NAT Stopped Working
-
So today I came home and noticed I had no internet. I logged in to my pfSense and noticed I had a public IP, and everything seemed fine. If I pinged sourcing the WAN, I had full connectivity, via my LAN - Nothing. The Diag > States also showed NO_TRAFFIC:SINGLE for every LAN source IP I have.
About my setup: The ISP Is Verizon Fios, CAT6 to a dedicated port on my ESXi hardware. From there, I have a /30 subnet between the LAN side of pfSense, and my Cisco L3 switch. From here I have several vlans configured with their default routes back towards pfSense. In pfSense I created the Virtual IPs, as well as pointed those specific routes back towards the switch side of the pfSense LAN IP. This installation has worked fine for me for years. The past 2 months I lost internet 2 times, usually releasing/renewing on the wan side clears the issue. At those times I never checked to see if pinging from the wan source worked, just that I had no connectivity via the LAN. I assumed with was verizon being weird and went for the release/renew. Tonight no matter what I did I couldn't restore it. I even went as far as to load up another fresh VM install and try that with no change. Any help is appreciated!
-
@cdegroat82 Try pinging wan side gateway from inside and see what happens. Nat is a deep feature that just doesn't stop working.
And I assume you have already rebooted the whole box.
You have a complex lan situation which is irrelevant of pfsense. However it blurs the situation a lot. (and I doubt anyone could help you on that as it is) -
@netblues I agree - makes no sense whats happened. Pinging WAN side sourcing LAN fails. Removing the entire LAN from the equation, I have no connectivity on the local LAN subnet attached to the pfSense box. I'm going to re-review the guides but ultimately I may end up just getting a hardware box. Anytime I work on the VM situation I obviously have no local internet connectivity since the VM may be down.
-
@cdegroat82 Pf works splendidly well under esxi, kvm or any other hypervisor. Why the vm is down?
But I see progress. If you can't access lan side , this is no nat issue :)
I suspect your problem is on the l3 switch. -
@netblues Im currently working on the same config on L3 now with the verizon router. When I meant I cant access via the LAN side I meant the local LAN iface IP. So I have 10.144.1.1 assigned to pfSense and I can't ping sourcing that address, taking the entire lan out of the equation. I can attest it works well under ESX, I've probably been using it that way for the past 3 or 4 years without issue. That was more personal preference to give me more freedom separate of ESX and not related to this issue.
-
So - I rebuilt a fresh VM, and all seems to be working. Well see if this is the permanent fix (i hope).
-
@cdegroat82 Well, this is not something pf related.
The combination of pf vlans, esxi vlans switced based vlans and l3 routng at switches can become quickly overly complicated and its easy to overlook something.
Hope the rebuild has solved it :)