No internet connectivity from LAN (ISP router -> pfsense -> client)



  • My setup is similar to above one as due to few reasons, I cannot avoid the ISP router.
    n5BAnaS.png

    Somehow I cannot access internet from LAN of the pfsense device. I can connect to internet via the ISP router directly though.

    Key parts of my setup includes

    1. No changes done to ISP router (the default is 192.168.1.1/24 and is NAT enabled)
    2. pfsense LAN setup the config as 192.168.2.1/24
    3. since my pfsense device is a client to ISP router, pfsense got assigned ip of 192.168.1.38 . (i.e. is the WAN ip of pfsense)
    4. I can connect to pfSense perfectly via LAN WebGUI and ssh

    I've tried various settings within pfsense, including

    1. Allowed all connections from LAN/WAN. (firewall allowed all rules)
    2. Tried DHCP server enable/disable via web gui
      3 . Removed NAT settings for WAN and reverted back to automatic.

    Is there anything else to be aware when I do the above connection to get internet connectivity?

    ============================
    Some extra info:
    *** Welcome to pfSense 2.4.4-RELEASE-p3 (amd64) on pf ***

    WAN (wan) -> re0 -> v4: 192.168.1.38/24
    LAN (lan) -> re1 -> v4: 192.168.2.1/24

    WAN interface: Unchecked the boxes to block private and login networks.

    Did checks as per : https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html#Client_Tests

    Failing on

    1. ping test via WAN (8.8.8.8)
    2. ping test via LAN (8.8.8.8)
    3. traceroute

    ============================


  • Netgate Administrator

    First make sure pfSense can connect out itself. Go to Diag > Ping in the GUI. Try to ping 8.8.8.8.
    If that works try to ping google.com.

    If that works try those same tests from a client behind pfSense. if they fail what is the exact error shown?

    Steve



  • cheers Steve. I have done testing as per https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html#Client_Tests

    Many are failures

    1. Ping on 8.8.8.8 via WAN is fail
    2. 8.8.8.8 via LAN is fail
    3. traceroute to pfsense.org is fail etc

    Hence, I was just checking If I need to anything special if I'm configuring using an ISP router?.



  • Edit the wan interface on pfsense and scroll to the bottom. Uncheck the boxes to block private and login networks. Save the settings and see if routed connectivity works from the lan clients.



  • @pfsvrb . thanks. yes, i've done that too. But still no internet, no ping

    (Also updated to my original post to reflect this test)


  • Netgate Administrator

    What is the error when it fails to ping 8.8.8.8 from WAN?

    Check the routing table in Diag > Routes. Make sure there is a default route present.

    If there is not go to System > Routing and select the WAN GW as IPv4 default rather than 'automatic'. Recheck the routing table.

    Steve


  • Netgate Administrator

    @pfsvrb said in No internet connectivity from LAN (ISP router -> pfsense -> client):

    Edit the wan interface on pfsense and scroll to the bottom. Uncheck the boxes to block private and login networks. Save the settings and see if routed connectivity works from the lan clients.

    There is no need to do that. You should never need to to unblock bogon networks.

    You only need to unblock private networks if you are connecting to the WAN from a private subnet. So it you have a client connected to the ISP router directly and were accessing the pfSense GUI using it's WAN IP for example. That traffic is blocked by default anyway.
    Having the WAN in a private subnet does not prevent outbound connections with that still checked.

    Steve



  • @stephenw10 Thank you. I have moved in similar lines, but it seems

    1. I have to configure a Gateway. This may be in contrast to what pfsense said in the field text "On local area network interfaces the upstream gateway should be "none"", I assumed ,I don't need to create a Upstream gateway. So i've created this
    2. Also, after creating the gateway, I've changed the Fireall -> NAT -> Outbound to Automatic outbound NAT rule generation.

    These two changes made it work. Thanks again


Log in to reply