Cannot connect to the internet using pfsense.

  • I hate to ask this question because it probably has been asked before but I cannot find an answer to this question.

    My Box is a Intel Celeron 600MHz, with 512MB SDRAM.

    I have configured which NIC is WAN and which is LAN, when I connect my PC to the LAN port I can access the webconfig and it all seems to work well. However I have been at this for hours now, and nothing I do seems to allow me to get Internet access. My ISP is Bright house. Im not sure what to do at this point, I thought something that basic would have configured itself like a store bought router would.

    Right now I have it setup as follows until I get everything working.

    Modem –> PfSense --> PC

    My ultimate goal is to use pfsense solely for connecting to a VPN, which my current router does not support. But I do want to use my Dlink router to handle everything else. At that point it would be setup like this.

    Modem --> PfSense --> Router WAN (DIR-655) --> (3 wired, 5 wireless)

    Any help would be appreciated.

  • What does the web console show for the WAN IP?

    How are you connected to the Internet? Are you using a DSL, cable or dialup modem (or something else)?

  • The WAN IP is and I connect using a cable modem. The WAN should be configured to use DHCP.

  • @relik1989:

    The WAN IP is and I connect using a cable modem. The WAN should be configured to use DHCP.

    Does this mean the WAN isn't currently configured to use DHCP? DHCP will normally provide a default gateway. Without a default gateway (or static routes) pfSense won't know how to get to the Internet.

  • I set the WAN to use DHCP. It even says the WAN is using DHCP on the main page of the webui. I'm just not sure what the issue is, this seems like something very trivial that maybe I'm just unaware of. I can login to the webui just fine though so at least the LAN end is working properly. Also just to clarify when I put should I was implying that I did in fact set the WAN interface to DHCP, I was trying to imply that I'm not 100% sure if its actually working correctly though.

  • You should see the DHCP client (dhclient) entries in the system log (Status -> System Logs). Note the DHCP tab in Status -> System Logs is for DHCP server. There will probably be a few lines with a similar timestamp - please post them here.


    nothing I do seems to allow me to get Internet access.

    What access are you attempting, on what computer are you attempting that access and what is reported when you attempt it?

    What is the output from the pfSense shell command```
    netstat -rn; traceroute

    What version of pfSense are you using?

  • The WAN IP is and I connect using a cable modem.

    What model modem do you have?

    By the IP given to your pfsense box by your modem Im gonna take a guess and say that your modem is a gateway device.  That is a modem and router combo.

    (Some modems that are not routers will give 192.168.100.x to clients sometimes when they have no internet connection to the ISP…)  Since yours is 192.168.1.x tells that yours is a gateway.

    But then if your pfsense LAN is the default that means the your WAN and LAN are using the same subnets. That can't be routed so your connection wont work.   Change your LAN to something like and see if that doesn't fix things...  Or change your modem to use another subnet in the private range...

    Also- Make sure your WAN interface has (twards the bottom) "Block Private Networks" unchecked.

    Modem –> PfSense --> Router WAN (DIR-655) -->

    You could very well have all 3 devices on the same subnet… (Although the Dlink is probably 192.168.0.x)   If it were me- Id put the modem in bridge mode...   Let pfSense handle the routing...   then look up how to use the Dlink as an AP and switch only...

  • @chpalmer:

    But then if your LAN is default that means the your WAN and LAN are using the same subnets. That can't be routed so your connection wont work.   Change your LAN to something like and see if that doesn't fix things…  Or change your modem to use another subnet in the private range...

    I'd actually suggest using one of the 172.16.x. to 172.31.x.[/t] or 10.a.b ranges. That way you're far less likely to clash with an IP range used by another product.

  • Rebel Alliance Global Moderator

    If it were me- Id put the modem in bridge mode…  Let pfSense handle the routing...  then look up how to use the Dlink as an AP and switch only...


    In your current layout with pfsense getting private on wan, the pfsense doing nat by default, then your dlink doing nat again by default –> you would be doing triple nat before a client gets an IP from your dlink -- why would you want that?

  • Sorry its been a while since I replied back. Work came down on me like a ton of bricks, Ive barely been home.

    I am still needing some help with this. I like the idea of bridging the modem with the pf sense box and using the dlink as an AP. What exactly would bridging the connections do? and how would I go about setting this up? Are are there any links to any tutorials or the like?

  • Bridging is done by your modem and effectively means your pfSense box becomes the ISP connected device. The manual of your modem should tell you how to do that. The same applies to your D-Link device - check the manual to see if it has a dedicated AP mode (if it doesn't just set it to have a LAN IP outside of the DHCP range and connect it to the switch using a LAN port only).

  • Im trying to find how to bridge the modem I have, but I'm having a really hard time finding anything useful, it doesn’t seem to be a very known brand. Its a Terayon TJ715X. If I am unable to bridge the modem, than I guess my next question would be; Is it necessary to do so, or is there something else I could do?

  • Rebel Alliance Global Moderator

    You sure thats your model number?

    From this thread,9183491

    That model number seems to be just a cable modem, not nat device - but clearly your wan is a private on your pfsense.  So your set to dhcp on your pfsense wan?

  • Netgate Administrator

    The most likely problem you are having is that your WAN and LAN are in the same subnet, 192.168.1.X, and this has broken routing.
    To get working just change you LAN IP to some other subnet., as Cry Havok suggested, is almost certain not to be in use by anything else. If you do this using the console it will also change your dhcp server settings, which is good!

    Once you get working try to bridge your modem. One step at a time.  ;)


    @Johnpoz: He is also using a D-link router which may be doing NAT.

  • Rebel Alliance Global Moderator

    The router is after pfsense from what he stated.

    Maybe he is not connected to the right interface - maybe he has lan connected to modem and wan connected to router?  But if that was the case and connected to the routers wan - he would not be getting a IP.

  • OK, I have tried everything thats been suggested except bridging the connection and I am still getting no where. I have also noticed that no matter what I do at this point the WAN interface does not have an IP address. it just says (DHCP)

    Also Im not sure why my WAN originally showed, It must have been a fluke or an improper configuration, I have since reformatted and started fresh and it has been all zeros ever since.

  • Netgate Administrator

    With many cable modems they will only hand out IP addresses to a single computer (MAC address) so you often have to power cycle the modem to make it 'see' a new device. In some cases it may be necessary to spoof the MAC of your pfSense WAN address to match your old router.


    Edit: V  ;)

  • Rebel Alliance Global Moderator

    Ok is better than a private!  So if your connected to a "cable" modem and your not getting an IP from your ISP.  Then have you rebooted your modem?  Remove power from it and turned it back on.

    Quite often when a new mac is seen on the modem you have to reboot it to allow the new mac to work.  If you had your computer/router connected to say your modem, and then you connect a different box that is going to be pfsense - then you need to power cycle your modem so that pfsense mac will work with it.

    edit: ^ Jinks! stephenw10 ;)

  • I have actually tried power cycling the modem several times along with spoofing the MAC from my PC, but I have not tried the MAC from the Dlink. I will give it a try and let you know.

  • OK I got it! My ISP had to recognize it from there end apparently, so all is well in that area now. So the last step in what I'm trying to do should be simple. My pfsense box only has 2 network cards, one WAN and LAN, at this point I want to be able to use my dlink to connect all of my computers and such. I believe I know how to get my dlink to act as an AP, but will that configuration work for wired computers as well as wireless?

    Again, my end goal is;
    Modem->pfsense->dlink->everything else (wired and wireless)

    the guide I found to set my dlink to AP mode is here:
    it seems like it should work great, but it makes no mention of whether or not I can still use the remaining LAN ports.

    EDIT: I temporarily have the LAN of pfsense connected to WAN of dlink and my network is functioning like normal, however I assume this means the dlink is still handling everything and is doing nothing more than passing through pfsense. I would prefer pfsense to handle everything and the dlink to basically function as nothing more than extra lan ports and wifi access if possible.

  • Netgate Administrator

    Generally speaking you can use a router as an access point and switch by simply disabling the dhcp server and connecting to one of the lan ports. Leave the wan port empty.
    However you may be able to set the d-link purely as an access point, disabling routing and NAT, and use the wan port. This would obviously give you more usable switch ports .

    Pretty much what's described in that blog post.  ;)


  • OK, thanks. I will hopefully have time to give it shot tonight. I really appreciate everyone’s help. you all have been amazingly helpful.

  • Yup! It really was that simple. thank you all for your help. I have everything set-up exactly how I wanted it, and because of the AP advice I actually have a better configuration than I was originally shooting for. Thank you.

  • I do have one last question. Now that this is all set-up I can no longer access the webui for my dlink. It it still set to, But I have pfsense running on 172.168.1.x. I can access pfsense webui fine, but not my dlink.

  • I hope you meant 172.16.1.x range, since 172.168. is a routeable IP address used on the Internet…

    To access your D-Link change the IP of your desktop/laptop to and then set the IP of the D-Link to be something outside of the DHCP range pfSense is allocating (eg