Cisco 2960 switch Xenserver is plugged into; Xenserver allows assigning ports to VLANs; pfSense has VLANs. It is easy to break this and just as easy to fix.




Log in to reply