Possible NAT Problem?



  • I have my WAN configured for DHCP and it is getting an IP.  I have my LAN configured properly and clients are getting a DHCP address that I configured.  I cannot ping\access the internet though.  I can ping\tracert from pfsense with the LAN set as the source.

    I have a feeling this is something simple that I am over looking.

    Any ideas?

    Thanks in advance.



  • "Properly" is subjective, give us the specifics of your network.  e.g. provide network map.  is the WAN ip you are getting Public or private?  What are your LAN scope options?  Using automatic outbound NAT or Manual outbound NAT?  Are you using the DNS forwarder on PFsense or have a separate internal DNS server?  Are your clients getting PFsense as it's gateway?  Can you resolve and ping addresses from the PFsense box itself?



  • cable modem > WAN pfsense > LAN pfsense > 3560.  I am getting a proper Comcast public IP on the WAN interface via DHCP.  There are no special DHCP scope options for the LAN.  DHCP is working properly on the LAN interface.  Currently under the NAT Outbound section, I am using "Automatic Outbound Rule Generation."  This might be were the hang up is.  I am assuming this means NAT overload in Cisco terms.  Please correct me if I am wrong.  I am using the DNS forwarder and specifically using DYNDNS's DNS servers.  My clients are getting the proper gateway via DHCP.  Like I mentioned before I can ping 8.8.8.8 and www.google.com from the pfsense WAN and LAN interface.

    UPDATE

    It was a stupid mistake.  I went back into the firewall rules and the default allow rule allowing LAN to any was disabled.  Enabled the rule and everything started to work.


Log in to reply