Problem with internet access on pfsense

milani90 · Mar 15, 2024, 7:59 PM

I have a PFSENSE that is only doing the DHPC and NTP service, as I have a firewall box that receives the internet link and manages all the traffic in and out of the network to the internet.
However, PFSENSE is unable to connect to the internet to update NTP or even update itself.

LAN
IPv4 Address=192.168.0.1
IPv4 Upstream gateway = 192.168.0.255 (IP Firewall palo alto)

DHCP SERVER
Range= 192.168.255.1 - 192.168.255.254
Subnet=192.168.0.0
Subnet mask 255.255.0.0

Could anyone help me and explain what I need to change for the PFSE to be able to reach the internet?

tinfoilmatt · Mar 15, 2024, 8:05 PM

@milani90 said in Problem with internet access on pfsense:

IPv4 Upstream gateway = 192.168.0.255 (IP Firewall palo alto)

this is an invalid gateway address on a /24 subnet. should we assume you mean 192.168.0.254? or what's the LAN subnet mask?

not really best practice to include static and/or reserved addressing in a DHCP range. (some DHCP servers reject such pools, in fact.)

is there a specific reason you're attempting to use a /16 subnet, like... anywhere?

JonathanLee · Jun 29, 2024, 6:18 AM

@milani90 What does your NTP settings look like? You should have them NAT over the the address of your firewall box. It has to know where to send the traffic for NTP and for LAN side to WAN traffic. If pfSense is your DHCP server it still needs to know the next hop to get off the network.

Example I NAT to the firewall it self for mine...

I have some specialized traffic on a different broadcast domain on my firewall also so it has to know the NAT address in my example that would be the WAN.

My game systems I have them on a less restrictive network with no access to the secure side. Let's call it the guest it still needs to know hey traffic that is from the 10.0.0.0 private network with destinations ! going to the private side send it to the WAN let it get off the network.

My system is hardware separated not VLAN based for the 2 different networks.

stephenw10 · Mar 15, 2024, 9:19 PM

Does pfSense itself have that set as the default gateway in System > Routing > Gateways?

milani90 · Mar 20, 2024, 5:20 PM

@cyberconsultants said in Problem with internet access on pfsense:

@milani90 said in Problem with internet access on pfsense:

IPv4 Upstream gateway = 192.168.0.255 (IP Firewall palo alto)

this is an invalid gateway address on a /24 subnet. should we assume you mean 192.168.0.254? or what's the LAN subnet mask?

not really best practice to include static and/or reserved addressing in a DHCP range. (some DHCP servers reject such pools, in fact.)

is there a specific reason you're attempting to use a /16 subnet, like... anywhere?

The network is /16 I forgot to comment

milani90 · Mar 20, 2024, 5:24 PM

@JonathanLee JonathanLee

Can you explain to me better the NAT rule that I need to create for NTP to be able to leave PFSENSE and reach my (Palo Alto firewall)?

stephenw10 · Mar 20, 2024, 5:41 PM

You don't need any NAT in pfSense for how you're using it.

The only thing that should be needed is that pfSense is using the PaloAlto as it's default route.

So check System > Routing > Gateways. Make sure it is using that as default gateway.

milani90 · Mar 20, 2024, 5:46 PM

@stephenw10
This is already being done,

I'm using the Palo Alto address as a gateway (192.168.0.255/16)

stephenw10 · Mar 20, 2024, 5:58 PM

OK so what error are you seeing when try to connect out from pfSense?

If you ping 8.8.8.8?

Or ping google.com?

milani90 · Mar 20, 2024, 6:08 PM

@stephenw10

I access PFSENSE, but it is not synchronizing NTP with the national Date and Time servers. And it's also not fetching automatic updates from the repository.

stephenw10 · Mar 20, 2024, 8:53 PM

Ok, that could be a number of things though. Start basic and run those ping tests from the pfSense command line.

A Former User · Mar 20, 2024, 9:53 PM

@milani90

Just a gateway or a default gateway. 'default' is the key word here. It would be nice if you actually show the routing table. :)