No internet connectivity.

tech2

Greetings! The overall task is to achieve this topology, maybe the whole picture of it will help someone understand faster what is needed to fix.

network schema (Copy)(1).png

But I'm here to seek help for my first pfsense setup. I'm a novice here and know very little about routing/firewall rules.

We have a dedicated server with one NIC, for example with this IP 88.66.77.88
On the server, proxmox is installed with pfSense VM configured and other VM on the same subnet as pfSense LAN(10.10.10.1/24) to get into WebGUI.
Firewall in proxmox doesn't have any rules

Here is the configuration of pfsense VM:

Proxmox network configuration file looks like this.

auto lo
iface lo inet loopback

auto eno0
iface eno0 inet manual

auto enp3s0f1
iface enp3s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
address 88.66.77.88/24
gateway 88.66.77.1
bridge-ports eno0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 10.10.10.1/24
bridge-ports enp3s0f1
bridge-stp off
bridge-fd 0

The issue right now is that there is no internet connectivity on pfSense. For some reason, my pfsense WAN interface got local IP address 10.3.8.28 with DCHP upon the first configuration, which is a bit strange for me.

I have tried to assign this IP to WAN 88.66.77.88, but it didn't workout.
Pinged to 8.8.8.8 from WAN and LAN on pfSense gui, with the WAN set by DCHP and with static 88.66.77.88

Please help me understand what in our case WAN IP address should be as I am a bit confused.
Do we need public IP subnets for this or is there something else?
As I understand pfSense creates rules to pass traffic from LAN to WAN by default. So as I understand in my case, I would only require to uncheck "Block private networks and loopback addresses" on WAN, if the WAN and LAN are configured correctly. (Correct?)

Hope I laid out everything. Please let me know if I missed sharing something important, will try to reply asap.
Huge thanks in advance:)

viragomann

@tech2 said in No internet connectivity.:

I have tried to assign this IP to WAN 88.66.77.88, but it didn't workout.

This IP is assigned to Proxmox already. So it cannot be used on pfSense as well.

You have assigned 88.66.77.88/24 to Proxmox, so obviously you own the subnet 88.66.77.0/24.
And from your diagram, I assume that you own also the 88.66.78.0/24 subnet.

So assign any of your public IPs to pfSense WAN and state the proper gateway.

Apart from this pfSense shows it pulled its WAN IP from a DHCP. So obviously your running a DHCP server on Proxmox. If this is really a bridged public WAN, you should not do that at all.

Further you should remove the IP from vmbr1 in Proxmox. It doesn't need any.

tech2

@viragomann Thank you for information.
Did a factory reset. We assigned 88.66.78.10 for pfsense WAN, gateway as 88.66.78.1
We were able to ping the gateway IP, but were unable to ping anything else apart from 10.10.10.1 which is assigned to pfsense. 10.10.10.2 - VM in the LAN interfaces can't be pinged too

As I'm aware pfsense has it's NAT configured by default.
But it seems like something is blocking traffic. Tried creating 1to1 NAT rule, just to see if it work, but it didn't.

viragomann

@tech2 said in No internet connectivity.:

We were able to ping the gateway IP, but were unable to ping anything else apart from 10.10.10.1

From where?

Tried creating 1to1 NAT rule, just to see if it work, but it didn't.

This might be quite useless, since both, the destination and target IP are assigned to pfSense itself.
Such a NAT rule only makes sense if there is a service running on pfSense listening on one interface IP, so you can forward access from the other interface to get the service accessible from both sides.

tech2

@viragomann said in No internet connectivity.:

From where?

From WAN(88.66.78.10) pinged gateway 88.66.78.1
From LAN(10.10.10.1) pinged itself, but can't ping VM that has 10.10.10.2

viragomann

@tech2 said in No internet connectivity.:

From LAN(10.10.10.1) pinged itself, but can't ping VM that has 10.10.10.2

Ensure that the network interfaces are configured correctly on both VMs.
Check if they are connected to the same bridge in Proxmox and recheck the IP assignment and the network mask.

What if you go to the other VM and try to ping pfSense LAN at 10.10.10.1.
Check if the allow any rule is still on the LAN tab before.

tech2

@viragomann Hi there !

I will share the full configrutaion we have now, as I'm really lost

VM IDs:
100 (pfsense)
Network device: vmbr0 - WAN, vmbr1 - LAN

1011 (win10 VM in LAN subnet to access PfSense WebGUI)
Network device: vmbr1 - LAN

Network config in proxmox:

auto lo
iface lo inet loopback

auto eno0
iface eno0 inet manual

auto enp3s0f1
iface enp3s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
address 88.66.78.9/24
gateway 88.66.78.1
bridge-ports eno0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
bridge-ports none
bridge-stp off
bridge-fd 0

I did the factory reset of pfsense, this is what it configured by default.

I have not installed or configured DHCP on Proxmox, idk why is it pulling local IP adress, which is always the same(noticed after multiple factory resets)

This is how it looks after setup

We now a have Public Ip subnet that is assigned to our host server. So we changed the management IP for Proxmox in order for it to be in the same subnet as pfsense

Proxmox address: 88.66.78.9
pfSense address: 88.66.78.10
Netmask: 255.255.255.248
Gateway: 88.66.78.1

Default LAN rules are active

Unchecked "block private networks" on WAN

Ping:
From 88.66.78.10(WAN) pings 88.66.78.1(WANs gateway); cannot ping 8.8.8.8
From LAN pings 10.10.10.1(pfSense itself), cannot ping 8.8.8.8 | 10.10.10.2(VM on LAN subnet)

viragomann

@tech2 said in No internet connectivity.:

Network config in proxmox:
auto vmbr0
iface vmbr0 inet static
address 88.66.78.9/24
gateway 88.66.78.1

We now a have Public Ip subnet that is assigned to our host server. So we changed the management IP for Proxmox in order for it to be in the same subnet as pfsense

Proxmox address: 88.66.78.9
pfSense address: 88.66.78.10
Netmask: 255.255.255.248
Gateway: 88.66.78.1

So why did you set a /24 in Proxmox, but state then a /29?

If you configured the WAN on pfSense with 88.66.78.9/29, the gateway IP 88.66.78.1 would be outside of the WAN subnet and hence pfSense cannot communicate with it.

Unchecked "block private networks" on WAN

If there are only public IP accessing the WAN this is not needed.

tech2

@viragomann said in No internet connectivity.:

So why did you set a /24 in Proxmox, but state then a /29?

This was just my writing error, there /29 set in proxmox.

Anyway, my issue is fixed.
The issue for me was that I kept skipping "Upstream Gateway" configuration upon pfsense first setup, though it was exactly what I was missing.

Thank you for giving me extra knowledge