4. Internal Test Setup Help

Internal Test Setup Help

  • T

    Do I have a NAT problem here?

    Comcast modem with static public IP (not bridged) with four eth ports (no DHCP) and LAN IP: 192.168.0.1 (LAN GW).
    One eth feeds the LAN switch to local PCs. One eth feed pfSense. All LAN PCs are 192.168.0.x/24.

    pfSense
    WAN: 192.168.0.200/24
    LAN: 192.168.10.1
    GW: 192.168.0.1

    Test PC:
    IP: 192.168.10.100/24
    GW: 192.168.10.1

    PC can login to pfSense and can ping domains and IPs. PC can administer pfSense and dashboard shows all is well but cannot access internet. Logs show nothing but blocked WAN traffic.

    pfsense.png

    If this is a NAT problem, can anyone suggest a solution? If it is NOT, can someone offer guidance on how to setup a test scenario inside my LAN?

    Thanks....

    0
    N
     1 Reply
  • N

    @TopperTom Post your firewall and nat rules.
    Probably you need nat, or you need to configure the comcast modem about te gateway for 192.168.10.0/24 at 0.200

    0
  • T

    I realized that trying to setup a test configuration in a /24 network wasn't going to work as I kept being flooded with broadcast traffic from the LAN. I've since subnetted my LAN into /25 segments which I hope give me cleaner logs. Something like this....
    pfSense (1).png

    My setup is straight outa the box. I've not created any rules. Watching/reading had led me to believe that my traffic problem is probably related to not having NAT setup correctly.

    Here are my rules....
    Firewall rules.png NAT rules.png

    Thanks for the help!
    Tom

    0
    N
     1 Reply
  • N

    @TopperTom How on earth this will EVER work?
    modem lan is on 192.168.0.0/25 ie from 0 to 128
    and your wan address is 192.168.0.192/27..
    so what do you expect?
    Move the wan address inside 192.168.0.0/25 range and it will happen.

    p.s. instead of subnetting and double nat, consider adding a route at comcast router..

    0
  • T

    Obviously it WON'T work but perhaps I didn't explain my problem clearly (easy to get overwhelmed with all this)

    pfSense can ping IP and domains from console and dashboard so I know that traffic is getting through the Comcast. However my logs are so full of broadcast traffic its hard to sort it all out - hence the idea of subnetting. The PC connected to pfSense however does not receive any ping returns.

    I'll work more on your suggestions.

    Thanks.

    0
  • N

    Pfsense shouldn't be able to ping the internet. Something is not right in your config
    And why so much broadcast traffic?

    0
  • LAYER 8 Global Moderator

    @TopperTom said in Internal Test Setup Help:

    Logs show nothing but blocked WAN traffic.

    What does that mean exactly?

    can ping domains and IPs

    But you can not load a website? like pfsense.org?

    What exactly is pfsense running on? Your original setup seems fine.. As to logging lots of noise - can you post up some of this noise? You mention broadcast..

    What you did after your original drawing is just nonsense... You know if there is lots of noise you can just turn off logging the noise..

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy