Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Internet on second lan

    Scheduled Pinned Locked Moved Routing and Multi WAN
    13 Posts 5 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DaveB
      last edited by

      Hi
      I am running pfsense 2.4.4 release p3
      Setup is:-
      Wan on igb0 connected by PPPoE to openreach VDSL modem 192.168.1.xxx
      igb1 and igb2 are bridged and provide internet access using openvpn 192.168.2.xxx

      I am trying to set up a second lan on igb4 on 192.168.3.xxx with the aim of providing internet access NOT through VPN.
      When I connect a pc to SecondLan, I get local access - I can logon to pfsense and can ping a computer on 192.168.2.xxx but no internet access.
      Windows 7 troubleshooter reports "Your broadband modem is experiencing connectivity issues" If I connect to igb1 the computer obtains a 192.168.2.xxx address and will connect to the internet.

      I can see the dhcp lease in Status/DHCP leases and can see 192.168.3.0 /24 reported in automatic rules Outbound NAT Mode Hybrid. SecondLan is configured to pass all.

      I connected a router between WAN port and modem and was able to log into it. This suggested to me that data is being passed through the interfaces.

      I am now stumped as my knowledge of pfsense/networking is somewhat less than "sketchy"

      Thanks for any assistance

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Do you have a Default Allow rule on the igb4 interface? Only the first LAN gets such a rule by default. All other added interfaces have no rules and no access.

        1 Reply Last reply Reply Quote 0
        • D
          DaveB
          last edited by

          I believe so.
          Under Firewall/Rules/SecondLan I have
          Protocol IPv4 *
          Source SecondLan net
          Port *
          Destination *
          Port *
          Gateway *
          Queue None

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            Did you modify your outbound NAT rules recently? If your first LAN is working, then usually the extra LANs are a cinch with just the addition of the Default Allow rule.

            1 Reply Last reply Reply Quote 0
            • D
              DaveB
              last edited by

              outbound_nat.png

              These are my current (hybrid) outbound nat rules .
              The automatic rules have obviously changed by the addition of 192.168.3.0/24

              1 Reply Last reply Reply Quote 0
              • kiokomanK
                kiokoman LAYER 8
                last edited by

                can you ping 8.8.8.8 from secondlan ? maybe a dns problem?

                ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                Please do not use chat/PM to ask for help
                we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                1 Reply Last reply Reply Quote 0
                • D
                  DaveB
                  last edited by

                  No I cannot ping 8.8.8.8 from SecondLan.

                  The address of my WAN is given as 146.xxx.xxx.xxx and I can ping that

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    I'm not sure what's going wrong here. I will say that I've had a few cases this week where simply deleting everything and starting again fixed several weird problems.

                    GertjanG 1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      Do you have Don't pull routes checked or unchecked in the purevpn client config?

                      If it's unchecked, check it.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • D
                        DaveB
                        last edited by

                        Well definitely a step forward thank you.

                        Checking don't pull routes does indeed provide internet access on SecondLan. However the computer on igb1 that should be going through my VPN now displays my public IP address.☹

                        Further advice welcome as I am well out of my depth here.

                        1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate
                          last edited by Derelict

                          You have two choices:

                          Disable Don't pull routes and policy route everything you DON'T want to go over the VPN to the WAN Gateway.

                          Enable Don't pull routes and policy route everything you DO want to go over the VPN to the VPN Gateway.

                          When you pull routes from a VPN server they usually push a default route to you (actually two routes 0.0.0.0/1 and 128.0.0.0/1 which covers the IPv4 space in two routes.) This means you need to policy route exclusions to that out the WAN.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan @KOM
                            last edited by

                            @KOM said in No Internet on second lan:

                            I will say that I've had a few cases this week where simply deleting everything

                            Included the fact that there was an "AP" between OPT and the device - pfSense worked well, it was the AP .....

                            @DaveB : what is between your OPT interface and your device - just a cable or some box ?
                            What was the IP the device got using DHCP ?
                            Netmask ?
                            DNS ?
                            Gateway ?

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • D
                              DaveB
                              last edited by

                              I believe I am now sorted.

                              I have left don't pull roots unchecked and in firewall/rules/secondlan advanced options/gateway I chose WAN_PPPoE.

                              I now have internet connection via VPN on igb1 and igb2 and connection not through VPN on igb4 just as I wanted.

                              Many thanks for the help

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.