• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Wan port blocking internet access

Scheduled Pinned Locked Moved Firewalling
4 Posts 2 Posters 706 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    ama
    last edited by Oct 20, 2023, 1:40 PM

    I have a problem with our third router of which I would like a resolve. the original Protectli (The Vault) router PfSense software crashed and it was replaced with a new one. Configurations were copied from one of the existing routers and loaded on to the new one. All went well after assigning the ports to their respective IPs. The Wan was set to one of the available static IPs provided by Comcast. The fire wall rules were left at defaults. No Connection to the internet at this point. it was not until an ICMP ping rule was applied to the Wan port and it wouldn't work unless the source is set to ANY.
    I have a problem with that and don't want to have it this wide open. what is bothering me is that we did not have to create such a rule on the 2 other functioning routers. what am I missing?
    and Yes I am new to the vault and PfSense.

    G 1 Reply Last reply Oct 20, 2023, 1:52 PM Reply Quote 0
    • G
      Gertjan @ama
      last edited by Oct 20, 2023, 1:52 PM

      @ama said in Wan port blocking internet access:

      The Wan was set to one of the available static IPs provided by Comcast

      A static IP setup needs 3 details.
      The IP in question.
      The mask or network, like /32 or 255.255.255.255
      The gateway, an IP also - this is the one you nevr set on a LAN type interface, but have to set on a WAN type interface.

      So, you mentioned the first - what about the others ?

      "DHCP" on WAN doesn't work for your ISP ?

      You have to add an ICMP rule on WAN .... can you show that rule ?
      You were sending your ping command from where, to who ?

      What what it's worth : I confirm : most pfSense setups work great without ever needing to add a rule on the WAN interface. This interface normally has no rules what so ever.

      As these rules are need if you need traffic to come in from the Internet somewhere in your local networks, or pfSense itself.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      A 1 Reply Last reply Oct 23, 2023, 10:15 PM Reply Quote 0
      • A
        ama @Gertjan
        last edited by Oct 23, 2023, 10:15 PM

        @Gertjan
        The IP in question.
        The mask or network, like /32 or 255.255.255.255
        The gateway, an IP also - this is the one you nevr set on a LAN type interface, but have to set on a WAN type interface.
        I have that base covered. Static IP provided for the Wan interface, the provider's subnet and gateway.

        @Gertjan said in Wan port blocking internet access:

        So, you mentioned the first - what about the others ?
        %(#000000)[I actually uploaded the configuration of one to the problem one(IPs were modified accordingly). it still did not do me any good.]

        @Gertjan said in Wan port blocking internet access:

        You have to add an ICMP rule on WAN .... can you show that rule ?
        Screenshot 2023-10-23 175742.png

        @Gertjan said in Wan port blocking internet access:

        You were sending your ping command from where, to who ?

        I didn't no have to. I was searching up online trying to figure out why I am unable to get internet access and came across an article that led me to try this rule. it did not make any sense to me but was the sure cure on first try.

        @Gertjan said in Wan port blocking internet access:

        What what it's worth : I confirm : most pfSense setups work great without ever needing to add a rule on the WAN interface. This interface normally has no rules what so ever.

        Thank you. agreed on almost all routers. you just need the basics. The rest is optional and customizable.

        @Gertjan said in Wan port blocking internet access:

        As these rules are need if you need traffic to come in from the Internet somewhere in your local networks, or pfSense itself.
        This is where it is a bit confusing. The router is doing DNS and Comcast is Secondary. all other use VPN for access to resources behind the firewall.

        G 1 Reply Last reply Oct 24, 2023, 6:33 AM Reply Quote 0
        • G
          Gertjan @ama
          last edited by Oct 24, 2023, 6:33 AM

          @ama

          This

          aa11ab0f-2576-4d25-a308-f6795d1b58a2-image.png

          is just incoming ICMPv4 traffic/packets - not your traffic goint to the "Internet" and coming back.

          Look at my ICMPv4 WAN rule :

          2b62ba07-6fed-4989-9fa9-8223348ba01e-image.png

          This can only be incoming ICMPv4 traffic and is not related to my ordinary "LAN to Internet (and back)" traffic

          Wan port blocking internet access

          The subject line is awkward.
          Router firewall pfSense interfaces can block incoming traffic.
          Look (physical) at the WAN port, or any other (LAN) port.
          Firewall rules apply to traffic going into (into pfSense), not at traffic that comes out of the interface.
          What boils down to : WAN firewall rules - or the absence of - can't block "internet access".
          Only the "Floating" interface has that power.

          Anyway, all this just to be sure, you probably know already all this.

          Next thing to check :
          System > Routing > Gateways is ok ?
          The routing table ( Diagnostics > Routes ) looks ok ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received