pfsence no NAT subnet alocated by ISP
-
Hello to all.
At the moment i have an TP Link AC1900 with NAT disabled as i get a subnet class ( 8 Internet IP's ) from my ISP so i got on the router ( WAN ) the main IP and submask + Gateway and DNS servers then on ( DHCP ) side i got the subnet IP alocation with a diffrent IP/subnetmask/gateway and same DNS servers.
What im trying to do is to replace de router with the pfsense and do the same thing plus keep the firewall as i have a good spec PC that i can push to 1 GB conection speed however on tp link i only get 400 mbps due to nat boost been off and no longer having the router to do the NAT.
So i have installed pfsense and set it up, however i turned off Firewall > NAT on the Outbound tab , set the wan side with all the details provided by ISP and on the lan side i set the dhcp with the details provided by ISP.
At the moment i can ping wan side an internet address but i can not ping from the lan side.
Schematic.
pfsense address wan side ( IP 5.2.x.x - mask 255.255.255.0 - gateway 5.2.x.1 - dns 1 dns 2)
pfsense address lan side ( IP 81.x.x.57 -mask 255.255.255.248 - gateway 81.x.x.57 -dns 1 dns2 )
pfsense DHCP ( IP's 81.x.x.57 to 81.x.x.62 mask 255.255.255.248 - gateway 81.x.x.57 dns 1 dns 2)So the lan side i connected to a swich and then connect the devices directly to the internet IP's
But i can not access the internet from lan side , only from wan side. I will be gracefuly to whoever can help me out on finding the correct steps in making this work.
Best Regards.
-
@r3mus said in pfsence no NAT subnet alocated by ISP:
pfsense address lan side ( IP 81.x.x.57 -mask 255.255.255.248 - gateway 81.x.x.57 -dns 1 dns2 )
Best Regards.
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html
https://docs.netgate.com/pfsense/en/latest/nat/outbound-nat.html
https://docs.netgate.com/pfsense/en/latest/interfaces/using-public-ip-addresses-on-an-interface.html
-
When you connect a client on the LAN side do they get an IP in the correct subnet via DHCP?
What firewall rules do you have on LAN? The default rule should allow out that traffic if you have not changed it.
Check the pfSense routing table in Diag Routes, do you have default route shown? If not make sure the WAN gateway is set as default in General > Routing.
Steve
-
Thanks all for the answers. I have actualy gone through pfsense book and found what i need it .
- https://docs.netgate.com/pfsense/en/latest/book/routing/routing-public-ip-addresses.html?highlight=routing%20public%20ip
It saved my life and work like a charm . Question , does pfsense has a antivirus package or mail antivirus ?
-
The only package currently available is ClamAV which is part if the Squid package. It can scan cached http(s) traffic.
Steve