Problem with internet access on pfsense

milani90

I have a PFSENSE that is only doing the DHPC and NTP service, as I have a firewall box that receives the internet link and manages all the traffic in and out of the network to the internet.
However, PFSENSE is unable to connect to the internet to update NTP or even update itself.

LAN
IPv4 Address=192.168.0.1
IPv4 Upstream gateway = 192.168.0.255 (IP Firewall palo alto)

DHCP SERVER
Range= 192.168.255.1 - 192.168.255.254
Subnet=192.168.0.0
Subnet mask 255.255.0.0

Could anyone help me and explain what I need to change for the PFSE to be able to reach the internet?

tinfoilmatt

@milani90 said in Problem with internet access on pfsense:

IPv4 Upstream gateway = 192.168.0.255 (IP Firewall palo alto)

this is an invalid gateway address on a /24 subnet. should we assume you mean 192.168.0.254? or what's the LAN subnet mask?

not really best practice to include static and/or reserved addressing in a DHCP range. (some DHCP servers reject such pools, in fact.)

is there a specific reason you're attempting to use a /16 subnet, like... anywhere?

JonathanLee

@milani90 What does your NTP settings look like? You should have them NAT over the the address of your firewall box. It has to know where to send the traffic for NTP and for LAN side to WAN traffic. If pfSense is your DHCP server it still needs to know the next hop to get off the network.

Example I NAT to the firewall it self for mine...

I have some specialized traffic on a different broadcast domain on my firewall also so it has to know the NAT address in my example that would be the WAN.

My game systems I have them on a less restrictive network with no access to the secure side. Let's call it the guest it still needs to know hey traffic that is from the 10.0.0.0 private network with destinations ! going to the private side send it to the WAN let it get off the network.

My system is hardware separated not VLAN based for the 2 different networks.

stephenw10

Does pfSense itself have that set as the default gateway in System > Routing > Gateways?

milani90

@cyberconsultants said in Problem with internet access on pfsense:

@milani90 said in Problem with internet access on pfsense:

IPv4 Upstream gateway = 192.168.0.255 (IP Firewall palo alto)

this is an invalid gateway address on a /24 subnet. should we assume you mean 192.168.0.254? or what's the LAN subnet mask?

not really best practice to include static and/or reserved addressing in a DHCP range. (some DHCP servers reject such pools, in fact.)

is there a specific reason you're attempting to use a /16 subnet, like... anywhere?

The network is /16 I forgot to comment

milani90

@JonathanLee JonathanLee

Can you explain to me better the NAT rule that I need to create for NTP to be able to leave PFSENSE and reach my (Palo Alto firewall)?

stephenw10

You don't need any NAT in pfSense for how you're using it.

The only thing that should be needed is that pfSense is using the PaloAlto as it's default route.

So check System > Routing > Gateways. Make sure it is using that as default gateway.

milani90

@stephenw10
This is already being done,

I'm using the Palo Alto address as a gateway (192.168.0.255/16)

stephenw10

OK so what error are you seeing when try to connect out from pfSense?

If you ping 8.8.8.8?

Or ping google.com?

milani90

@stephenw10

I access PFSENSE, but it is not synchronizing NTP with the national Date and Time servers. And it's also not fetching automatic updates from the repository.

stephenw10

Ok, that could be a number of things though. Start basic and run those ping tests from the pfSense command line.

A Former User

@milani90

Just a gateway or a default gateway. 'default' is the key word here. It would be nice if you actually show the routing table. :)