No internet connectivity from LAN (ISP router -> pfsense -> client)

getk

My setup is similar to above one as due to few reasons, I cannot avoid the ISP router.

Somehow I cannot access internet from LAN of the pfsense device. I can connect to internet via the ISP router directly though.

Key parts of my setup includes

1. No changes done to ISP router (the default is 192.168.1.1/24 and is NAT enabled)
2. pfsense LAN setup the config as 192.168.2.1/24
3. since my pfsense device is a client to ISP router, pfsense got assigned ip of 192.168.1.38 . (i.e. is the WAN ip of pfsense)
4. I can connect to pfSense perfectly via LAN WebGUI and ssh

I've tried various settings within pfsense, including

1. Allowed all connections from LAN/WAN. (firewall allowed all rules)
2. Tried DHCP server enable/disable via web gui
   3 . Removed NAT settings for WAN and reverted back to automatic.

Is there anything else to be aware when I do the above connection to get internet connectivity?

============================
Some extra info:
*** Welcome to pfSense 2.4.4-RELEASE-p3 (amd64) on pf ***

WAN (wan) -> re0 -> v4: 192.168.1.38/24
LAN (lan) -> re1 -> v4: 192.168.2.1/24

WAN interface: Unchecked the boxes to block private and login networks.

Did checks as per : https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html#Client_Tests

Failing on

1. ping test via WAN (8.8.8.8)
2. ping test via LAN (8.8.8.8)
3. traceroute

============================

stephenw10

First make sure pfSense can connect out itself. Go to Diag > Ping in the GUI. Try to ping 8.8.8.8.
If that works try to ping google.com.

If that works try those same tests from a client behind pfSense. if they fail what is the exact error shown?

Steve

getk

cheers Steve. I have done testing as per https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html#Client_Tests

Many are failures

1. Ping on 8.8.8.8 via WAN is fail
2. 8.8.8.8 via LAN is fail
3. traceroute to pfsense.org is fail etc

Hence, I was just checking If I need to anything special if I'm configuring using an ISP router?.

pfsvrb

Edit the wan interface on pfsense and scroll to the bottom. Uncheck the boxes to block private and login networks. Save the settings and see if routed connectivity works from the lan clients.

getk

@pfsvrb . thanks. yes, i've done that too. But still no internet, no ping

(Also updated to my original post to reflect this test)

stephenw10

What is the error when it fails to ping 8.8.8.8 from WAN?

Check the routing table in Diag > Routes. Make sure there is a default route present.

If there is not go to System > Routing and select the WAN GW as IPv4 default rather than 'automatic'. Recheck the routing table.

Steve

stephenw10

@pfsvrb said in No internet connectivity from LAN (ISP router -> pfsense -> client):

Edit the wan interface on pfsense and scroll to the bottom. Uncheck the boxes to block private and login networks. Save the settings and see if routed connectivity works from the lan clients.

There is no need to do that. You should never need to to unblock bogon networks.

You only need to unblock private networks if you are connecting to the WAN from a private subnet. So it you have a client connected to the ISP router directly and were accessing the pfSense GUI using it's WAN IP for example. That traffic is blocked by default anyway.
Having the WAN in a private subnet does not prevent outbound connections with that still checked.

Steve

getk

@stephenw10 Thank you. I have moved in similar lines, but it seems

1. I have to configure a Gateway. This may be in contrast to what pfsense said in the field text "On local area network interfaces the upstream gateway should be "none"", I assumed ,I don't need to create a Upstream gateway. So i've created this
2. Also, after creating the gateway, I've changed the Fireall -> NAT -> Outbound to Automatic outbound NAT rule generation.

These two changes made it work. Thanks again