No internet acces via pfsense from a subnet behind a routing server



  • I have a routing server behind the pfsense system and
    I can not access the internet from the client in a subnet of the routing server.
    The routing on the routing server is on.

    The routing server has one interface in the psense LAN and one interface in the dedicated subnet.

    WANNET pfsense = Internet IP address
    LANNET pfsense 10.16.16.0/20 IP=10.16.31.254
    static route on pfsense 10.10.22.0/24 via 10.16.18.1

    LANNET routing server 10.16.16.0/20 IP=10.16.18.1
    SUBNET routing server 10.10.22.0/24 IP=10.10.22.2
    default gateway 10.16.31.254

    SUBNET client 10.10.22.11
    default gatway 10.10.22.2

    On the pfsense I can make a ping to the client 10.10.22.11
    On the client I can make a ping to any host in the network 10.16.16.0/20
    (e.g. ping 10.16.16.2)

    Because the client use the LAN address of the pfsense as the DNS server address,
    the client can mak an nslookup for any internet address.

    But I can not access the web address of google in my browser on the client.

    All clients in the LAN network 10.16.16.0/20 have no problems to access
    the internet pages.

    Any idea or solution ?



  • Since the subnet 10.10.22.0/24 isn't defined on pfSense itself, it doesn't create an outbound NAT rule automatically for it.
    So you have to switch the outbound NAT into the hybrid mode and add a outbound NAT rule for the subnet to the WAN interface.



  • The hybrid mode is already on.

    I have found an already created auto rule.

    WAN 127.0.0.0/8 ::1/128 10.10.22.0/24 10.10.23.0/24 10.16.16.0/20 192.168.8.0/24 10.0.10.0/24 * * * WAN address * Auto created rule

    I have add the following extra mapping

    WAN 10.10.22.0/24 * * * WAN address *

    But it does not work.



  • So the outound NAT rule for 10.10.22.0/24 was already added automatically:
    @arosoft said in No internet acces via pfsense from a subnet behind a routing server:

    WAN 127.0.0.0/8 ::1/128 10.10.22.0/24 10.10.23.0/24 10.16.16.0/20 192.168.8.0/24 10.0.10.0/24 * * * WAN address * Auto created rule

    What do the filter rules look alike on pfSense LAN interface. Is the upstream traffic allowed from 10.10.22.0/24?

    To investigate, ensure to allow ping to the internet and try a ping to 8.8.8.8 and also to google.com to rule out DNS issues.



  • @viragomann

    The LAN rules has this content

    States Protocol Source Port Destination Port Gateway Queue Description
    1 /1.16 GiB * * * LAN Address 10443,80,22 * * Anti-Lockout Rule

    4.203 K/11.99 TiB IPv4* LAN net * * * * none Default allow LAN to any



  • SOLVED

    The following LAN rule solved the problem

    StatesProtocol Source Port Destination Port Gateway Queue Schedule Description
    66/4.92 MiB IPv4* 10.10.122.0/24 * * * * none

    Thanks to viragoman !!!


Log in to reply