Can access internal IPs but not the internet
-
This is my first go with pfSense, so I expect this is real easy to fix:
- Running 1.2.3-RC3
- WAN is an atheros wireless link to the AP on my ADSL router (Thompson Speedtouch 585 V6) which is running as a router. Configured to use DHCP (from a pool in 192.168.1/24).
- LAN is configured to 192.168.10/24 and the interface is 192.168.10.1
If I connect to the LAN I can ping nodes on the WAN (router, phone, NAS, etc).
Name resolution works for internal nodes (the Thompson is a forwarding DNS) and external.
However, I can't connect to anything on the internet. If I try to ping google.com (for example) I get:
PING google.com (74.125.67.100): 56 data bytes
but no replies are received. Name resolution is working, but that's kind of expected as that's handled by the Thompson and I can ping that.
Any ideas what I should try next? Is this anything to do with the fact that the pfSense box and the Thompson are both NATing?
Added - connections from the pfSense command shell also fail to get through to the internet.
Partial fix
If I configure the WAN interface to use a static IP and gateway then I can connect to the internet as expected.
However, I plan to use this box to provide a firewalled network to a group of users from a WiFi hotspot. This means I can't really use a static IP.
-
It seems as this is related to the use of the Speedtouch 585 router. It seems to work as expected if I use a ZyXEL box.
Any ideas what can cause this? I'm hoping there's a something I can set on the Speedtouch to get it working, as it seems to give me better line speeds.
-
Sounds like a similar issue to what I am having,
I am wondering if the dual NAT Situations cause PFSense to fail in some way,
The only different is I am hooking my second PFSense box up direct to the same gateway on a new IP Address, And trying to use it directly as a testbed - It all works well but External connectivity intermittently fails. I have not found a fix,
I'm wondering if 1.2.3 has some issues -
Not sure - the ZyXEL is also NATing, so it seems unlikely that that is the problem - unless something's not quite right with either the Speedtouch or pfSense.