I'm going mad, no Internet from Client side
-
Hello folks,
I'm new to pfSense and it is installed in the following env:
MacOS as Clients, (LAN & WLAN) connected via LAN to a Cisco SG350 Switch /Router.
Actual only 1 VLAN defined in the 192.168.1.0 network with the .254 Interface on the switch, no DHCP
Default Route: 0.0.0.0 192.168.1.1pfSense is installed as a VM with 4G RAM & 2 Cores on a small quad core Celeron with 8G with FreeBSD /bhyve
The LAN Interface in pfSense has 192.168.1.1 and the WAN Interface has 10.80.180.63 from the Fritz.Box's DHCP.
DHCP Service in pfSense installed with the Range from .51 to .99 and the Mac got the .51
so far so good, but:
From a tty on the pfSense I can go to the shell and ping "google.de" with immediate response, same from Hypervisor.
From the Mac I can ping the physical Interface from the hypervisor (.10) and the vtnet1 in pfSense wich is the GW .1 and also the 10.80.180.63 VTNET0 (virtual WAN Interface)So I can open ssh on the Mac, connect to the Hypervisor and also pfSense. The WUI /WebConfigurator works fine from the Mac, I can install packages und make updates...
... but ping "google.de" and also its IP 142.250.... fails from the Clients and I have no clue why!
trace route from mac ends up to the 192.168.1.1 Gateway of pfSense.
Where is my mistake?
What can I do to let pfSense route Internet requests from clients 1 Step forward to the WAN GW?Any Help will be fine
Thanks & Regards
Thorsten -
@tp147 Sounds like you need some additional Firewall rules so that clients can talk to each other.
-
Thanks JimBob,
but it is new installed from the scratch and from my point of view it comes with a default rule LAN to any and any port ("Default allow LAN ton any rule" in its description)
in addition, due to the ssh connection, I disabled the pfSense:--> pfctl -d
= pf disabled (pf not enabled if I do this in already disabled status)Did I misunderstand the rule or the pfctl switch?
TIA
Thorsten
-
@tp147
Is the outbound NAT (Firewall > NAT > Outbound) in automatic mode?
After a new installation this should be the case though, but maybe you've changed something.
So check if there is also an automatic generated rule for the LAN network on the WAN interface. -
@viragomann said in I'm going mad, no Internet from Client side:
@tp147
Is the outbound NAT (Firewall > NAT > Outbound) in automatic mode?
After a new installation this should be the case though, but maybe you've changed something.
So check if there is also an automatic generated rule for the LAN network on the WAN interface.Hi,
outbound NAT is in automatic mode as well as the automatec generated rules are present, in addition I created further any to any rules on WAN & Lan interface...no way to get Internet through the firewall, which is disabled btw!
I'm afraid there is a very tiny stupid issue I cannot see...Any further ideas from th pros?
Thanks
Thorsten
-
@tp147
Maybe the installation on bhyve needs some specific settings. I'm not familiar with it.
But try to disable hardware checksum offloading in the advanced network settings. -
Thanks for your help so far,
what ever happened during last installation, I reinstalled pfSense and it works now!
As I tried to hack my own firewall and the logs were empty I recon there must be s.th. wrong...And I gonna make a factory reset also on my switch after I made so much, some times stupid, changes on VLANs and routing forward and back...
FYI: I decided to use virtualization, because I'll need a witness Server later on and not to have too much hardware around...
I'm also not familiar to bhyve and not too deep into UNIX, but Installation is quit easy.
UNIX & bhyve needs so little resources, so you can run multiple Servers, web, DB, LDAP ... on one little 4Core Celeron (If you don't have too much users).Thanks again for your support so far, maybe there will come up further questions...
Regards
Thorsten -