New install can't access ISP gateway.

steve_eo · Mar 21, 2012, 6:34 PM

Brand new installation, just followed along with prompts, using 10.6.2.24 as WAN static IP with /24 mask. LAN is 192.168.1.1 /24 has DHCP enabled.
With this simple setup I was expecting to be able to go to a computer on the LAN side and browse the web….not so.
I can ping 10.6.2.100 (my ISP gateway and ISP DNS server) from the webConifurator (from a computer on the LAN) and I believe I can get correct DNS responses because if I try and ping www.cnn.com (I get the IP address back to which it pings)....but I get no response from any external machines.
Do I need to setup some routes or something? Or should the default setup be sufficient for me? Obviously I need to do something as the default doesn't work.
What can I post here to help debug?
Thanks.

Here is a picture of what I'm trying to do:
Internet<--->ISP gateway/dns @10.6.2.100<----->pfSense (static WAN IP) @10.6.2.24, (LAN IP) @ 192.168.1.1<------>LAN 192.168.1.x
-Steve

chris23 · Mar 21, 2012, 9:11 PM

sorry…. but confused by your setup.
do you have some sort of router maybe an ADSL router connected to your ISP and your pfsense comes off that and then your local network connects to the pfsense?

don't quite understand how your pfsense wan could be in the same subnet as the isp gateway.

more info needed...

steve_eo · Mar 21, 2012, 9:14 PM

Thanks for the reply!
My ISP provides me with a static private IP address (10.6.2.24)…....to which I connect the WAN side of pfsense to.....which in turn I connect my pfsense LAN side to my internal switch for my household computers.
Does that give a better picture?
-Steve

chris23 · Mar 21, 2012, 9:28 PM

OK, not seen that before, I'm in the UK. where are you?
Don't think this happens in the UK (normally).

I suspect you need to have the subnet set to /32 not /24, unless you are some how sharing your wan network directly with other people.

Chris

Edit: did you try setting wan to dhcp to see if you get an IP etc that way

steve_eo · Mar 21, 2012, 10:17 PM

I'll try /32…..and no I can't use DHCP. I've been assigned 10.6.2.24.
So am I correct in the assumption that if I set up my WAN and then LAN I should be able to browse the web from the LAN without any other setup?
Or do I have to create Firewall Rules and set routes?
-Steve

wallabybob · Mar 21, 2012, 10:24 PM

pfSense needs a default gateway (or route) to get to the Internet. Since you aren't using DHCP or PPP on your WAN interface you will have to specify it yourself: Go to System -> Routing, click on Gateways tab and on the WAN interface add a gateway of IP address 10.6.2.100 and specify it is the default gateway and then click Save.

The ISP gateway and your WAN interface need to be on the same subnet so you should stick with the /24 (or similar) netmask.

chris23 · Mar 21, 2012, 10:23 PM

normally rules for lan going out are wide open on the default setting, so no config required.

It's generally normal for ISPs to dhcp the wan IP settings over to you even when your are statically assigned.

and he's right, check you have a default gateway set to the wan ip

steve_eo · Mar 22, 2012, 1:38 AM

wallabybob: you had the secret sauce!
The only thing that was missing from what you told me was that I had to go into Interfaces and then select the Gateway that I created in the steps that you outlined.
So thanks to all who helped out….all is working as I'd expect! :)

-Steve

wallabybob · Mar 22, 2012, 3:14 AM

@steve_eo:

The only thing that was missing from what you told me . . .

Thanks for completing the story. I've never had to do this because my WAN interfaces have always used DHVP or PPPoE.