Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    PFSENSE OUTBOUNT NAT ISSUE (NO INTERNET FROM LAN)

    Scheduled Pinned Locked Moved NAT
    14 Posts 5 Posters 220 Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • tinfoilmattT Offline
      tinfoilmatt LAYER 8
      last edited by tinfoilmatt

      Those ping replies appear to be coming back normally, and pfSense should be routing them from the LAN interface back 'down' to the Ubuntu server. Rulesets all look fine (if not irrelevant since none of the firewall rules even apply to ICMP).

      I have almost zero experience with Ubuntu Server, so I'm only guessing—but could there be an issue with firewall configuration there? I assume it would allow reply traffic by default. But maybe it's doing something different with ICMP specifically 'out of the box'? Can you run a (promiscuous) capture on its 10.20.0.3 interface?

      N 1 Reply Last reply Reply Quote 0
      • tinfoilmattT Offline
        tinfoilmatt LAYER 8
        last edited by

        Any static routing manually configured on pfSense? (Wondering because of the WG configuration.)

        N 1 Reply Last reply Reply Quote 0
        • N Offline
          NetDummi @chpalmer
          last edited by NetDummi

          @chpalmer
          Thank you for quick response!
          Added rule for LAN interface.(WG rule does nothing you right, it remains after some troubleshooting)
          a180156f-3f56-4652-970e-f40d5d4c4ede-image.png
          Logs show that icmp successfully passed
          2320881c-5bad-4367-b09a-41999fa072fc-image.png
          But still no reply to Ubuntu server (

          1 Reply Last reply Reply Quote 0
          • N Offline
            NetDummi @tinfoilmatt
            last edited by

            @tinfoilmatt
            Ty for response!
            No, haven't configure any routes.
            39f027cc-a636-461d-853f-2fcf52147e98-image.png

            1 Reply Last reply Reply Quote 0
            • N Offline
              NetDummi @tinfoilmatt
              last edited by NetDummi

              @tinfoilmatt
              Sure!
              Here is tcpdump from Ubuntu machine. No answer. But i can ping it from pfsense lan interface and everything is fine.
              00588c64-7758-4324-b6f4-e4b87f3d0b45-image.png

              tinfoilmattT 1 Reply Last reply Reply Quote 0
              • tinfoilmattT Offline
                tinfoilmatt LAYER 8 @NetDummi
                last edited by

                @NetDummi If the reply traffic is appearing on pfSense's LAN interface but not on the Ubuntu host (and pfSense can ping the Ubuntu host), then the issue would seem more likely to be with the Ubuntu host. You should enable firewall logging there.

                N 3 Replies Last reply Reply Quote 0
                • N Offline
                  NetDummi @tinfoilmatt
                  last edited by

                  @tinfoilmatt
                  The ubuntu image from cloud provider and it looks to me that there is no firewall enabled at all
                  cddfff57-546d-4641-a348-2ab4175ec100-image.png

                  1 Reply Last reply Reply Quote 0
                  • N Offline
                    NetDummi @tinfoilmatt
                    last edited by

                    This post is deleted!
                    1 Reply Last reply Reply Quote 0
                    • N Offline
                      NetDummi @tinfoilmatt
                      last edited by

                      @tinfoilmatt
                      UPDATE
                      Ubuntu is not the case, tested from LAN network with Windows server(Firewall disabled) same result

                      1 Reply Last reply Reply Quote 0
                      • S Offline
                        SteveITS Rebel Alliance @NetDummi
                        last edited by

                        @NetDummi Do you have any floating match rules with Quick set? They fixed a bug that changes how the tiles work and there have been other posts about traffic being blocked by rules now.

                        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                        Upvote đź‘Ť helpful posts!

                        N 1 Reply Last reply Reply Quote 0
                        • N Offline
                          NetDummi @SteveITS
                          last edited by

                          @SteveITS
                          Ty for help everyone!
                          Solved. Cloud router was blocking traffic between cloud private networks.

                          luckman212L 1 Reply Last reply Reply Quote 0
                          • luckman212L Offline
                            luckman212 LAYER 8 @NetDummi
                            last edited by

                            Cloud router was blocking traffic between cloud private networks.

                            What exactly is "Cloud router" ? Did you not know such a thing was sitting in between your hosts when you started the troubleshooting?

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.