Moved Pfsense firewall from Virgin Media to Community Fibre

danesh1

When I move my Pfsense firewall from Virgin Media to Community Fibre my computer shows its connected to the Internet but it cannot browse or ping any websites it says Session Timed out".

Pfsense firewall works fine when I move it back to Virgin Media or if I bypass the Pfsense.

Can anyone help me how to fix this problem?

michmoor

@danesh1
You need to help us....

Is your WAN configuration set up for DHCP or Static?
Are you getting an IP address from Community Fibre?
What have you done to troubleshoot so far?

danesh1

@michmoor WAN setup as dhcp.

I will elaborate to you how the pfsense firewall is connected to Community Fibre devices.

I have a main Community fibre Linksys router located on ground floor. This main Linksys router sends signal to a Linksys extender located upstairs, this is a wireless connection between the two Linksys devices. I have wired connect between pfsense box to the Linksys extender upstairs then a wired connection to my desktop computer.

The desktop computer shows its connected to Internet but when I try to goto any website the browser says The connection has timed out.

When ping any website it says request timed out.

My desktop computer shows it has Internet connection but why can't I access any website.

Please help me. Thank you

michmoor

@danesh1
Ok so based on the setup it looks like the following?

desktop ---pfsense---linksys extender --- linksys router -- internet
is that how its networked?

1. Once you make the change, are you able to ping the pfsense gateway IP address for your LAN?
2. Do you have access to that linksys router? Is it picking up a Public IP/
3. This may be a double-nat situation going on which shouldn't be a problem if the above set up works as i believed you laid out. I would double check the linksys router and ensure its properly taking traffic from your pfsense network and Natting that correctly.
4. Are you seeing anything in the pfsense logs that indicate that your desktop traffic is leaving out pfsense? You should see something in the firewall logs that can help.,

Jarhead

@danesh1 Also, check Interface/WAN and make sure the "block rfc1918" is unchecked.
Sounds like you might be getting a private IP from that setup.
If you have a public IP, disregard.

stephenw10

Block private networks on WAN would not prevent outbound connections. It would prevent port forwards from the WAN side.

Since you say this was working with the previous provider the most likely thing IMO is that the new ISP router is using the same subnet on it's LAN that pfSense is. That creates a subnet conflict and breals routing.
Make sure the pfSense LAN and WAN are not both showing 192.168.1.X.

Jarhead

@stephenw10 said in Moved Pfsense firewall from Virgin Media to Community Fibre:

Block private networks on WAN would not prevent outbound connections. It would prevent port forwards from the WAN side.

Wouldn't it block him from getting a private address on the WAN itself?

stephenw10

Nope, it only blocks connections coming into the WAN sourced from a private IP address:

# block anything from private networks on interfaces with the option set
block in log quick on $BT from 10.0.0.0/8 to any ridentifier 12006 label "Block private networks from BT block 10/8"
block in log quick on $BT from 127.0.0.0/8 to any ridentifier 12007 label "Block private networks from BT block 127/8"
block in log quick on $BT from 172.16.0.0/12 to any ridentifier 12008 label "Block private networks from BT block 172.16/12"
block in log quick on $BT from 192.168.0.0/16 to any ridentifier 12009 label "Block private networks from BT block 192.168/16"