Internal Test Setup Help
-
Do I have a NAT problem here?
Comcast modem with static public IP (not bridged) with four eth ports (no DHCP) and LAN IP: 192.168.0.1 (LAN GW).
One eth feeds the LAN switch to local PCs. One eth feed pfSense. All LAN PCs are 192.168.0.x/24.pfSense
WAN: 192.168.0.200/24
LAN: 192.168.10.1
GW: 192.168.0.1Test PC:
IP: 192.168.10.100/24
GW: 192.168.10.1PC can login to pfSense and can ping domains and IPs. PC can administer pfSense and dashboard shows all is well but cannot access internet. Logs show nothing but blocked WAN traffic.
If this is a NAT problem, can anyone suggest a solution? If it is NOT, can someone offer guidance on how to setup a test scenario inside my LAN?
Thanks....
-
@TopperTom Post your firewall and nat rules.
Probably you need nat, or you need to configure the comcast modem about te gateway for 192.168.10.0/24 at 0.200 -
I realized that trying to setup a test configuration in a /24 network wasn't going to work as I kept being flooded with broadcast traffic from the LAN. I've since subnetted my LAN into /25 segments which I hope give me cleaner logs. Something like this....
My setup is straight outa the box. I've not created any rules. Watching/reading had led me to believe that my traffic problem is probably related to not having NAT setup correctly.
Here are my rules....
Thanks for the help!
Tom -
@TopperTom How on earth this will EVER work?
modem lan is on 192.168.0.0/25 ie from 0 to 128
and your wan address is 192.168.0.192/27..
so what do you expect?
Move the wan address inside 192.168.0.0/25 range and it will happen.p.s. instead of subnetting and double nat, consider adding a route at comcast router..
-
Obviously it WON'T work but perhaps I didn't explain my problem clearly (easy to get overwhelmed with all this)
pfSense can ping IP and domains from console and dashboard so I know that traffic is getting through the Comcast. However my logs are so full of broadcast traffic its hard to sort it all out - hence the idea of subnetting. The PC connected to pfSense however does not receive any ping returns.
I'll work more on your suggestions.
Thanks.
-
Pfsense shouldn't be able to ping the internet. Something is not right in your config
And why so much broadcast traffic? -
@TopperTom said in Internal Test Setup Help:
Logs show nothing but blocked WAN traffic.
What does that mean exactly?
can ping domains and IPs
But you can not load a website? like pfsense.org?
What exactly is pfsense running on? Your original setup seems fine.. As to logging lots of noise - can you post up some of this noise? You mention broadcast..
What you did after your original drawing is just nonsense... You know if there is lots of noise you can just turn off logging the noise..
