No LAN internet...



  • SG-1000, re installation. Latest version of pfSense....WAN is Netgear LB1120, ATT cellular bridged with latest firmware. pfSense is set to DHCP on WAN and sees the outside IP passed on by the modem...pings everything from the gui. Anything connected to the lan has no connectivity beyond the pfSense box. Default rules on WAN and LAN. I feel like this has gotta be something simple but I'm 2 weeks into it on and off and need a hand....


  • LAYER 8

    try to ping 8.8.8.8 from a pc, if you are able to ping that, it's probably a dns resolver/forwarder problem
    if not we need more information about your network to be able to help



  • Thanks for the reply! I will try it later today...the modem is set to 192.168.1.1 pulls an iP and passes it to SG-1000each time and pfSense set to 192.168.1.2. both on 255.255.255.0.....Nothing else attached yet since I can't get it to work for me!


  • LAYER 8 Global Moderator

    And what is the network on your LAN side, pfsense default to 192.168.1 as well - so yeah that wouldn't work.



  • Network on the lan side of pfSense box is set to 192.168.1.2....the modem usually pulls an IP like 10.XXX.XXX.XXX and passes it to pfSense....


  • LAYER 8 Global Moderator

    So your pfsense wan gets a 10.x.x.x/? address.. And from the wan of pfsense you can ping say 8.8.8.8?

    ping.png

    And lan side of pfsense is 192.168.1.1/24 - that is its address. Not sure why you would of changed your pfsense to 192.168.1.2?

    So you set this lan device to 192.168.1.2/24 and it can ping pfsense lan IP 192.168.1.1? Which is also set as this devices gateway.. Are you setting this device IP static, or you letting it get dhcp from pfsense? But your saying it can not ping 8.8.8.8?

    Did you dick with outbound nat, did you setup some vpn? Or is dns just not working?

    Your on some sort of cell connection? I guess its possible that they are messing with resolving of dns - which is what pfsense does out of the box. Can pfsense resolve stuff?

    dns.png



  • This is a new install....dicked with nothing but setting a fixed IP for accessing the GUI. No settings changed. And yes cellular connection....I'm lost on your reference to pinging pfsense lan IP 192.168.1.1? It doesn't matter if my laptop gets a DHCP lease from pfsense or I set it static, I cannot get connectivity past the pfsense box. I can get to the gui but cannot get the modem or internet.


  • LAYER 8 Global Moderator

    Well does pfsense have internet access? You can get to the gui, so do the ping test I showed. Hard for the clients behind pfsense to get to internet if pfsense can not.



  • Will try now.....have to go reset the modem and hook it all up. Like I said this is my only connection....lol. I will reply back in a while! Thanks!



  • And yes pfsense has access. I can ping anything when its all set up but only from the gui....



  • Ok, well no problem pinging 8.8.8.8 or resolving addresses from the gui. Just no internet to any machine connected to pfsense....removed all firewall rules from WAN just to check. Still nope.



  • Turned off all NAT and Firewall rules in advanced settings, still no internet so this must be an addressing issue but I'm lost now.


  • Netgate Administrator

    Seems likely you have 192.168.1.0/24 on both sides of the SG-1000 somehow.

    the modem is set to 192.168.1.1

    What exactly is set to 192.168.1.1? What is the pfSense LAN IP set to?

    Steve


  • LAYER 8 Global Moderator

    @mebelowsea said in No LAN internet...:

    Turned off all NAT and Firewall rules in advanced settings,

    And why would you think that could of possibly worked??

    You can not have the same networks on your wan and lan... Pfsense wan is what? What is the lan.. show via your interface status..

    example

    interfaces.png

    You didn't remove the default lan rules did you?

    lanrules.png


  • Netgate Administrator

    Ooops, missed that! Yeah if you disable pf in the advanced settings that disables NAT and you need outbound NAT for any connection to work from the internal private subnet.

    Steve


Log in to reply