initial config; won't act like a router
-
just want this thing to act as a router. if i need rules i'll add them later. i set a static ip for the LAN. (on the 10.1.0.0/16 net) the WAN gets the IP from dhcp. that all looks correct in the dashboard. i disabled the firewall (system->firewall+nat). applied and so on.
machines on 10.1 network can not ping the outside world.
machines on 10.1 can ping the IP address on the LAN (of course) and the WAN.What do i need to do to let my 10.1 network machines get full access to the wider internet?
the gateway is set to the LAN ip address. there's something i don't get. -
@bigcrater said in initial config; won't act like a router:
i disabled the firewall (system->firewall+nat)
Why?
machines on 10.1 network can not ping the outside world.
machines on 10.1 can ping the IP address on the LAN (of course) and the WAN.What is listed on Status->Gateways?
-
What do i need to do to let my 10.1 network machines get full access to the wider internet?
NAT. …and I’d suggest a firewall.
pfSense by default allows the LAN network to connect anywhere. So out of the box it likely would have worked. Then, access to WAN from the internet is blocked by default which is usually also desired.
-
@bigcrater said in initial config; won't act like a router:
i disabled the firewall (system->firewall+nat). applied and so on.
Your answer is right in your post. As already said, you're disabling NAT but then you expect the router to still NAT your private IP's.
Why disable it if you want to use it?
-
Exactly that. It's acting as a router only with pf disabled but you need NAT if you have a private subnet on LAN.
-
@bigcrater Sadly, this post read as a troll. Why, most ISP, if not all, provide a modem/router when one implement service...one doesn't need pfSense, one of the world's awesome firewalls. It requires a certain skill set to properly configured. However, it seems that the OP is inflaming other users by claiming that he/she configured their pfSense purposely to disable the firewall because they need a router...knowing that doesn't make sense.
-
@nollipfsense said in initial config; won't act like a router:
knowing that doesn't make sense.
Not sure I would say that - its quite possible to use pfsense as just a router without any firewall. You can either turn off the firewall completely - or just use any any rules as another method.
If your going to use pfsense as just a router downstream of another router, be that your own or the ISP. You still need to understand that your not going to talk to the internet via a rfc1918 address. If you don't want pfsense natting rfc to its wan address - you would need to make sure that the upstream router that has a public does the natting of your downstream rfc1918 networks if they are wanting to talk to something on the internet.
internet - routerA - 192.168.1.0/24 - routerB - 192.168.2.0/24
Lets say you had a transit network of 192.168.1/24 and your downstream routerB had say 192.168.2 behind it.. In this case if your downstream router is not going to nat the 192.168.2.x address to whatever IP it has on the 192.168.1 network.
Then the router connected to the internet would need to nat both 192.168.1 and 192.168.2 addresses. If pfsense was being used as this edge router, and you setup a downstream network, and the routing for these downstream network(s) then it would auto nat them to the public internet interface IP, etc. If you had not turned off automatic outbound nat. Once you create the router to the downstream network(s) and the gateway to get to them, etc. The automatic outbound nat would add those downstream network(s) to its natting.
Normally if you were going to use a downstream router in your network, no it wouldn't be natting from rfc to rfc, but the edge would need to handle the natting of rfc to public IP space if you want your rfc networks to talk to the internet.
