How to config the LAN interface users to Internet (Basic configuration)

coachever · Feb 17, 2019, 2:33 PM

Hello, my name is Coach. I am new to PfSense and I have watched many tutorial videos from youtube and follow many instructions on websites. Also I have made the factory default so many times, please give me detailed advice about my below configuration screenshots.

P.S: When I ping from both WAN and LAN to www.yahoo.com it is worked, also from LAN interface to Client (192.168.11.11) it worked.

Thanks,
Best regards,

Rico · Feb 17, 2019, 3:13 PM

So what is your question or problem?
Generally speaking, if you run through the configuration wizard it will leave you with a working basic configuration, everything is fine then.

-Rico

Gertjan · Feb 18, 2019, 4:13 PM

What is this :

?

103.57.94.2 and 8.8.8.8 are not default values.

edit :

What do you try to achieve with this rule ?
The 0/0 in front of it means : no traffic matched this rule.
The next IPv4 'default' pass rule accepts all traffic, thus also all traffic to the internet.

coachever · Feb 20, 2019, 1:57 AM

@rico
Thank you for your reply,
After I finished the basic configuration wizard, I want to connect to internet from my LAN side. So should I make changes to Services=>DHCP=> gateways and DNS servers? From youtube videos and other guidelines they did not change or configure this to PfSense and able to browse websites easily. I am not sure that I wrote my issue clear, but my main point is, LAN side clients should connect to internet.
Thanks,

Gertjan · Feb 20, 2019, 6:10 PM

The only thing that needs to be setup is, is the WAN connexion.
No need to change anything elsewhere : pfSense will work.

A notable exception is when the upstream router - if one exists - also uses the 192.168.1.0/24 as is LAN.
In that case you change that LAN - or you change the LAN settings on the pfSense LAN interface.

coachever · Feb 21, 2019, 2:33 AM

@gertjan I have not changed DNS servers, Gateways on services=>DHCP server (i mean its blank). So the DNS and Default gateway is 192.168.1.1 LAN interface is 192.168.1.0/24

And therefore, when i using ping from client machine to yahoo.com it did not respond, but when i ping to IP address of yahoo, it replied.

Also from LAN and WAN both interfaces on pfSense webGUI to yahoo.com pinging is replied. So the problem is in DNS configuration on LAN interface I guess, when I add 8.8.8.8 to services=>DHCP server=>DNS servers client machine can connect to internet. What should i do?

Gertjan · Feb 21, 2019, 9:36 AM

So, when you run this :

[2.4.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ping yahoo.com
PING yahoo.com (98.138.219.232): 56 data bytes
64 bytes from 98.138.219.232: icmp_seq=0 ttl=48 time=146.540 ms
64 bytes from 98.138.219.232: icmp_seq=1 ttl=48 time=145.787 ms

you have replies - and more important : yahoo.com resolves => the DNS works.
But not from a device on LAN.

This means these devices can't contact the DNS Resolver running on pfSense.
What are your LAN firewall rules ?

coachever · Feb 21, 2019, 11:10 AM

Floating rule is

WAN rule is

LAN rule is

isolatedvirus · Feb 21, 2019, 11:49 AM

ok do a couple things and post the output:
-ping 105.57.94.2
-perform an nslookup for www.duckduckgo.com against that server as well with:

nslookup
server 105.57.94.2
www.duckduckgo.com

Post your DNS config. If you haven't modified anything, this will be the DNS Resolver.
Also, please confirm if this firewall is running on physical, or virtual, and if its virtual confirm which virtualization tech youre using.

coachever · Feb 21, 2019, 12:21 PM

@isolatedvirus
Okey, the firewall is running on VIrtualBox
Pfsense WAN is in VirtualBox NAT mode 10.0.2.15
LAN is in an internal mode 192.168.1.1

So ping from client machine to 105.57.94.2 is

Ping from Pfsense wan side to 105.57.94.2 is

Nslookup from client machine to 105.57.94.2 and www.duckduckgo.com is

No changes to DNS settings and the DNS resolver config is

isolatedvirus · Feb 21, 2019, 12:29 PM

ok whatever that IP is, it isnt working. Remove it from your config (Could be under the WAN configuration via allow DHCP override of DNS or something to that affect)

Looks like pfsense is hitting 8.8.8.8 and getting results, but when it trys that IP it gets no responses.

coachever · Feb 21, 2019, 12:40 PM

@isolatedvirus
You mean this? I have uncheck the System=>General Setup=>Allow DNS server list to be overrided by DHCP/PPP on WAN and added 8.8.8.8 and 8.8.4.4 DNS servers.

This is the tutorial that i have followed, is it possible to using this setup to connect to Internet?

Thank you for your time @isolatedvirus

coachever · Feb 21, 2019, 3:16 PM

https://www.tecmint.com/installation-and-configuration-of-pfsense-firewall-router/
This is the tutorial link,

isolatedvirus · Feb 21, 2019, 12:49 PM

review the first screenshot in the topic (105.57.94.2) is listes as a DNS server. Yes, uncheck that, you have the firewall performing as a DNS server itself (listed as 127.0.0.1). its capable of looking up DNS itself would the use of an upstream DNS server from WAN.

coachever · Feb 21, 2019, 1:02 PM

@isolatedvirus
Is this right?

But after that, there is no ping response from WAN side to yahoo.com

I think we'are very to close to succeed, but my knowledge and experience is too low, sorry

isolatedvirus · Feb 21, 2019, 1:02 PM

hostname www.yahoo.com

coachever · Feb 21, 2019, 1:09 PM

@isolatedvirus

Ping to www.yahoo.com

isolatedvirus · Feb 21, 2019, 1:25 PM

Before doing any of the following, perform this:
System->Advanced->Netowrking
Disable Checksum/TCP Seg/ Large Receive offloading.
On windows: Ping 8.8.8.8
On windows: Navigate to www.duckduckgo.com or perform nslookup
If this is working, perform a nslookup on pfsense to confirm you can resolve www.duckduckgo.com

what are the outgoing DNS interfaces set as in the DNS resolver?

Confirm the following: System-> General Setup
-No DNS servers configured.
-DNS Override UNCHECKED
-Disable DNS Forwarder UNCHECKED

Services -> DNS Forwarder
-Enable DNS Forwarder UNCHECKED

Services -> DNS Resolver
-Enable DNS Resolver CHECKED
-Network Interfaces ALL
-Outgoing Interfaces WAN (or whatever your uplink interface is)
-DNS Query Forwarding UNCHECKED

On windows:
Ping 8.8.8.8
In a browser, navigate to www.duckduckgo.com, or perform a nslookup

On pfsense
ping 8.8.8.8
perform nslookup for www.duckduckgo.com

Gertjan · Feb 21, 2019, 3:16 PM

@coachever said in How to config the LAN interface users to Internet (Basic configuration):

https://www.tecmint.com/installation-and-configuration-of-pfsense-firewall-router/
This is the tutorial link,

That's an old version of pfSense.
Never ever use these kind of videos. Use the official videos first. And because you don't want to find differences, errors or whatever issue exists between old version and recent version, you should stick with the official videos.

If WAN is setup - then you do not need to think or do anything related to DNS.
It works out of the box.
pfSense behaves like any other router/firewall : set up WAN and you have a connection to the net.

By (incompletely) following some video you broke your DNS setup. (because the video isn't right, some needed settings aren't mentioned or because the situation changed).

It's like you're using an Windows XP tuto for Windows 10.

Btw : Official videos are here.

JeGr · Feb 25, 2019, 12:37 PM

@coachever

In your first Post your pfSense WAN interface was configured (via DHCP?) to 192.168.1.8.
In later posts it happens to be 10.0.2.15.

What is your WAN connection? How do you connect pfSense to your ISP/uplink/Internet? DNS may be a problem, but I think you don't have your WAN running correct. Also if your WAN is indeed a private IP, uncheck the "block private IPs" checkbox on "Interfaces / WAN".