Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to communicate with www.pfsense.com - Tried a few suggestions but …

    Off-Topic & Non-Support Discussion
    2
    4
    2.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netsysadmin
      last edited by

      Hello,

      I know this topic has already been addressed but after having tried a few suggestions, I still cannot get the package list nor the check for updates to work.

      Here is a brief description of my config:
      1. MultiWAN, with 1 WAN defined as default
      2. WAN interface IP is 10.60.0.2/16, connected to router with IP 10.60.0.1/16 (router connected to Internet)
      3. WAN interface gateway is set to 10.60.0.1
      4. System: General Setup => DNS Server: 8.8.8.8 (no gateway specified & option "Do not use the DNS Forwarder as a DNS server for the firewall" CHECKED)
      5. DNS Forwarder enabled
      6. Firewall: NAT: Outbound => Manual
      7. Firewall: NAT: Outbound => Mapping of source 127.0.0.0/8, dest ANY to WAN public IP (Port: 1024:65535) [Auto created rule for localhost to WAN]
      8. Firewall: NAT: Outbound => Mapping of source 192.168.6.0/24, dest ANY to WAN public IP [Auto created rule for LAN to WAN]

      NB:
      1. LAN users can access Internet without any problem
      2. Diagnostics: DNS Lookup => Hostname or IP: www.pfsense.com =>  No response
      3. Diagnostics: Ping => Host: 8.8.8.8, Interface: LAN => OK
      4. Diagnostics: Ping => Host: 8.8.8.8, Interface: WAN => FAIL

      Any help welcome.

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        Unless you are doing CARP or some other NAT, switch outbound NAT to automatic. WAN failing to ping should not be happening and is most likely why www.pfsense.com will not resolve. It is strange that other services are working. On the WAN, do you have it set to block private IPs?

        1 Reply Last reply Reply Quote 0
        • N
          netsysadmin
          last edited by

          Yes, on the default WAN interface, "Block private IPs" is checked. However, unchecking it does not resolve the issue.

          The WAN interfaces are set up as follows:
          1. WAN1 (default gateway):
            Interface IP: 10.60.0.2/16, gateway: 10.60.0.1/16, private IPs blocked, bogon networks blocked
            Outbound NAT uses a public Virtual IP
          2. WAN2:
            Interface IP: 192.168.4.100/24, gateway: 192.168.4.1/24, private IPs blocked, bogon networks blocked
            Outbound NAT uses the private WAN2 interface address
          3. WAN3:
            Interface IP: 192.168.5.100/24, gateway: 192.168.5.1/24, private IPs blocked, bogon networks blocked
            Outbound NAT uses the private WAN3 interface address

          I forgot to mention that LAN IP is 192.168.6.0/24.

          I also have IPSec enabled & using the same virtual IP as WAN1 for the tunnels.
          I therefore require a few specific outbout NAT mappings.

          Is it possible to make use of automatic outbound NAT?
          What difference will it make by switching outbound NAT to automatic?

          Thanks again.

          1 Reply Last reply Reply Quote 0
          • N
            netsysadmin
            last edited by

            Hello again,

            After thinking a bit more (should have done that before), I found the solution: I added an outbound NAT mapping to NAT source IP network 10.60.0.0/16 to the public virtual IP.

            The reason is that when I ping 8.8.8.8 using the WAN1 interface, pfSense uses the WAN1 private IP as its source IP.
            However, there was no NAT mapping this IP to the public IP.

            So, I understand that the pfSense box (always?) uses the WAN interface when accessing the internet.
            I wrongly assumed that all traffic originating from the pfSense box would use the localhost 127.0.0.1 IP address as its source IP, which would then be NATted to the specified public IP address.

            Thanks for all help.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post