Unable to communicate with www.pfsense.com - Tried a few suggestions but …



  • Hello,

    I know this topic has already been addressed but after having tried a few suggestions, I still cannot get the package list nor the check for updates to work.

    Here is a brief description of my config:
    1. MultiWAN, with 1 WAN defined as default
    2. WAN interface IP is 10.60.0.2/16, connected to router with IP 10.60.0.1/16 (router connected to Internet)
    3. WAN interface gateway is set to 10.60.0.1
    4. System: General Setup => DNS Server: 8.8.8.8 (no gateway specified & option "Do not use the DNS Forwarder as a DNS server for the firewall" CHECKED)
    5. DNS Forwarder enabled
    6. Firewall: NAT: Outbound => Manual
    7. Firewall: NAT: Outbound => Mapping of source 127.0.0.0/8, dest ANY to WAN public IP (Port: 1024:65535) [Auto created rule for localhost to WAN]
    8. Firewall: NAT: Outbound => Mapping of source 192.168.6.0/24, dest ANY to WAN public IP [Auto created rule for LAN to WAN]

    NB:
    1. LAN users can access Internet without any problem
    2. Diagnostics: DNS Lookup => Hostname or IP: www.pfsense.com =>  No response
    3. Diagnostics: Ping => Host: 8.8.8.8, Interface: LAN => OK
    4. Diagnostics: Ping => Host: 8.8.8.8, Interface: WAN => FAIL

    Any help welcome.



  • Unless you are doing CARP or some other NAT, switch outbound NAT to automatic. WAN failing to ping should not be happening and is most likely why www.pfsense.com will not resolve. It is strange that other services are working. On the WAN, do you have it set to block private IPs?



  • Yes, on the default WAN interface, "Block private IPs" is checked. However, unchecking it does not resolve the issue.

    The WAN interfaces are set up as follows:
    1. WAN1 (default gateway):
      Interface IP: 10.60.0.2/16, gateway: 10.60.0.1/16, private IPs blocked, bogon networks blocked
      Outbound NAT uses a public Virtual IP
    2. WAN2:
      Interface IP: 192.168.4.100/24, gateway: 192.168.4.1/24, private IPs blocked, bogon networks blocked
      Outbound NAT uses the private WAN2 interface address
    3. WAN3:
      Interface IP: 192.168.5.100/24, gateway: 192.168.5.1/24, private IPs blocked, bogon networks blocked
      Outbound NAT uses the private WAN3 interface address

    I forgot to mention that LAN IP is 192.168.6.0/24.

    I also have IPSec enabled & using the same virtual IP as WAN1 for the tunnels.
    I therefore require a few specific outbout NAT mappings.

    Is it possible to make use of automatic outbound NAT?
    What difference will it make by switching outbound NAT to automatic?

    Thanks again.



  • Hello again,

    After thinking a bit more (should have done that before), I found the solution: I added an outbound NAT mapping to NAT source IP network 10.60.0.0/16 to the public virtual IP.

    The reason is that when I ping 8.8.8.8 using the WAN1 interface, pfSense uses the WAN1 private IP as its source IP.
    However, there was no NAT mapping this IP to the public IP.

    So, I understand that the pfSense box (always?) uses the WAN interface when accessing the internet.
    I wrongly assumed that all traffic originating from the pfSense box would use the localhost 127.0.0.1 IP address as its source IP, which would then be NATted to the specified public IP address.

    Thanks for all help.


Log in to reply