Workstations on Lan can't reach internet
I have just installed my first PfSense box and I am having a little trouble getting my workstations online.
I have configured the WAN interface (DHCP) from my ADSL modem. That seems to work fine. It picks up an IP address and I can ping google no problem. Although the gateway for the LAN claims to be 'offline'
I have configured one of my LAN connections (Training10) with the IP 192.168.1.1 and setup DHCP to feed my workstations.
I thought that was all there is to it however….
My workstations pickup the DHCP settings but then can't reach the web. I cannot ping the LAN interface from my workstations either.
Am I missing something obvious?
I have included screen grabs of my status and interface pages if that helps.
Many thanks in advance.
Although the gateway for the LAN claims to be 'offline'
I guess you mean "WAN" here. Probably the address at your ISP does not respond to ping - no ping responses means it will think it is down, even though other traffic is getting through. You can change the gateway monitor IP in System->Routing - use something like 126.96.36.199 (Google DNS), then it should get ping responses and really know if the gateway is up.
ADMIN20 was probably the original LAN interface. It probably has a firewall rule to allow access by clients. I suspect that clients on ADMIN20 are working fine.
TRAINING10 is probably the next "OPT1" interface. There won't be any firewall rules by default. Maybe you just need to go to Firewall->Rules and add pass rule/s to allow traffic on TRAINING10.
To give a bit more background to Phil's reply, by default, pfSense LAN interface has firewall rules allowing all traffic but, by default, non-LAN interfaces don't have firewalls rules allowing traffic so all traffic is blocked.
I matched the firewall rule for the LAN (ADMIN20) to the TRAINING10 Network and I can now ping my PfSense box from the Training subnet. It doesn't appear to route traffic to the web yet, I can't ping google from a training workstation (although it does appear to do a dns look up) but I guess I'll have to play around with the routing for this.
There should not be anything much to do about the routing. As long as the TRAINING10 clients have the pfSense TRAINING10 IP Address as their default gateway and DNS server then they should find their way to the internet, like ADMIN20.
You can enable DHCP on TRAINING10 (as well as ADMIN20), specify a DHCP pool of addresses in the TRAINING10 subnet range. Then the TRAINING10 clients will get default gateway and DNS set correctly.
What appears to be inability to route often turns out to be a Firewall Rule (or lack of) that is causing packets to be dropped somewhere.
Bang on the money. I had incorrectly entered the firewall rules for the network (Newbie error!). Once I corrected them, woosh it all worked.