First time setup with private WAN
-
Hey folks, I decided to try out pfSense for the first time, so I set it up behind my existing home router. My client behind pfSense can ping the pfsense router, resolve names, ping addresses like 8.8.8.8, but can't access the internet e.g. apt update or wget.
Setup is:
- Version 2.7.2 CE
- pfSense and client are both VMs (on xcp-ng)
- WAN is private, e.g. 192.168.21.0/24
- LAN is private, e.g. 192.168.40.0/24
- Client on lan, set to route through pfsense
- WAN interface - disabled the options to block private ips and bogons
- Routing - only WAN gateway is set, no LAN gateway set up
- NAT - the default automatic rule is there, to nat lan networks onto the wan ip
- Tried going back through the setup wizard a few times just to be safe
- Double NAT, of course, since my main gateway is also a NAT
I also did a clean install of opnsense the same way, same setup wizard (again, first time user of that too), but in that case it DOES route traffic to the internet for me.
Any known issues in pfSense with xcp-ng (Xen), double NAT, private WAN ports, etc.? For reference I'm new to pfSense/opnSense but not new to network engineering, so just not sure what configs to compare between the working (opnsense) and non-working pfsense, and logs, diagnostics, etc.
-
@nerdile
Did you disable TX Checksum Offload on the virtual Interfaces in XEN?And also in pfSense System > Advanced > Networking > Hardware Checksum Offloading?
-
@viragomann This was exactly it. Thank you!
-
@nerdile In case anyone is struggling with a similar issue in the future, one thing I noticed that could indicate this issue is that the firewall shows allowing the SYN packets from the LAN client but never shows any responses later. (You have to turn on logging of your default allow rule to see this traffic flowing.)