Opt 1 interface not communicating with the internet
-
Hello all,
I've been using pfsense for many years now without problems. I want to make a change or rather enhance my network with one interface.Interfaces before change: WAN (x.x.150.1), LAN (x.x.151.1)
Interfaces after change: WAN, LAN, OPT1 (x.x.152.1)In front them there is another router for the internet connection. I want to use the OPT1 interface to provide several services to the internet. So, I used the webconfigurator and activated the OPT1 interface and it's communicating with the LAN interface, but no traffic is transmitting to WAN and to the internet like ping, traceroute, wget and aptitude is not downloading any updates. Activating the interface I did not enter any gateway, because the only available was the "GW_OPT1 - dynamic".
Any idea what's going wrong or what can I do to get the connection established? I really have no clue.
-
You need to add a firewall rule on the OPT1 interface to allow out traffic. Only the LAN interface has such a rule by default. You can use the default LAN-to-any rule as a template for creating the rule on OPT1 but be aware it's a very permissive rule, everything is allowed out.
You should not have a gateway on OPT1.
Steve
-
Yes, it works! Thank you.
By the way, what is a not so very permissive rule? Something that can configured be configured via the webconfigurator?
-
Well for example a minimum set of rules to allow clients on OPT1 to have web access:
Source OPT1 subnet, port any, destination any, port 80.
This will allow traffic out to port 80, HTTP.
You also need to allow access to the pfSense DNS forwarder:
Source. Opt1 signet, port any, destination OPT1 address, port 53.Steve
