Unable to Reach Internet from LAN Side



  • Hi,

    I am stuck trying to figure out why I can not access the internet using pfSense. I have attached a drawing of the network configuration and the ping results to hopefully make the following more understandable.

    I get Internet from a wi-fi source provided by the apartment house. The signal is weak enough that I use an external USB hung in a window to get a full speed connection. Of course that limits where in the apartment I can use the computer.

    So I decided to use pfSense and a wi-fi router to solve the problem.

    First issue was that pfSense did not recognize the USB wi-fi adapter. Solution to that problem was to run pfSense inside a VMware virtual machine and let Windows take care of the USB adapter. That seems to work OK.

    Installed pfSense and started checking connectivity;

    From the WAN side I can reach the LAN (192.168.25.1), the gateway (192.168.1.254) and the internet (8.8.8.8). This seems to confirm the VM is working properly.

    From the LAN I can reach the WAN side of pfSense (192.168.1.65), but nothing beyond. I can reach the pfSense WAN by pinging from either a client or the diagnostics in pfSense; which again this seems to confirm the VM is working properly. And it seems to confirm that traffic is passing from the LAN to the WAN side of pfSense.

    So why doesn’t it reach the Gateway/Internet?

    Firewall Configuration
      NAT
    Port Forward - no rules
    1:1 - no rules
    Outbound - Automatic
      Rules
    Pass Any from either WAN or LAN
      No Schedules
      No Traffic Shaper
      No Virtual IP’s

    Gateways
    WAN Gateway: 192.168.1.254
    LAN: None

    Anyone see the (probably obvious) thing I am missing?

    Or ideas for how to track down the problem?

    Thanks!

    Using Windows 7 Ultimate; VMware Workstation 7.1.4; pfSense 2.0 RC3
    ![Network Map.png](/public/imported_attachments/1/Network Map.png)
    ![Network Map.png_thumb](/public/imported_attachments/1/Network Map.png_thumb)



  • Looks fine. What's the default gateway on the LAN hosts?



  • @cmb:

    Looks fine. What's the default gateway on the LAN hosts?

    CMB - Thanks for the response.

    Ah-Ha, I found the problem from reading another posting on a similar issue.

    I had shut off the Firewall under -> System -> Advanced -> Firewall -> Disable all Packet Filtering.

    I thought that would simply bypass any filtering, but failed to read that it would also shut off NAT.

    Problem solved after I turned the Firewall back on.

    Rhetorical question at this point, but why should packet filtering and NAT be tied together??

    ~~If I look at a clients network card, the Gateway is set to the pfSense LAN IP (192.168.25.1)

    If I look at the pfSense LAN interface, there is no default gateway. I tried adding the WAN IP (192.168.1.65) and seperately tried 192.168.1.254. Still can ping 192.168.1.65, but not 192.168.1.254 from the LAN side.

    I am not sure I understood the gateway on the LAN question, so if I didn't answer the question correctly, perhaps you could elaborate on what I should be looking at.~~
    Thanks for your help!



  • PF does NAT and filtering. If you disable it, you have neither.



  • @cmb:

    PF does NAT and filtering. If you disable it, you have neither.

    Yes, but why tie them together instead of seperate functions - allow shutting off of Firewall only instead of both?

    Thanks Aain for your help.



  • PF is not pfSense…. pfSense uses PF.

    http://en.wikipedia.org/wiki/PF_(firewall)


Locked