Intenet is not accessible using PFsense
-
Yes but the first and second cards are connected to nexus switches while the fourth card is not.
I tested different cables but the same thing.Yes ,I can ping 8.8.8.8 from pfsense shell and the IP is set on 192.168.1.1
-
@emad4 said in Intenet is not accessible using PFsense:
I can not ping the gateway from PFsense and also ping to 8.8.8.8 from pfsense is not successful
So how is that different to that? What were you doing that failed?
It shouldn't make any difference where you ping from internally since you have auto outbound NAT set. All traffic appears to come from the WAN IP.
Setting the source to the WAN should always work as it's in the same subnet as the gateway.
Steve
-
Almost everything is default
I don't know what shall I do -
Well if you can't ping the gateway from pfSense then either the gateway is not responding or pfSense is not actually connected to it.
Does the gateway appear in the pfSense ARP table?
-
@stephenw10
Concerning the gateway , it is working correctly because when I use the cisco router instead of PFSesne , the ping to gateway is ok.
but as you said , perhaps the pfsense is not connected to gateway, and that led me to a fact which is , there is a cisco switch between the pfsense and the gateway(ISP) and there are some configuration on it , so maybe the problem from there?
concerning the ARP table , I need to check that. -
@emad4 said in Intenet is not accessible using PFsense:
there is a cisco switch between the pfsense and the gateway(ISP) and there are some configuration on it , so maybe the problem from there?
Certainly could be. If it's not in the ARP table it's never going to work. And that is a layer 2 problem at least.
-
I discovered that ping between pfsense and gateway of isp is ok. (I was wrong before because I said ping is not ok bt pfsense and isp gateway)
Also ping from pfsense to 8.8.8.8 is ok
Ping from any lan to pfsense wan ip is OK
But ping from any lan to gateway isp is not successful. -
Ok, that implies there is no route back which probably means outbound NAT is not being applied.
Start a ping to the gateway from some internal client that fails. Then check the state table.
You should see two states created, on the internal interface and on the WAN interface. The on the WAN should show NAT as it leaves.
Steve
-
Reviewing the above screenshots you posted you have, for some unknown reason, obscured your internal private IP range, But it looks like the automatic outbound rules only cover the LAN subnet and local /30 transport subnets.
Switch to hybrid mode, add rules to cover other traffic. That could be one rule for all local 10. subnets.Steve
-
Okay , I will switch to hybrid mode and will give the result, but how I can add a rule to cover all the subnets , I think I have approximately 24 subnets, is it something like 0.0.0.0 0.0.0.0 next-hop-ip.
Note: I did not change anything in nat and I left it as default.
-
Moreover, how to check that pfsense is sending the back route to cisco switches , ospf is enabled on all devices including but how I can make pfsense redistribute routes via ospf, I remember I checked an option under the title redistribute in ospf setting and don't know if that was enough .
-
If they are all 10.x.x.x as shown in your diagram you can just use 10.0.0.0/8. That's probably a wider subnet than you need though. Better to specify the minimum subnet size to cover them.
Steve
-
Check OSPF status on the switches to see if pfSense is advertising a default route.
Or just try to connect out from a client and see if that traffic is passed in pfSense.
St5eve
-
Sorry , I was busy these days
I will do it
Thank you Steve