Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Opt 1 interface not communicating with the internet

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      coyote
      last edited by

      Hello all,
      I've been using pfsense for many years now without problems. I want to make a change or rather enhance my network with one interface.

      Interfaces before change: WAN (x.x.150.1), LAN (x.x.151.1)
      Interfaces after change: WAN, LAN, OPT1 (x.x.152.1)

      In front them there is another router for the internet connection. I want to use the OPT1 interface to provide several services to the internet. So, I used the webconfigurator and activated the OPT1 interface and it's communicating with the LAN interface, but no traffic is transmitting to WAN and to the internet like ping, traceroute, wget and aptitude is not downloading any updates. Activating the interface I did not enter any gateway, because the only available was the "GW_OPT1 - dynamic".

      Any idea what's going wrong or what can I do to get the connection established? I really have no clue.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        You need to add a firewall rule on the OPT1 interface to allow out traffic. Only the LAN interface has such a rule by default. You can use the default LAN-to-any rule as a template for creating the rule on OPT1 but be aware it's a very permissive rule, everything is allowed out.

        You should not have a gateway on OPT1.

        Steve

        1 Reply Last reply Reply Quote 0
        • C
          coyote
          last edited by

          Yes, it works! Thank you.
          By the way, what is a not so very permissive rule? Something that can configured be configured via the webconfigurator?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Well for example a minimum set of rules to allow clients on OPT1 to have web access:
            Source OPT1 subnet, port any, destination any, port 80.
            This will allow traffic out to port 80, HTTP.
            You also need to allow access to the pfSense DNS forwarder:
            Source. Opt1 signet, port any, destination OPT1 address, port 53.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.