Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Intenet is not accessible using PFsense

    Scheduled Pinned Locked Moved General pfSense Questions
    no internetno ping pfsensepfsense 2.5.2
    25 Posts 2 Posters 4.9k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      emad4
      last edited by stephenw10

      I need help to solve what I can not access internet>

      I have two cisco nexus switches with ospf enabled and I added pfsesne server with 4 cards , one for first Cisco switch and the second card for the second cisco switch and the third card for WAN which goes to Switch then to ISP

      the design as shown below

      
      LAN---Cisco Switch --------
      
                                 --- pfSense ---------WAN---ISP
      
      LAN---Cisco Switch--------- 
      

      I enabled ospf on pfsense and it is working and can see the neighbors and ping is functional from LAN to WAN IP but when I make a ping From any LAN to Gateway of ISP or to 8.8.8.8 , ping is not successful , even the ping from pfsense to ISP gateway is not working

      I need to provide internet service for employees but something is preventing that.

      Note: the fourth card at pfsense is working normally and internet is accessible but this card is not connected to Cisco Nexus switch and is connected from LAN of pfsense to WAN of pfsense.

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        So the LAN subnet(s) are all public routed subnets?

        It sounds like either they should be NAT'd and are not or the upstream router has no route back to LAN. So maybe it's not accepting routes pfSense is sending it or pfSense isn't sending the required routes.

        Steve

        E 1 Reply Last reply Reply Quote 0
        • E Offline
          emad4 @stephenw10
          last edited by emad4

          @stephenw10
          Thank you Steve for reply
          Concerning the static route , I created a static route on pfsense which is 0.0.0.0 /1 . I tried to add 0.0.0.0 0.0.0.0 /0 as in Cisco but I did not find the prefix 0 , I don't know if that will affect or not.

          I added a rule which is 0.0.0.0 via next hop address (gateway of ISP).

          Regarding NAT , I left it and did not make any changes because as I understood, pfsense make it automatically.

          Do I need to add a back route on pfsense for the branches (two LANs)

          Also, how I can redistribute some networks vis OSPF on pfsense?

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            If you left outbound NAT as automatic then pfSense will be NATing the traffic on WAN.
            That would mean the upstream device does not need a route back since it would see all traffic as coming from the pfSense WAN IP.

            But that seems wrong if you're using OSPF and routed subnets.

            Are the subnets marked as LAN using public IPs?

            If not why are you using OSPF?

            You don't have to add a default route (/0) in pfSense like that. It will use the WAN gateway as default anyway.
            A static route for a /1 subnet is almost ways wrong. How exactly have you defined that?

            Steve

            E 1 Reply Last reply Reply Quote 0
            • E Offline
              emad4 @stephenw10
              last edited by

              netwotk design.png @stephenw10
              Hi Steve
              For NAT , I left it as default
              For static route , I did that after many attempts to route the data to ISP , Why I did that because I had an old cisco router and everything was ok until I decided to change it with pfsense, then I tried to add the default route ((0.0.0.0 0.0.0.0) which was existed on Cisco router))to pfsesne, based on that, I did it via GUI of pfsense but I did not find the prefix 0 , so i selected 1

              In other words , how can I add a default route (0.0.0.0 0.0.0.0) like in cisco to pfsense (edge router) via GUI .

              Moreover, I used ospf because the network is very large and I dont want to change anything in the network, just want to exchang the old cisco device (ospf was enabled on it) to pfsense router. Because as I mentioned before , the network was working and internet was available but I decided to put a pfsense router instead of the old cisco router , and when I did that I lost the internet but all the subnets can ping the wan IP of pfsense and ospf is working fine between the subnets and the two nexus swithces and pfsense router.

              Finally , please find a sample of the attached network design I am talking about.
              Thank you again for helping me

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                So to be clear none of this is public routed subnets? Everything is using private IPs and requires NAT at the edge?

                Check the routing table in Diag > Routes. pfSense should already have a default route and it should be via the ISP gateway, 1.1.1.2 in your diagram.

                If it does not go to System Routing and make sure the WAN gateway is set as default.

                However even if there is no default route or the WAN gateway has not been applied correctly so there's no NAT pfSense itself should still be able to ping 1.1.1.2 because it's directly connected.

                Does the WAN even show as linked? Is that set statically?

                Steve

                1 Reply Last reply Reply Quote 0
                • E Offline
                  emad4
                  last edited by

                  Yes, the subnets are private and Nat is enabled on edge router which is pfsense.
                  The default route is configured which refers to 1.1.1.2 (gateway of ISP)
                  Yes the wan interface is configured statically and when I connect it to switch which goes to isp, it shows up .

                  is it possible the problem from DNS?

                  I took some snapshots and will sent them soon.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    And yet from pfSense you cannot ping the gateway?

                    The gateway may not respond to ping of course. Can you ping anything upstream? 8.8.8.8 for example?

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • E Offline
                      emad4
                      last edited by emad4

                      Hi Steve
                      Exactly , I can not ping the gateway from PFsense and also ping to 8.8.8.8 from pfsense is not successful but when I use the fourth card (opt), ping to 8.8.8.8 and gateway are succesful and can browse internet.

                      NOTE: the fourth card is connected directly to latop and I configured it as dhcp and I use also to access pfsense GUI.

                      stephenw10S 2 Replies Last reply Reply Quote 0
                      • E Offline
                        emad4
                        last edited by

                        please find some snapshots for pfsense routerWAN interface.jpg Rules LAN3.jpg Rules LAN2.jpg Rules LAN1.jpg Routing.jpg Routes.jpg NAT.jpg Interfaces.jpg

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator @emad4
                          last edited by

                          @emad4 said in Intenet is not accessible using PFsense:

                          but when I use the fourth card (opt), ping to 8.8.8.8 and gateway are succesful and can browse internet.

                          Exactly how are you 'using' that? How is pfSense configured to use that?

                          Can you ping 8.8.8.8 from the pfSense webgui if you set the IP of the '4th card' as the source?

                          You need to work out why pfSense cannot ping the gateway before doing anything else. That is a basic layer 2 (maybe even layer 1) problem. Nothing else will work until that does.

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • E Offline
                            emad4
                            last edited by emad4

                            Yes but the first and second cards are connected to nexus switches while the fourth card is not.
                            I tested different cables but the same thing.

                            Yes ,I can ping 8.8.8.8 from pfsense shell and the IP is set on 192.168.1.1

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator @emad4
                              last edited by

                              @emad4 said in Intenet is not accessible using PFsense:

                              I can not ping the gateway from PFsense and also ping to 8.8.8.8 from pfsense is not successful

                              So how is that different to that? What were you doing that failed?

                              It shouldn't make any difference where you ping from internally since you have auto outbound NAT set. All traffic appears to come from the WAN IP.

                              Setting the source to the WAN should always work as it's in the same subnet as the gateway.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • E Offline
                                emad4
                                last edited by

                                Almost everything is default
                                I don't know what shall I do

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S Offline
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  Well if you can't ping the gateway from pfSense then either the gateway is not responding or pfSense is not actually connected to it.

                                  Does the gateway appear in the pfSense ARP table?

                                  E 1 Reply Last reply Reply Quote 0
                                  • E Offline
                                    emad4 @stephenw10
                                    last edited by

                                    @stephenw10
                                    Concerning the gateway , it is working correctly because when I use the cisco router instead of PFSesne , the ping to gateway is ok.
                                    but as you said , perhaps the pfsense is not connected to gateway, and that led me to a fact which is , there is a cisco switch between the pfsense and the gateway(ISP) and there are some configuration on it , so maybe the problem from there?
                                    concerning the ARP table , I need to check that.

                                    stephenw10S 1 Reply Last reply Reply Quote 0
                                    • stephenw10S Offline
                                      stephenw10 Netgate Administrator @emad4
                                      last edited by

                                      @emad4 said in Intenet is not accessible using PFsense:

                                      there is a cisco switch between the pfsense and the gateway(ISP) and there are some configuration on it , so maybe the problem from there?

                                      Certainly could be. If it's not in the ARP table it's never going to work. And that is a layer 2 problem at least.

                                      1 Reply Last reply Reply Quote 0
                                      • E Offline
                                        emad4
                                        last edited by

                                        I discovered that ping between pfsense and gateway of isp is ok. (I was wrong before because I said ping is not ok bt pfsense and isp gateway)

                                        Also ping from pfsense to 8.8.8.8 is ok

                                        Ping from any lan to pfsense wan ip is OK
                                        But ping from any lan to gateway isp is not successful.

                                        1 Reply Last reply Reply Quote 0
                                        • stephenw10S Offline
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Ok, that implies there is no route back which probably means outbound NAT is not being applied.

                                          Start a ping to the gateway from some internal client that fails. Then check the state table.

                                          You should see two states created, on the internal interface and on the WAN interface. The on the WAN should show NAT as it leaves.

                                          Steve

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S Offline
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Reviewing the above screenshots you posted you have, for some unknown reason, obscured your internal private IP range, But it looks like the automatic outbound rules only cover the LAN subnet and local /30 transport subnets.
                                            Switch to hybrid mode, add rules to cover other traffic. That could be one rule for all local 10. subnets.

                                            Steve

                                            E 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.