Internet Access from LAN
I've had to post this in general as I'm unsure what's causing my problem.
I have setup a PFsense Box with 3 Network Interfaces
- LAN 10.1.x.x (static IP 10.1.1.1) This is patched into out main switch
- WAN (Static IP address) This is connceted to a router and has been given one of the public static IP addresses and I've set the gateway to the SDSL router address within the interface settings.
- DMZ 192.168.0.0 (static IP 192.168.4.1)
I also have a requirement to NAT a number of other public IP Addressed so I have added a network into the Virtual IP configuration (x.x.x.x/28). I'm guessing this will allow me to then create NAT rules from the public IP addresses in this range.
My problem is that from the LAN network I cannot browse the internet. The PFSense box itself is able to resolve external DNS (i.e. google.com etc etc) but none o fthe workstations/servers on the LAN network can seem to get out.
All machines on the LAN have been given the 10.1.1.1 as their default gateway and can access the WebGUI form their browsers.
This PFSense box is replacing an OLD (OLD OLD OLD) Checkpoint firewall which used to have the 10.1.1.1 address and was setup in much the same way as I've setup the PFSense.
To ensure it's not a Firewall rule I've added an LAN Subnet > Any Port Any rule out for testing but still no joy.
Any help would be greatly appreciated - if you need any further information please let me know.
danswartz last edited by
do the LAN hosts have 10.1.1.1 as their default gateway. and how are they getting their DNS?
Cry Havok last edited by
Which version of pfSense did you install?
Thanks for your replies
All LAN servers are using 10.1.1.1 as their default gateway and are pointing to 2 DNS servers on my active directory domain. The DNS servers can lookup local DNS with the new PFSense in as they cant access the external DNS - With the old checkpoint in they are able to lookup external DNS.
I installed verison 1.2.3-RC1
Cry Havok last edited by
Your firewall rule allowing all outbound access is on the LAN interface?
Thanks fo ryour reply
Yep the rule allowing all traffic from the LAN Interface to any address on any protocol is specified on the LAN Interface rules.
Have resolved this - it turns out my firewall rule to allow anythign out was just TCP so all DNS was being blocked out for my DNS servers.
enabled 53 out on UDP and we have internet access
Thanks for everyones help