No internet on LAN
-
Hello,
I'm trying to set up pfSense, but I'm having trouble with letting it work correctly. I can ping from WAN, but I can't ping from LAN.
I made several screenshots, I hope one of you can see what I'm doing wrong: https://dumpyourphoto.com/album/fBfg4QBvMu
I'm running pfSense 2.1 RC0 build 20130629-1351.
-
If you send a ping with a private source IP address to a host on the public internet the internet won't know where to send the response. (The response should go to a private IP address and that won't uniquely identify the destination.)
The outgoing ping will probably be discarded by your ISP.
-
Wallyboy is correct, that is why you need NAT. You should be able to ping from a host on the network provided you created a rule for that lan. I believe lan is generated automatically.
-
Wallyboy is correct, that is why you need NAT. You should be able to ping from a host on the network provided you created a rule for that lan. I believe lan is generated automatically.
So I should set "Manual outbound NAT rule generation" instead of "Automatic outbound NAT rule generation" and set up my own rules?
-
You should leave it at "Auto".
Your attempt "to ping from LAN" fails, because you try to ping google.nl on your LAN. The correct behaviour for the PING GUI on pfSense is to be "dumb" (it routes the packets onto the interface you specify, not the one which would make sense), so everything si correct.
To really ping google.nl from the LAN, connect a PC to the LAN port and issue your ping there. If it fails, try to ping 192.168.1.1 from the PC. If this fails as well, you have issues with your LAN side setup, perhaps DHCP disables or IP addresses set up wrongly.
Assuming you want DHCP, check if the DHCP Server page of your pfSense box. Check the output of ipconfig on your PC. It should gibe you an IP address of 192.168.1.xxx, with the gateway being 192.168.1.1.
-
You should leave it at "Auto".
Your attempt "to ping from LAN" fails, because you try to ping google.nl on your LAN. The correct behaviour for the PING GUI on pfSense is to be "dumb" (it routes the packets onto the interface you specify, not the one which would make sense), so everything si correct.
To really ping google.nl from the LAN, connect a PC to the LAN port and issue your ping there. If it fails, try to ping 192.168.1.1 from the PC. If this fails as well, you have issues with your LAN side setup, perhaps DHCP disables or IP addresses set up wrongly.
Assuming you want DHCP, check if the DHCP Server page of your pfSense box. Check the output of ipconfig on your PC. It should gibe you an IP address of 192.168.1.xxx, with the gateway being 192.168.1.1.
I've connected a PC to the LAN port and I tried to ping google.nl and its IP, but it fails. Ping from the PC to 192.168.1.1 works.
I don't have DHCP enabled on the pfSense box, I've manually configured the IP settings on the PC.
-
How does the ping fail? No route to host? No dns resolution? No reply?
Do you have the gateway and dns servers set on the client?
Steve
-
I think this is the same issue I am having since upgrading the the latest version of 2.1.
The Post I have is http://forum.pfsense.org/index.php/topic,63557.0.html
-
I think this is the same issue I am having since upgrading the the latest version of 2.1.
The Post I have is http://forum.pfsense.org/index.php/topic,63557.0.htmlWould be more useful to answer the previous post…
-
It's not the same problem since Ramy is able to ping external sites from the pfSense box. His WAN connection, PPPoE over VLAN, is working fine. Impossible to say further until he reports back but at this point my money would be on misconfigured client since it's not using DHCP.
Steve
-
Just out of curiosity…which ISP is using PPPoE over VLAN6?
Not the German Telecom, they use PPPoE over VLAN7.
Chello?
-
How does the ping fail? No route to host? No dns resolution? No reply?
Do you have the gateway and dns servers set on the client?
Steve
I get "Destination Host Unreachable". The gateway and DNS servers are set on the client.
Client settings are:
IP: 192.168.1.2
Netmask: 255.255.255.0
Gateway: 192.168.1.1
DNS: I tried 192.168.1.1, 8.8.8.8 and the DNS of my providerJust out of curiosity…which ISP is using PPPoE over VLAN6?
Not the German Telecom, they use PPPoE over VLAN7.
Chello?
The ISP is XS4ALL (Dutch)
-
I assume your WAN address is a public IP?
Do you have a default gateway set? System: Routing: Gateways:
Do you have a default route set? Diagnostics: Routes:So you can still ping from the webgui but there is no route from the client? But DNS is working.
Steve
-
Do you have a default gateway set? System: Routing: Gateways:
That was the problem! The default gateway was 192.168.1.1, I've changed the default gateway to the gateway of my provider and it worked!
Thanks a lot for the help!
-
I had the same problem after an upgrade (both on nanobsd and hdd installation).
I solved by going to 'Interfaces >> LAN' and change the gateway to 'none' and LAN can access internet. I do not know whether this is the way to do or not?
-
I solved by going to 'Interfaces >> LAN' and change the gateway to 'none' and LAN can access internet. I do not know whether this is the way to do or not?
There should NOT be any GW for non-WAN interfaces.
-
I solved by going to 'Interfaces >> LAN' and change the gateway to 'none' and LAN can access internet. I do not know whether this is the way to do or not?
There should NOT be any GW for non-WAN interfaces.
Thanks for confirming. :-)
-
Indeed. We don't know Ramy's exact setup but since his default gateway was set to 192.168.1.1 it seems likely that he set a gateway on LAN which is incorrect. However his screen shot shows no gateway set on LAN so perhaps his more complex WAN setup caused problems. It would be interesting to know how the default gateway ended up set like that if no gateway was ever set on LAN.
Steve
-
Do you have a default gateway set? System: Routing: Gateways:
That was the problem! The default gateway was 192.168.1.1, I've changed the default gateway to the gateway of my provider and it worked!
Shouldn't the gateway there be "dynamic", as WAN goes over PPPoE? In theory, the ISP could change the default gateway….
-
Exactly, it should. However since the WAN is PPPoE over VLAN in this case perhaps he needed to manually configure some things that ended up overriding the ISP supplied details.
Steve
