• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Problem with internet access on pfsense

Scheduled Pinned Locked Moved General pfSense Questions
12 Posts 5 Posters 639 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    milani90
    last edited by Mar 15, 2024, 7:59 PM

    I have a PFSENSE that is only doing the DHPC and NTP service, as I have a firewall box that receives the internet link and manages all the traffic in and out of the network to the internet.
    However, PFSENSE is unable to connect to the internet to update NTP or even update itself.

    LAN
    IPv4 Address=192.168.0.1
    IPv4 Upstream gateway = 192.168.0.255 (IP Firewall palo alto)

    DHCP SERVER
    Range= 192.168.255.1 - 192.168.255.254
    Subnet=192.168.0.0
    Subnet mask 255.255.0.0

    Could anyone help me and explain what I need to change for the PFSE to be able to reach the internet?

    T J 2 Replies Last reply Mar 15, 2024, 8:05 PM Reply Quote 0
    • T
      tinfoilmatt @milani90
      last edited by Mar 15, 2024, 8:05 PM

      @milani90 said in Problem with internet access on pfsense:

      IPv4 Upstream gateway = 192.168.0.255 (IP Firewall palo alto)

      this is an invalid gateway address on a /24 subnet. should we assume you mean 192.168.0.254? or what's the LAN subnet mask?

      not really best practice to include static and/or reserved addressing in a DHCP range. (some DHCP servers reject such pools, in fact.)

      is there a specific reason you're attempting to use a /16 subnet, like... anywhere?

      M 1 Reply Last reply Mar 20, 2024, 5:20 PM Reply Quote 0
      • J
        JonathanLee @milani90
        last edited by JonathanLee Jun 29, 2024, 6:18 AM Mar 15, 2024, 8:05 PM

        @milani90 What does your NTP settings look like? You should have them NAT over the the address of your firewall box. It has to know where to send the traffic for NTP and for LAN side to WAN traffic. If pfSense is your DHCP server it still needs to know the next hop to get off the network.

        Example I NAT to the firewall it self for mine...

        Screenshot 2024-03-15 at 13.06.32.png

        I have some specialized traffic on a different broadcast domain on my firewall also so it has to know the NAT address in my example that would be the WAN.

        Screenshot 2024-03-15 at 13.07.23.png

        My game systems I have them on a less restrictive network with no access to the secure side. Let's call it the guest it still needs to know hey traffic that is from the 10.0.0.0 private network with destinations ! going to the private side send it to the WAN let it get off the network.

        My system is hardware separated not VLAN based for the 2 different networks.

        Make sure to upvote

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Mar 15, 2024, 9:19 PM

          Does pfSense itself have that set as the default gateway in System > Routing > Gateways?

          1 Reply Last reply Reply Quote 0
          • M
            milani90 @tinfoilmatt
            last edited by Mar 20, 2024, 5:20 PM

            @cyberconsultants said in Problem with internet access on pfsense:

            @milani90 said in Problem with internet access on pfsense:

            IPv4 Upstream gateway = 192.168.0.255 (IP Firewall palo alto)

            this is an invalid gateway address on a /24 subnet. should we assume you mean 192.168.0.254? or what's the LAN subnet mask?

            not really best practice to include static and/or reserved addressing in a DHCP range. (some DHCP servers reject such pools, in fact.)

            is there a specific reason you're attempting to use a /16 subnet, like... anywhere?

            The network is /16 I forgot to comment

            1 Reply Last reply Reply Quote 0
            • M
              milani90
              last edited by Mar 20, 2024, 5:24 PM

              @JonathanLee JonathanLee

              Can you explain to me better the NAT rule that I need to create for NTP to be able to leave PFSENSE and reach my (Palo Alto firewall)?

              1 Reply Last reply Reply Quote 0
              • S
                stephenw10 Netgate Administrator
                last edited by Mar 20, 2024, 5:41 PM

                You don't need any NAT in pfSense for how you're using it.

                The only thing that should be needed is that pfSense is using the PaloAlto as it's default route.

                So check System > Routing > Gateways. Make sure it is using that as default gateway.

                1 Reply Last reply Reply Quote 0
                • M
                  milani90
                  last edited by Mar 20, 2024, 5:46 PM

                  @stephenw10
                  This is already being done,

                  I'm using the Palo Alto address as a gateway (192.168.0.255/16)

                  ? 1 Reply Last reply Mar 20, 2024, 9:53 PM Reply Quote 0
                  • S
                    stephenw10 Netgate Administrator
                    last edited by Mar 20, 2024, 5:58 PM

                    OK so what error are you seeing when try to connect out from pfSense?

                    If you ping 8.8.8.8?

                    Or ping google.com?

                    1 Reply Last reply Reply Quote 0
                    • M
                      milani90
                      last edited by Mar 20, 2024, 6:08 PM

                      @stephenw10

                      I access PFSENSE, but it is not synchronizing NTP with the national Date and Time servers. And it's also not fetching automatic updates from the repository.

                      1 Reply Last reply Reply Quote 0
                      • S
                        stephenw10 Netgate Administrator
                        last edited by Mar 20, 2024, 8:53 PM

                        Ok, that could be a number of things though. Start basic and run those ping tests from the pfSense command line.

                        1 Reply Last reply Reply Quote 0
                        • ?
                          A Former User @milani90
                          last edited by Mar 20, 2024, 9:53 PM

                          @milani90

                          Just a gateway or a default gateway. 'default' is the key word here. It would be nice if you actually show the routing table. :)

                          1 Reply Last reply Reply Quote 1
                          12 out of 12
                          • First post
                            12/12
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received