Azure Internet not working

NAT
Log in to reply
  • M

    Hello - relatively new to PFSense. I wanted to build myself a lab in Azure and PFSense seemed the perfect fit for this as I could run it on a small sized VM in Azure.
    I followed a few online articles. But basically I built the Firewall locally in HyperV. Logged in and setup some basics settings like names. Set both LAN and WAN interfaces to DHCP.
    Uploaded the VHD file to Azure and created an image into my already in place VNET.

    So my details are:

    VNET = 10.61.0.0/16 VNET Address Space
    PUBLIC FACING Subnet = 10.61.254.0/24
    LAN FACING Subnet = 10.61.255.0/24

    PFSENSE 2.4.5-RELEASE (amd64) Community.
    WAN 10.61.254.4 (DHCP)
    LAN 10.61.255.4 (STATIC)

    In Azure to control my traffic Flow I have the following place to forward 0.0.0.0/0 to the PFSense Lan 10.61.255.4
    I have enabled IP fordwing on both NICs in Azure for PfSense VM.

    WHAT IS WORKING
    I can get to the PFSense Admin page both from a VM in Azure and External across the internet onto the WAN interface
    SSH is all working.
    Routing is all fine. I can ping all interfaces from each VM.
    I have setup inbound connections and it seems to work fine. I can NAT from my public IP in Azure and PAT to the internal servers using a custom port to 3389 RDP.
    I do see traffic from all subnets showing up in Status > System Logs > Firewall > Normal View

    THE ISSUE
    My VM's in Azure have no internet access
    I can perform NSLookups to external host names no issue. If I try to browse to say bbc.co.uk I see the following in the Diagnostics > States

    I can ping from WAN interface to say BBC.com
    PING bbc.com (151.101.0.81) from 10.61.254.4: 56 data bytes
    64 bytes from 151.101.0.81: icmp_seq=0 ttl=56 time=1.376 ms
    64 bytes from 151.101.0.81: icmp_seq=1 ttl=56 time=1.502 ms
    64 bytes from 151.101.0.81: icmp_seq=2 ttl=56 time=3.982 ms

    LAN is failing:
    PING bbc.com (151.101.64.81) from 10.61.255.4: 56 data bytes
    Time to live exceeded
    Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
    4 5 00 0054 118c 0 0000 01 01 c725 10.61.255.4 151.101.64.81
    Time to live exceeded
    Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
    4 5 00 0054 ae1c 0 0000 01 01 2a95 10.61.255.4 151.101.64.81
    Time to live exceeded
    Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
    4 5 00 0054 32bd 0 0000 01 01 a5f4 10.61.255.4 151.101.64.81

    Tracert on WAN to BBC.com
    1 * * *
    2 * * *
    3 * * *
    4 * * *
    5 * * *
    6 * * *
    7 * * *

    Tracert on LAN to BBC.com
    Goes in a loop:
    1 10.61.255.4 0.339 ms 0.431 ms 0.316 ms
    2 10.61.255.4 0.399 ms 0.439 ms 0.746 ms
    3 10.61.255.4 0.765 ms 0.848 ms 0.769 ms
    4 10.61.255.4 0.718 ms 1.093 ms 0.804 ms
    5 10.61.255.4 1.345 ms 0.852 ms 0.896 ms
    6 10.61.255.4 1.041 ms 1.037 ms 0.858 ms

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy