Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    initial config; won't act like a router

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 7 Posters 772 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bigcrater
      last edited by

      just want this thing to act as a router. if i need rules i'll add them later. i set a static ip for the LAN. (on the 10.1.0.0/16 net) the WAN gets the IP from dhcp. that all looks correct in the dashboard. i disabled the firewall (system->firewall+nat). applied and so on.

      machines on 10.1 network can not ping the outside world.
      machines on 10.1 can ping the IP address on the LAN (of course) and the WAN.

      What do i need to do to let my 10.1 network machines get full access to the wider internet?
      the gateway is set to the LAN ip address. there's something i don't get.

      R S J 3 Replies Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @bigcrater
        last edited by

        @bigcrater said in initial config; won't act like a router:

        i disabled the firewall (system->firewall+nat)

        Why?

        machines on 10.1 network can not ping the outside world.
        machines on 10.1 can ping the IP address on the LAN (of course) and the WAN.

        What is listed on Status->Gateways?

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @bigcrater
          last edited by

          @bigcrater

          What do i need to do to let my 10.1 network machines get full access to the wider internet?

          NAT. …and I’d suggest a firewall.

          pfSense by default allows the LAN network to connect anywhere. So out of the box it likely would have worked. Then, access to WAN from the internet is blocked by default which is usually also desired.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 0
          • J
            Jarhead @bigcrater
            last edited by

            @bigcrater said in initial config; won't act like a router:

            i disabled the firewall (system->firewall+nat). applied and so on.

            Your answer is right in your post. As already said, you're disabling NAT but then you expect the router to still NAT your private IP's.

            Why disable it if you want to use it?

            1 Reply Last reply Reply Quote 2
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Exactly that. It's acting as a router only with pf disabled but you need NAT if you have a private subnet on LAN.

              1 Reply Last reply Reply Quote 0
              • NollipfSenseN
                NollipfSense
                last edited by

                @bigcrater Sadly, this post read as a troll. Why, most ISP, if not all, provide a modem/router when one implement service...one doesn't need pfSense, one of the world's awesome firewalls. It requires a certain skill set to properly configured. However, it seems that the OP is inflaming other users by claiming that he/she configured their pfSense purposely to disable the firewall because they need a router...knowing that doesn't make sense.

                pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                johnpozJ 1 Reply Last reply Reply Quote 1
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @NollipfSense
                  last edited by johnpoz

                  @nollipfsense said in initial config; won't act like a router:

                  knowing that doesn't make sense.

                  Not sure I would say that - its quite possible to use pfsense as just a router without any firewall. You can either turn off the firewall completely - or just use any any rules as another method.

                  If your going to use pfsense as just a router downstream of another router, be that your own or the ISP. You still need to understand that your not going to talk to the internet via a rfc1918 address. If you don't want pfsense natting rfc to its wan address - you would need to make sure that the upstream router that has a public does the natting of your downstream rfc1918 networks if they are wanting to talk to something on the internet.

                  internet - routerA - 192.168.1.0/24 - routerB - 192.168.2.0/24

                  Lets say you had a transit network of 192.168.1/24 and your downstream routerB had say 192.168.2 behind it.. In this case if your downstream router is not going to nat the 192.168.2.x address to whatever IP it has on the 192.168.1 network.

                  Then the router connected to the internet would need to nat both 192.168.1 and 192.168.2 addresses. If pfsense was being used as this edge router, and you setup a downstream network, and the routing for these downstream network(s) then it would auto nat them to the public internet interface IP, etc. If you had not turned off automatic outbound nat. Once you create the router to the downstream network(s) and the gateway to get to them, etc. The automatic outbound nat would add those downstream network(s) to its natting.

                  Normally if you were going to use a downstream router in your network, no it wouldn't be natting from rfc to rfc, but the edge would need to handle the natting of rfc to public IP space if you want your rfc networks to talk to the internet.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 2
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.