New pfsense user - cant get routing to run

mabebi · Jan 5, 2020, 7:33 PM

Hi,
I am new to pfsense and I can't get it to run. My machines on the LAN side do not have internet access.

My LAN computers has 90.0.0.0/24 addresses (can not change that easily). I have set the pfsense LAN interface 90.0.0.83 no upstream gateway, this is where all lan computers are connected to.

The WAN interface is connected to my cable modem. The pfsense WAN interface has the address 90.0.1.1, the WANGW Gateway is set to 90.0.1.83 which is the address the cable modem has. Block private/bogon networks is disabled on both networks and I am playing around with routing and firewall options and Gateways and so on not really knowing what i am doing and I can not get any LAN machine to get internet access. What I am doing wrong, where do I have to look, Install wizard did not help and nor any youtbe video or the documentation I have read. I am stuck since two days and I can find the issue which might not be much. If I connect a computer on the WAN side, internet works fine.

I would be even willing to pay(pal) for a payed basic installation support to solve this problem.

Anyone willing to help me?

Salut from Germany,
Markus

kiokoman · Jan 5, 2020, 7:57 PM

you understand that 90.0.0.0/16 is allocated to France Telecom and it's not rfc1918 ?
you should not use it as your wan / lan address for pfsense. i don't want to be rude but "can not change that easily" is bullshit, you have to do that asap and it's probably the source of your trouble as pfsense is not restricting LAN in any way, it's open to everything out of the box, another reason could be if you have DNS forwarding/ DNS Resolver that is not working

mabebi · Jan 5, 2020, 8:04 PM

I know. But this in in my LAN and actually my house is in france and I have setp about 180 LAN devices since about 20years, some of which I can not change their IP address because these are devices (IP webcams) for which I have no admin access. so far the firewall in the cable modem handled all that without problem but I wanted to upgrade to anouter firewall as I need more port forwarding options (NAT), which the cable modem does not has.

It would be very nice if somebody is willing to help me with my existing configuration instead of such critism which does not lead me forward.

As I said I am even willing to pay for it.

Thanks much,
Markus

kiokoman · Jan 5, 2020, 8:39 PM

i told you also to check if dns resolver / dns forwarder is working. maybe you can try to ping something like 8.8.8.8 and see if it answer. if you already did, tell us what you tried, we need more info
you should also know that it is impossible for you to access any website/services present inside 90.0.0.0/24 out of your network

johnpoz · Jan 5, 2020, 8:48 PM

@mabebi said in New pfsense user - cant get routing to run:

As I said I am even willing to pay for it.

Here you go
https://www.netgate.com/support/

If I were to actually charge for the support I gave here, it wouldn't be really any cheaper ;)

first thing going to tell you is this is freaking borked!

My LAN computers has 90.0.0.0/24 addresses (can not change that easily)

Well not the issue of how hard it is or isn't that is clearly not correct... Fix that should be 1st priority..

mabebi · Jan 5, 2020, 8:48 PM

I have tried with both DNS forwarding and also DNS resolver. No chance. When I ping 8.8.8.8 from a LAN PC I get no route to host. I habe also changed the WAN pfsense interface to 10.0.1.1 and the cable modem to 10.0.1.83 but still no success. Can I post here some diagnostic / info page from my pfsense?

kiokoman · Jan 5, 2020, 8:50 PM

yes of course, we actualy need it

mabebi · Jan 5, 2020, 8:55 PM

Which info page shall I post here?

And the paid netgate support is to a mon yearly supscription, I wanted just support to get it up and running that is the most urgent need....

chpalmer · Jan 5, 2020, 9:53 PM

@mabebi said in New pfsense user - cant get routing to run:

I have setp about 180 LAN devices since about 20years

Yep and you did it wrong. Not saying that to be crude but putting Diesel in a gasoline car is also wrong and disastrous.

Set all your devices to use DHCP if they are not already and then it will make it easier with less downtime.

If you are using the service who's IP space you barged in on then the possibility that they are trying to direct traffic the wrong direction for some services always exists.. Or if you have WAN and LAN in the same subnet?? That wont work either. edit- does not look like you do..

You are double NAT'd. Are you able to connect a computer to your modem directly and get out? Did you reboot the modem between some of the changes?

chpalmer · Jan 5, 2020, 9:56 PM

@mabebi said in New pfsense user - cant get routing to run:

more port forwarding options (NAT), which the cable modem does not has.

Also this- You seem to be double NAT'd as I mentioned in my first post. You will have to put your modem in true bridge mode.. or get it to port forward everything to your pfSense box to get anything to work if you are trying to give access from the outside.

Otherwise you will probably be back here asking why its not working. :)

chpalmer · Jan 5, 2020, 10:04 PM

@johnpoz said in New pfsense user - cant get routing to run:

If I were to actually charge for the support I gave here, it wouldn't be really any cheaper ;)

I wonder how much free time people give here sometimes and if they ever add it up??

Easily several thousand dollars worth of free support per day given on this forum.

johnpoz · Jan 5, 2020, 10:09 PM

@chpalmer said in New pfsense user - cant get routing to run:

Easily several thousand dollars worth of free support per day given on this forum.

Understatement of the year ;) hehehe

chpalmer · Jan 5, 2020, 10:28 PM

@mabebi said in New pfsense user - cant get routing to run:

I have also changed the WAN pfsense interface to 10.0.1.1 and the cable modem to 10.0.1.83

Also.. what are your subnet sizes.. /24? /8? /32??