Do I need a Route from Lan to WAN
-
Hello,
I have been looking for the solution for 3 hours now, I hope you can help me here.
I am in the process of setting up pfSense for the first time. I can access the internet with the firewall machine itself, but not via the LAN interface. And I don't know what the problem is. I wonder if I need to create a routing rule for this? Sorry if any information is missing.Chriss
-
@chriss199815 Is NAT configured for WAN?
Firewall, NAT, Outbound. There should be rules there. Take a look at the mode, I would start by clicking "automatic outbound" then click save.
ETA: Your LAN clients, should have a default route pointing to the LAN-side interface of the pfSense device as the gateway. -
@chriss199815 also did you edit the default lan rules - by default that would be an any any rule.
Out of the box it should just work.. Unless as mentioned your clients are not pointing to pfsense as their gateway. Possible issue is dns not work? Can your clients resolve say www.google.com ?
-
@johnpoz
Hello, yes it was the Gateway. I now realised that the DHCP server is not working. I attached screenshots of the configuration. Google Drive
And most importantly thank you. For you quick help. -
Shuld I reask that Question in DHCP Thred?
-
@chriss199815 if the pfsense device is intended to be the gateway for all LAN clients (basically all traffic from a LAN client to the Internet), then the gateway box should be blank/empty.
The clients should then point to the pfSense LAN interface as their gateway on the default route.
-
@chriss199815 said in Do I need a Route from Lan to WAN:
I now realised that the DHCP server is not working
How is that.. Your clients do not get an IP from dhcp server on pfsense?
I am with @mer here - why are you putting in a gateway, and then blocking us from seeing it? Typically that would be left blank and dhcp on pfsense would point the clients to the IP the dhcpd is running on, ie pfsense IP address on that network/vlan
I also question why you would use 10/8 as a network? Do you have 65K some clients? Use of such mask makes really no sense on a internal network segment. /8 would be more used as a summary route, or maybe a firewall rule mask, etc. It makes little sense that you would use up all of that rfc1918 network for 1 segment.. 10.0.0/24 would make more sense - or if you have a lot of clients maybe a /23 or /22 - but all of the 10 space for 1 network segment.. Sorry but that is just borked..
Did you actually take a picture of your screen with your phone? And also why not just attach the images here.. Making people jump through hoops to see the pictures is not good..
-
@johnpoz said in Do I need a Route from Lan to WAN:
How is that.. Your clients do not get an IP from dhcp server on pfsense?
Yes its Exactly that. Thay also don't get an IP, DNS Settings or a Subnet Mask.
As to why I use the Big network. Yes I don't need that big of a network, I use it to segregate the Network in a clean fasson.Thanks
Chris -
@chriss199815 Silly question, but are you sure your LAN clients can physically get to the pfSense device? Is there anything in the way that may be dropping the DHCP requests? Have you tried taking a single machine, say a laptop, plugging it directly into the LAN port on the pfSense device and see what happens? Aside from the Gateway field, I think the DHCP server on LAN should be working as long as you've told it to Apply Changes and you don't have any rules anywhere that may be blocking inbound DHCP requests.
-
@chriss199815 said in Do I need a Route from Lan to WAN:
I use it to segregate the Network in a clean fasson.
That would be accomplish with say 10.0.0/24 and 10.0.1/24, or say 10.0.0/24 and 172.16.0/24 ;)
What ya going to do if you use 10/8 and 192.168/16 and 172.16/12 for your 3 segments if you happen to need a 4th segment ;)
rfc1918 is huge amount of space - but not so much if you use up one of the 3 network ranges on 1 segment...
Well if your clients are not getting dhcp from pfsense, it would indicate they are not actually connected to a pfsense network - and then yeah that would explain why they can not get to the internet through pfsense ;)
So you see no dhcp discover in pfsense logs? How exactly do you have pfsense and clients connected to your network? Is there some VM involved?
