Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New user question

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 779 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Johnny 2
      last edited by

      I recently purchased a Netgate 1100.
      I've set up a couple of VLANs, one is my HOME VLAN, for the moment I'm using the firewall behind my ISPs router (WAN = 192.168.0.x).
      On the WAN-interface, I've turned off "Block private networks and loopback addresses" and "Block bogon networks"
      The DHCP server is configured, set DNS to 1.1.1.1 and 8.8.8.8
      I've configured the firewall rules to allow everything (IPv4+6 *, source *, destination *, port *, gateway *).

      I get a proper IP address on the HOME network, I am able to reach the pfsense web interface, but when I ping the outside (e.g. 1.1.1.1), I get "PING: transmit failed. General failure." on a Windows client, simply "ping: connect: Network is unreachable" on a Linux client.

      How do I proceed to find the root cause?

      Thanks

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @Johnny 2
        last edited by

        @Johnny-2 None of your networks are 192.168.0.x except the WAN right? Each VLAN interface would need allow rules.

        The 1100 is a 3 port switch with the ports isolated by VLANs. Did you happen to undo any of that?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        J 1 Reply Last reply Reply Quote 0
        • J
          Johnny 2 @SteveITS
          last edited by Johnny 2

          @SteveITS
          Indeed, non of my VLANs have 192.168.0.x and both the WAN & HOME VLAN have the allow everything rule (IPv4+6 *, source *, destination *, port *, gateway *).

          By default, the LAN port maps to VLAN 4091. I turned that off (see below). To make room for my HOME VLAN to be on that port untagged. But any problem with this configuration would also be reflected on the internal network, I assume?

          20230710-Pfsense-Interface_Switch_VLAN.png

          20230710-Pfsense-Interface_Switch_Ports.png

          I am now connected to the LAN port of the 1100.

          S 1 Reply Last reply Reply Quote 0
          • jimpJ jimp moved this topic from Problems Installing or Upgrading pfSense Software on
          • S
            SteveITS Galactic Empire @Johnny 2
            last edited by

            @Johnny-2 so you're trying to change the LAN port from VLAN 4091 to VLAN 10? and have 10 be on both the LAN (tagged) and OPT (untagged) ports?

            The 1100 essentially comes with this process (for the 2100) already done to isolate its three switch ports: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/configuring-the-switch-ports.html

            Can you show the firewall rules for the new interface (VLAN 10)?

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            J 1 Reply Last reply Reply Quote 0
            • J
              Johnny 2 @SteveITS
              last edited by Johnny 2

              @SteveITS

              20230710-Pfsense-Interface_Assignments.png

              20230710-Pfsense-Firewall_Rules.png

              No extra options

              I would like to narrow the rules, but first it should work without restrictions.

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire @Johnny 2
                last edited by

                @Johnny-2 Some thoughts...

                Is the gateway on the PC set to the pfSense HOME IP?

                Is NAT Outbound set to Automatic?

                Is the subnet mask on HOME a /24? (pfSense defaults to /32)

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote ๐Ÿ‘ helpful posts!

                J 1 Reply Last reply Reply Quote 0
                • J
                  Johnny 2 @SteveITS
                  last edited by Johnny 2

                  @SteveITS

                  20230711-ipconfig.png

                  20230411-Pfsense-Firewall_NAT_Outbound.png

                  20230711-Pfsense-Interfaces_HOMEpng.png

                  So, yes to all three

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Can you ping anything other than the two configured DNS server IPs? 8.8.4.4 for example. Setting those adds static routes for them in pfSense which could potentially be wrong.

                    Can pfSense itself connect out? Install packages? Or ping out from Diag > Ping?

                    What you have configured looks OK. Do you actually see the auto outbound NAT rule created for 10.10.1.0/24?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.