[SOLVED] No internet on LAN, only on WAN
-
Hello,
After re-installing my pfsense router multiple times, I cannot get internet to work from LAN.
I am able to ping from the WAN side. However, when trying to connect to the internet via a client on LAN, it hangs.
My setup is as follows:
<ISP router (bridge mode)> --- <pfsense> --- <client>
The interfaces are as follows:
WAN 100baseTX <full-duplex> 92.x.x.10 LAN 1000baseT <full-duplex,master> 192.168.10.1Packet capture on LAN (while pinging from client, ICMP only):
20:57:57.793214 IP 192.168.10.10 > 8.8.8.8: ICMP echo request, id 11243, seq 104, length 64 20:57:58.817229 IP 192.168.10.10 > 8.8.8.8: ICMP echo request, id 11243, seq 105, length 64Packe capture on WAN (still pinging from client, ICMP only):
0:58:33.540947 IP 92.x.x.10 > 92.x.x.1: ICMP echo request, id 41898, seq 3559, length 8 20:58:33.547437 IP 92.x.x.1 > 92.x.x.10: ICMP echo reply, id 41898, seq 3559, length 8 20:58:33.633181 IP 192.x.x.10 > 8.8.8.8: ICMP echo request, id 11243, seq 139, length 64 20:58:34.073191 IP 92.x.x.10 > 92.x.x.1: ICMP echo request, id 41898, seq 3560, length 8 20:58:34.081420 IP 92.x.x.1 > 92.x.x.10: ICMP echo reply, id 41898, seq 3560, length 8 20:58:34.605433 IP 92.x.x.10 > 92.x.x.1: ICMP echo request, id 41898, seq 3561, length 8As you can see, the router does not seem to pass on the ICMP echo request back to LAN.
This is with default settings (WAN on DHCP so that ISP can assign me an IP address, NAT & firewall rules default).
-
create rule in Lan to pass your lan traffic via gateway(WAN). thanks
-
@Sufyan Not sure what you mean, the WAN is already the default gateway and LAN allows all outgoing traffic.
-
@DidgeriDude said in No internet on LAN, only on WAN:
20:58:33.633181 IP 192.x.x.10 > 8.8.8.8: ICMP echo request, id 11243, seq 139, length 64
The hided source address does not make it easy to help. Is it the origin LAN address?
If yes, the outbound NAT isn't working. Maybe disabled NAT? -
Do you have any packages installed? Have you modified WAN or LAN rules after you installed? Did you do anything after initial configuration, like restore your config.xml backup, or change any other settings such as outbound NAT rules?
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html
https://www.netgate.com/resources/videos/pfsense-connectivity-troubleshooting.html
-
@DidgeriDude Create a rule in Lan (Port=TCP/UDP, Source=LAN Net, Destination= Any, Gateway=Default) Save the rule and then check it again.
also ping from Lan to Wan address from diagnose options. -
@viragomann said in No internet on LAN, only on WAN:
@DidgeriDude said in No internet on LAN, only on WAN:
20:58:33.633181 IP 192.x.x.10 > 8.8.8.8: ICMP echo request, id 11243, seq 139, length 64
The hided source address does not make it easy to help. Is it the origin LAN address?
If yes, the outbound NAT isn't working. Maybe disabled NAT?The IP address is assigned to the WAN interface.
@KOM said in No internet on LAN, only on WAN:
Do you have any packages installed? Have you modified WAN or LAN rules after you installed? Did you do anything after initial configuration, like restore your config.xml backup, or change any other settings such as outbound NAT rules?
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html
https://www.netgate.com/resources/videos/pfsense-connectivity-troubleshooting.html
No packages. I didn't do anything funky, I just followed the initial setup wizard.
@Sufyan said in No internet on LAN, only on WAN:
@DidgeriDude Create a rule in Lan (Port=TCP/UDP, Source=LAN Net, Destination= Any, Gateway=Default) Save the rule and then check it again.
also ping from Lan to Wan address from diagnose options.I added a rule in the firewall, but while reloading the rules, I got the following error:
There were error(s) loading the rules: /tmp/rules.debug:19: cannot load "/etc/bogonsv6": Invalid argument - The line in question reads [19]: table persist file "/etc/bogonsv6"I already tried increasing the Firewall Maximum Table Entries to 500000, but it keeps showing up.
Pinging from LAN to WAN works.
-
@DidgeriDude said in No internet on LAN, only on WAN:
This is with default settings (WAN on DHCP so that ISP can assign me an IP address, NAT & firewall rules default).
DHCP server activated on LAN ?
Pool Ok ?
Check DHCP server log : your PC got an IP ?
Check on your PC : If Windows : launchipconfig /allgateway and DNS ok (== IP pfSense) ?
pfSense behaves as any router on planet earth - and I can prove it.
Reset to default - the real default, with LAN as 192.168.1.1/24 etc. Add no DNS .. nothing.
WAN defaults to DHCP so it works (or do you have to change that for PPPOE ? in that case, do that - check that WAN is up and stop doing anything else).
Your Internet connection is good from LAN now.
Done.Now, do your setup and you wind up with a 'dead' LAN ?
Well, tell us what you changed and we tell you that (what) you shouldn't ^^edit : no, don't even change the password. Just the WAN setup and test.
-
@DidgeriDude said in No internet on LAN, only on WAN:
@viragomann said in No internet on LAN, only on WAN:
@DidgeriDude said in No internet on LAN, only on WAN:
20:58:33.633181 IP 192.x.x.10 > 8.8.8.8: ICMP echo request, id 11243, seq 139, length 64
The hided source address does not make it easy to help. Is it the origin LAN address?
If yes, the outbound NAT isn't working. Maybe disabled NAT?The IP address is assigned to the WAN interface.
Rubbish! You wrote above
@DidgeriDude said in No internet on LAN, only on WAN:WAN 100baseTX <full-duplex> 92.x.x.10
LAN 1000baseT <full-duplex,master> 192.168.10.1So 192.x.x.10 cannot be the WANs address.
-
@Gertjan Thanks! Leaving everything to 'true default' does help!
Now I am just trying to figure out what I changed, the only thing is the DNS, but that does not have any impact on pinging an IP.
Anyway, thank you for your help! I probably did something stupid...
-
@viragomann Sorry, I misread that IP. I accidentally blocked out my local IP. You are right.