Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Workstations on Lan can't reach internet

    Installation and Upgrades
    3
    6
    1621
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      djp1973 last edited by

      Hi,
      I have just installed my first PfSense box and I am having a little trouble getting my workstations online.

      I have configured the WAN interface (DHCP) from my ADSL modem.  That seems to work fine.  It picks up an IP address and I can ping google no problem. Although the gateway for the LAN claims to be 'offline'

      I have configured one of my LAN connections (Training10) with the IP 192.168.1.1 and setup DHCP to feed my workstations.

      I thought that was all there is to it however….

      My workstations pickup the DHCP settings but then can't reach the web.  I cannot ping the LAN interface from my workstations either.

      Am I missing something obvious?

      I have included screen grabs of my status and interface pages if that helps.

      Many thanks in advance.



      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        Although the gateway for the LAN claims to be 'offline'

        I guess you mean "WAN" here. Probably the address at your ISP does not respond to ping - no ping responses means it will think it is down, even though other traffic is getting through. You can change the gateway monitor IP in System->Routing - use something like 8.8.8.8 (Google DNS), then it should get ping responses and really know if the gateway is up.
        ADMIN20 was probably the original LAN interface. It probably has a firewall rule to allow access by clients. I suspect that clients on ADMIN20 are working fine.
        TRAINING10 is probably the next "OPT1" interface. There won't be any firewall rules by default. Maybe you just need to go to Firewall->Rules and add pass rule/s to allow traffic on TRAINING10.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob last edited by

          To give a bit more background to Phil's reply, by default, pfSense LAN interface has firewall rules allowing all traffic but, by default, non-LAN interfaces don't have firewalls rules allowing traffic so all traffic is blocked.

          1 Reply Last reply Reply Quote 0
          • D
            djp1973 last edited by

            Thanks guys,
            I matched the firewall rule for the LAN (ADMIN20) to the TRAINING10 Network and I can now ping my PfSense box from the Training subnet.  It doesn't appear to route traffic to the web yet, I can't ping google from a training workstation (although it does appear to do a dns look up) but I guess I'll have to play around with the routing for this.

            Thanks again

            Dave Price

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis last edited by

              There should not be anything much to do about the routing. As long as the TRAINING10 clients have the pfSense TRAINING10 IP Address as their default gateway and DNS server then they should find their way to the internet, like ADMIN20.
              You can enable DHCP on TRAINING10 (as well as ADMIN20), specify a DHCP pool of addresses in the TRAINING10 subnet range. Then the TRAINING10 clients will get default gateway and DNS set correctly.
              What appears to be inability to route often turns out to be a Firewall Rule (or lack of) that is causing packets to be dropped somewhere.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • D
                djp1973 last edited by

                Yup,
                Bang on the money.  I had incorrectly entered the firewall rules for the network (Newbie error!).  Once I corrected them, woosh it all worked.

                Thanks Guys!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post