Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No internet acces via pfsense from a subnet behind a routing server

    Scheduled Pinned Locked Moved Routing and Multi WAN
    6 Posts 2 Posters 542 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      arosoft
      last edited by

      I have a routing server behind the pfsense system and
      I can not access the internet from the client in a subnet of the routing server.
      The routing on the routing server is on.

      The routing server has one interface in the psense LAN and one interface in the dedicated subnet.

      WANNET pfsense = Internet IP address
      LANNET pfsense 10.16.16.0/20 IP=10.16.31.254
      static route on pfsense 10.10.22.0/24 via 10.16.18.1

      LANNET routing server 10.16.16.0/20 IP=10.16.18.1
      SUBNET routing server 10.10.22.0/24 IP=10.10.22.2
      default gateway 10.16.31.254

      SUBNET client 10.10.22.11
      default gatway 10.10.22.2

      On the pfsense I can make a ping to the client 10.10.22.11
      On the client I can make a ping to any host in the network 10.16.16.0/20
      (e.g. ping 10.16.16.2)

      Because the client use the LAN address of the pfsense as the DNS server address,
      the client can mak an nslookup for any internet address.

      But I can not access the web address of google in my browser on the client.

      All clients in the LAN network 10.16.16.0/20 have no problems to access
      the internet pages.

      Any idea or solution ?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Since the subnet 10.10.22.0/24 isn't defined on pfSense itself, it doesn't create an outbound NAT rule automatically for it.
        So you have to switch the outbound NAT into the hybrid mode and add a outbound NAT rule for the subnet to the WAN interface.

        1 Reply Last reply Reply Quote 0
        • A
          arosoft
          last edited by

          The hybrid mode is already on.

          I have found an already created auto rule.

          WAN 127.0.0.0/8 ::1/128 10.10.22.0/24 10.10.23.0/24 10.16.16.0/20 192.168.8.0/24 10.0.10.0/24 * * * WAN address * Auto created rule

          I have add the following extra mapping

          WAN 10.10.22.0/24 * * * WAN address *

          But it does not work.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @arosoft
            last edited by

            So the outound NAT rule for 10.10.22.0/24 was already added automatically:
            @arosoft said in No internet acces via pfsense from a subnet behind a routing server:

            WAN 127.0.0.0/8 ::1/128 10.10.22.0/24 10.10.23.0/24 10.16.16.0/20 192.168.8.0/24 10.0.10.0/24 * * * WAN address * Auto created rule

            What do the filter rules look alike on pfSense LAN interface. Is the upstream traffic allowed from 10.10.22.0/24?

            To investigate, ensure to allow ping to the internet and try a ping to 8.8.8.8 and also to google.com to rule out DNS issues.

            A 1 Reply Last reply Reply Quote 0
            • A
              arosoft @viragomann
              last edited by

              @viragomann

              The LAN rules has this content

              States Protocol Source Port Destination Port Gateway Queue Description
              1 /1.16 GiB * * * LAN Address 10443,80,22 * * Anti-Lockout Rule

              4.203 K/11.99 TiB IPv4* LAN net * * * * none Default allow LAN to any

              1 Reply Last reply Reply Quote 0
              • A
                arosoft
                last edited by

                SOLVED

                The following LAN rule solved the problem

                StatesProtocol Source Port Destination Port Gateway Queue Schedule Description
                66/4.92 MiB IPv4* 10.10.122.0/24 * * * * none

                Thanks to viragoman !!!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.