Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internet Access from LAN

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stuartc
      last edited by

      Hi Guys

      I've had to post this in general as I'm unsure what's causing my problem.

      I have setup a PFsense Box with 3 Network Interfaces

      • LAN 10.1.x.x (static IP 10.1.1.1) This is patched into out main switch
      • WAN (Static IP address) This is connceted to a router and has been given one of the public static IP addresses and I've set the gateway to the SDSL router address within the interface settings.
      • DMZ 192.168.0.0 (static IP 192.168.4.1)

      I also have a requirement to NAT a number of other public IP Addressed so I have added a network into the Virtual IP configuration (x.x.x.x/28). I'm guessing this will allow me to then create NAT rules from the public IP addresses in this range.

      My problem is that from the LAN network I cannot browse the internet. The PFSense box itself is able to resolve external DNS (i.e. google.com etc etc) but none o fthe workstations/servers on the LAN network can seem to get out.
      All machines on the LAN have been given the 10.1.1.1 as their default gateway and can access the WebGUI form their browsers.

      This PFSense box is replacing an OLD (OLD OLD OLD) Checkpoint firewall which used to have the 10.1.1.1 address and was setup in much the same way as I've setup the PFSense.

      To ensure it's not a Firewall rule I've added an LAN Subnet > Any Port Any rule out for testing but still no joy.

      Any help would be greatly appreciated - if you need any further information please let me know.

      Thanks,

      Stuart

      1 Reply Last reply Reply Quote 0
      • D
        danswartz
        last edited by

        do the LAN hosts have 10.1.1.1 as their default gateway.  and how are they getting their DNS?

        1 Reply Last reply Reply Quote 0
        • Cry HavokC
          Cry Havok
          last edited by

          Which version of pfSense did you install?

          1 Reply Last reply Reply Quote 0
          • S
            stuartc
            last edited by

            Thanks for your replies

            All LAN servers are using 10.1.1.1 as their default gateway and are pointing to 2 DNS servers on my active directory domain. The DNS servers can lookup local DNS with the new PFSense in as they cant access the external DNS - With the old checkpoint in they are able to lookup external DNS.

            I installed verison 1.2.3-RC1

            1 Reply Last reply Reply Quote 0
            • Cry HavokC
              Cry Havok
              last edited by

              Your firewall rule allowing all outbound access is on the LAN interface?

              1 Reply Last reply Reply Quote 0
              • S
                stuartc
                last edited by

                Thanks fo ryour reply

                Yep the rule allowing all traffic from the LAN Interface to any address on any protocol is specified on the LAN Interface rules.

                1 Reply Last reply Reply Quote 0
                • S
                  stuartc
                  last edited by

                  Have resolved this - it turns out my firewall rule to allow anythign out was just TCP so all DNS was being blocked out for my DNS servers.

                  enabled 53 out on UDP and we have internet access

                  Thanks for everyones help

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.