Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Azure Internet not working

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 247 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mukeshravji
      last edited by

      Hello - relatively new to PFSense. I wanted to build myself a lab in Azure and PFSense seemed the perfect fit for this as I could run it on a small sized VM in Azure.
      I followed a few online articles. But basically I built the Firewall locally in HyperV. Logged in and setup some basics settings like names. Set both LAN and WAN interfaces to DHCP.
      Uploaded the VHD file to Azure and created an image into my already in place VNET.

      So my details are:

      VNET = 10.61.0.0/16 VNET Address Space
      PUBLIC FACING Subnet = 10.61.254.0/24
      LAN FACING Subnet = 10.61.255.0/24

      PFSENSE 2.4.5-RELEASE (amd64) Community.
      WAN 10.61.254.4 (DHCP)
      LAN 10.61.255.4 (STATIC)

      In Azure to control my traffic Flow I have the following place to forward 0.0.0.0/0 to the PFSense Lan 10.61.255.4
      I have enabled IP fordwing on both NICs in Azure for PfSense VM.

      WHAT IS WORKING
      I can get to the PFSense Admin page both from a VM in Azure and External across the internet onto the WAN interface
      SSH is all working.
      Routing is all fine. I can ping all interfaces from each VM.
      I have setup inbound connections and it seems to work fine. I can NAT from my public IP in Azure and PAT to the internal servers using a custom port to 3389 RDP.
      I do see traffic from all subnets showing up in Status > System Logs > Firewall > Normal View

      THE ISSUE
      My VM's in Azure have no internet access
      I can perform NSLookups to external host names no issue. If I try to browse to say bbc.co.uk I see the following in the Diagnostics > States

      I can ping from WAN interface to say BBC.com
      PING bbc.com (151.101.0.81) from 10.61.254.4: 56 data bytes
      64 bytes from 151.101.0.81: icmp_seq=0 ttl=56 time=1.376 ms
      64 bytes from 151.101.0.81: icmp_seq=1 ttl=56 time=1.502 ms
      64 bytes from 151.101.0.81: icmp_seq=2 ttl=56 time=3.982 ms

      LAN is failing:
      PING bbc.com (151.101.64.81) from 10.61.255.4: 56 data bytes
      Time to live exceeded
      Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
      4 5 00 0054 118c 0 0000 01 01 c725 10.61.255.4 151.101.64.81
      Time to live exceeded
      Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
      4 5 00 0054 ae1c 0 0000 01 01 2a95 10.61.255.4 151.101.64.81
      Time to live exceeded
      Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
      4 5 00 0054 32bd 0 0000 01 01 a5f4 10.61.255.4 151.101.64.81

      Tracert on WAN to BBC.com
      1 * * *
      2 * * *
      3 * * *
      4 * * *
      5 * * *
      6 * * *
      7 * * *

      Tracert on LAN to BBC.com
      Goes in a loop:
      1 10.61.255.4 0.339 ms 0.431 ms 0.316 ms
      2 10.61.255.4 0.399 ms 0.439 ms 0.746 ms
      3 10.61.255.4 0.765 ms 0.848 ms 0.769 ms
      4 10.61.255.4 0.718 ms 1.093 ms 0.804 ms
      5 10.61.255.4 1.345 ms 0.852 ms 0.896 ms
      6 10.61.255.4 1.041 ms 1.037 ms 0.858 ms

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.