Can't get internet from LAN
-
Hello,
I've spent hours trying to resolve my problem with no success, so I try posting here.
I've a clean fresh install of PfSense 2.6.0 but I can't reach internet with my client on the LAN side. I've already read the troubleshooting guide but none of the options has resolved my pb.
I can ping internet hostnames and address from WAN but not from lan. When I run nslookup google.fr on my client it returns the good ip but i can't ping google.fr or 8.8.8.8.
In the firewall the WAN only has the 2 default rules for 'Block privates networks' and 'Block bogon networks' and the LAN interface has the default allow all rule.My LAN interface has no gateway.
My PfSense is installed in an ESXI VM on a dedicated server. I have an Other PfSense with a similar configuration and this one is working like a charms. Obviously i'm missing something but I can't figure out.
Thank you for your help.
-
@greg6614 Is Outbound NAT set to automatic? I think there was a recent post with that set incorrectly. That would be the default on a new install though.
-
@steveits Yes it's set as automatic
-
@greg6614
It is set to automatic but you don't have any rules listed.
Try to set it to Hybrid, click save, then go back to auto and click save.Or leave it at Hybrid if the auto rules generate.
-
@jarhead said in Can't get internet from LAN:
It is set to automatic but you don't have any rules listed.
That is a good observation that doesn't come through when images don't display in email.:
-
@jarhead @SteveITS You're absolute legends.
It finally works after so many hours. I switched to hybrid then save and then switch back to auto but for some reasons automatic rules does not generate.I checked what kind of rules I should have here in my other instance and add it manually and then now it works.
What are the limitation if I keep it hybrid ?
Thank you again !
-
@greg6614 Not having them auto create is strange behavior. Hybrid keeps the existing auto rules but lets you add your own. It doesn't really matter how they are added, other than order.
-
@steveits Ok I've figured out why Outbound nat rules was not automatically generated. Because I'm on a dedicated server my WAN gateway is not in the same subnet so I was configuring routes directly via shell wich was working well because setting it via the web configurator failed as it seems it only accept gateway within the same subnet.
But this limitation is gone if I configure the gateway directly via the console during 'Assign ip addresses' phase.
Everything working fine now and rules are properly generated.
Thank you both for your help and time.
-
J jimp moved this topic from Problems Installing or Upgrading pfSense Software on
-
Yes, the automatic rules are applied for internal subnets on interfaces which pfSense sees as a 'WAN'. It determines which are WAN interfaces by seeing whether they have a gateway defined on them. Creating a gateway separately that happens to be in the WAN subnet, for example, is insufficient.
This also determines some other things such as route-to and reply-to tagging in a multiwan environment.
What you should really do here is edit the gateway and set 'Use non-local gateway' in the advanced settings. Then assign that to the WAN directly.
Steve
-
@stephenw10 Thank you, I was not aware of the « Use non-local gateway » option but setting the gateway using the cli instead of the web interface seems to automatically detect wether it’s local or not and now it working as expected.
Thank you all for your time of the explanations.
