New Installation - No internet on LAN

musthafa

I Installed pfsense fresh. Configured WAN and LAN as default.

I'm able to ping from WAN and LAN google.com however a computer connected to LAN port is not having internet
when I used a third party VPN service from laptop, access to internet was possible

here is the screenshots from ping and traceroute

Traceroute
https://www.dropbox.com/scl/fi/ywe1nxd0plcwir0s8awyn/pfsense-00001.png?rlkey=y4ymipnhkft4y5qljz3w3ljvm&dl=0

ping from LAN
https://www.dropbox.com/scl/fi/s4h7572v0w17x2jm2nui1/pfsense-00002.png?rlkey=sgwuqrvixw06upe098yvbifur&dl=0

ping from WAN
https://www.dropbox.com/scl/fi/ob8m17tu39ryf68tcumm3/pfsense-00003.png?rlkey=2j92owdn5746fxxjmrtsl2ot1&dl=0

Initially I connected to ISP router and WAN was configured as DHCP
Later bypassed ISP router and connected via PPPoE

Both cases WAN link was up and had the same issue

viragomann

@musthafa
Can you post the routing table of your PC, please?

musthafa

@viragomann

musthafa@Musthafas-MacBook-Pro-2 ~ % netstat -r
Routing tables

Internet:
Destination        Gateway            Flags               Netif Expire
default            pfsense.home       UGScg                en12       
default            pfsense.home       UGScIg                en0       
127                localhost          UCS                   lo0       
localhost          localhost          UH                    lo0       
169.254            link#27            UCS                  en12      !
169.254            link#15            UCSI                  en0      !
192.168.2          link#27            UCS                  en12      !
192.168.2          link#15            UCSI                  en0      !
192.168.2.1/32     link#27            UCS                  en12      !
pfsense.home       30:23:3:aa:c6:7d   UHLWIir               en0   1167
192.168.2.1/32     link#15            UCSI                  en0      !
pfsense.home       28:b1:33:0:ae:40   UHLWIir              en12   1149
192.168.2.100/32   link#27            UCS                  en12      !
192.168.2.167      4c:75:25:d6:82:18  UHLWI                 en0   1193
192.168.2.179      66:29:c6:64:c7:50  UHLWI                 en0   1160
192.168.2.237      58:b6:23:5e:c3:3a  UHLWI                 en0   1185
192.168.2.244/32   link#15            UCS                   en0      !
192.168.2.255      ff:ff:ff:ff:ff:ff  UHLWbI                en0      !
192.168.2.255      ff:ff:ff:ff:ff:ff  UHLWbI               en12      !
224.0.0/4          link#27            UmCS                 en12      !
224.0.0/4          link#15            UmCSI                 en0      !
224.0.0.251        1:0:5e:0:0:fb      UHmLWI                en0       
224.0.0.251        1:0:5e:0:0:fb      UHmLWI               en12       
255.255.255.255/32 link#27            UCS                  en12      !
255.255.255.255/32 link#15            UCSI                  en0      !

viragomann

@musthafa
Seems well.

Is the computer able to resolve hostnames?

Is the pfSense outbound NAT in automatic mode and has it added a rule to WAN for LAN sources?

musthafa

@viragomann said in New Installation - No internet on LAN:

@musthafa
Seems well.

Is the computer able to resolve hostnames?
No. I tried ping from terminal on mac.

Is the pfSense outbound NAT in automatic mode and has it added a rule to WAN for LAN sources?
All default settings. Nothing changed or added from myside

Computer is able to connect to internet when using VPN service

viragomann

@musthafa
So since you cannot resolve host names, it would be interesting if you can ping 8.8.8.8 or 1.1.1.1.

pfSense runs the DNS resolver out of the box and the DHCP hands the interface IP out. But is your device using it?

musthafa

@viragomann
Here is the ping from pfsense
ping from LAN
https://www.dropbox.com/scl/fi/s4h7572v0w17x2jm2nui1/pfsense-00002.png?rlkey=sgwuqrvixw06upe098yvbifur&dl=0

ping from WAN
https://www.dropbox.com/scl/fi/ob8m17tu39ryf68tcumm3/pfsense-00003.png?rlkey=2j92owdn5746fxxjmrtsl2ot1&dl=0

however ping from computer is not resolved

viragomann

@musthafa
I saw these screens, but the question is if the computer can ping an IP directly with resolving the host name.

musthafa

@viragomann

musthafa@Musthafas-MacBook-Pro-2 ~ % ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=58 time=11.402 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=13.829 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=58 time=10.313 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=58 time=10.094 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=58 time=12.572 ms
^Z
zsh: suspended  ping 1.1.1.1
musthafa@Musthafas-MacBook-Pro-2 ~ % ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=58 time=14.137 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=7.267 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=17.667 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=8.189 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=58 time=10.764 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=58 time=6.689 ms
^Z
zsh: suspended  ping 8.8.8.8
musthafa@Musthafas-MacBook-Pro-2 ~ % ping google.com
ping: cannot resolve google.com: Unknown host
musthafa@Musthafas-MacBook-Pro-2 ~ % 

viragomann

@musthafa
So the internet works well, but it cannot resolve host names...

Which DNS server does it use?

On the LAN you have to allow access to the interface IP, port 53 if pfSense is used. But by default there is an any-to-any rule on LAN, so nothing special needed.

musthafa

DNS Server Settings
https://www.dropbox.com/scl/fi/7xvarr987ubqzeur89f7k/pfsense-00005.png?rlkey=s3th3nss444hpgfivi4490tcp&dl=0

WAN firewall rules
https://www.dropbox.com/scl/fi/fe1xq2aej3fqnxsydr5ph/pfsense-00006.png?rlkey=ml9bllt3s6ew8nd1giqxr3pqh&dl=0

LAN Firewall Rules
https://www.dropbox.com/scl/fi/jba2ocpnyb9wg37jzc3xg/pfsense-00007.png?rlkey=ulv0nrk1ewc4wef73cdcvxzqw&dl=0

DNS Lookup
https://www.dropbox.com/scl/fi/zj1j6bkhl2ingj1jrjeko/pfsense-00008.png?rlkey=5xyso1hic1rhpx9p8d9d15wr8&dl=0

DNS Resolver Settings
https://www.dropbox.com/scl/fi/9i16phnhc2ebzojnzu6vg/pfsense-00009.png?rlkey=d344ruldsig55ct31s3xdgdbi&dl=0

viragomann

@musthafa
The big question is still, which DNS server your computer is using.

pfSense cannot do anything if the computer requests any other server.

musthafa

@viragomann

Computer DNS
https://www.dropbox.com/scl/fi/k9w4x4cnja9l69xhj8uze/pfsense-00010.png?rlkey=tidtd55cd4t82zmrw6wguokp6&dl=0

viragomann

@musthafa
So it should work actually, but the computer doesn't resolve.

You can to go to the DNS Resolver > ACLs page and add an allow ACL for the LAN subnet.
This shouldn't be necessary though, but sometimes there went something wrong obviously.

JonathanLee

Have you tried to flush the dns cache on your laptop? Your system is not resolving properly. In dos run: Ipconfig /flushdns

Sometimes it holds on to records. Also have you set a rule to allow port 53 on your firewall ACL lists? Or nat ?

stephenw10

Your laptop looks to have two interfaces connected to pfSense. Is that Ethernet and WIFI? Try disabling WIFI if so.

JonathanLee

@stephenw10 yeahhh or he can set to to allow use of both in the bios we had to do they for some equipment years ago, one would disable the other for some reason

musthafa

@viragomann
Tried ACL. No luck
https://www.dropbox.com/scl/fi/ov66xwsl6dyyb06w237kj/pfsense-00011.png?rlkey=ilwmw6gqnlolfdgscz5f8dxzv&dl=0

musthafa

@JonathanLee said in New Installation - No internet on LAN:

Sometimes it holds on to records. Also have you set a rule to allow port 53 on your firewall ACL lists? Or nat ?

No. I'm new to pfSense. please guide me on it

musthafa

@stephenw10 said in New Installation - No internet on LAN:

Your laptop looks to have two interfaces connected to pfSense. Is that Ethernet and WIFI? Try disabling WIFI if so.

I'm using usb ethernet on MAC OS to connect to pfSense. Im disabling wifi while testing pfSense.