No internet access after reassigning IPs



  • Let me preface my problem by explaining my somewhat unique situation. For various reasons, my local network is sitting behind another "private" network that actually accesses the internet. Thus my setup is as follows: [my local network]->[pfsense]->["private" ISP network]->[Internet]. The practical result of this is that there are two NATs happening between my computer and the internet, one by pfSense, and one by the ISPs network.

    I'm working on getting a 2.1 box setup to replace my current 2.0 box. After I install it, (before I do any setup at all) it seems to work fine. I can ping out, etc. As soon as I run "Set interface(s) IP address" to change the LAN IP to what I want, it stops working. I can ping other addresses in the "private" ISP network, but I can't ping anything outside that, and I can't access the internet. I've tried resetting to default config, and reinstalling. It works at first, but as soon as I change the IP address it stops.

    If any of the above is confusing, feel free to ask questions.  ;)



  • I assume you set the WAN interface to not block private IPs?

    Its a setting at the bottom of interfaces > WAN



  • Yes, I did make sure that was set.



  • The WAN and LAN side subnets need to be different bits of private address space, make sure not to set them the same.
    After changing the pfSense LAN IP you will have to change your LAN client IP (or get DHCP again…) - but I guess you did that since you can ping across to WAN.
    Post the LAN and WAN IP/subnets you are trying to use - what you describe should work easily, I have quite a few installs with double NAT like that.



  • So, I came back to this today, and now its working a little better. Not sure exactly why, but it is. Anyway, the pfSense box itself now has internet access. It can ping out, and successfully checks for updates. But the computer I have behind it doesn't. It can't ping beyond the pfSense box at all. I've tried rebooting the computer, as well as the pfSense box. Any ideas for some troubleshooting steps I can take?



  • I am having this issue as well.

    I am running a HP Proliant DL145 G2 (1x Opteron 246) 512MB w/ 70GB HDD (RAID 1).
    WAN is set to bge0, LAN is set to bge1. Optional is null. Vlan off. No private IP.

    After installing pfsense and using the parameters above, pfsense runs just fine. When accessing the server, if I press 2 to set interface IP address away from 198.168.1.1, to 10.0.0.1, and changing the IPv4 DHCP range from 192.168.1.100 - 192.168.1.199 to 10.0.0.100 - 10.0.0.199, it breaks connectivity. This is after using /release, /renew, and /flushdns of course. pfsense can still ping 8.8.8.8, however devices connected to pfsense can not access the internet. I can resolve DNS, but any attempt to ping 8.8.8.8 or other external IPs results in the following:

    
    ping 8.8.8.8
    pinging 8.8.8.8 with 32 bytes of data:
    reply from 10.0.0.1: TTL expired in transit.
    reply from 10.0.0.1: TTL expired in transit.
    reply from 10.0.0.1: TTL expired in transit.
    reply from 10.0.0.1: TTL expired in transit.
    
    ping statistics for 8.8.8.8:
         Packets: Sent = 4, Received = 4, Lost = 0 (0% loss).
    
    

    NOTE: This occurs with other external IPs as well.

    It seems that WAN-LAN connectivity is broken. even though pfsense can still resolve DNS and ping addresses, other local devices cannot.



  • @sil3ntpr0digy:

    I am having this issue as well.

    I am running a HP Proliant DL145 G2 (1x Opteron 246) 512MB w/ 70GB HDD (RAID 1).
    WAN is set to bge0, LAN is set to bge1. Optional is null. Vlan off. No private IP.

    After installing pfsense and using the parameters above, pfsense runs just fine. When accessing the server, if I press 2 to set interface IP address away from 198.168.1.1, to 10.0.0.1, and changing the IPv4 DHCP range from 192.168.1.100 - 192.168.1.199 to 10.0.0.100 - 10.0.0.199, it breaks connectivity. This is after using /release, /renew, and /flushdns of course. pfsense can still ping 8.8.8.8, however devices connected to pfsense can not access the internet. I can resolve DNS, but any attempt to ping 8.8.8.8 or other external IPs results in the following:

    
    ping 8.8.8.8
    pinging 8.8.8.8 with 32 bytes of data:
    reply from 10.0.0.1: TTL expired in transit.
    reply from 10.0.0.1: TTL expired in transit.
    reply from 10.0.0.1: TTL expired in transit.
    reply from 10.0.0.1: TTL expired in transit.
    
    ping statistics for 8.8.8.8:
         Packets: Sent = 4, Received = 4, Lost = 0 (0% loss).
    
    

    NOTE: This occurs with other external IPs as well.

    It seems that WAN-LAN connectivity is broken. even though pfsense can still resolve DNS and ping addresses, other local devices cannot.

    I found a solution, apparently when I was setting the interface IP for LAN when it asked for gateway, I instinctively was putting 10.0.0.1 (as that would be the gateway from the client's PoV), removing the gateway (setting it to none in WebGUI) did not restore full functionality. After factory resetting pfSense and reattempting to set the interface IP, and not inputting anything for gateway, full functionality was gained along with the proper LAN IP and IP range for LAN DHCP.


  • Netgate Administrator

    Yep that would do it. You should only enter a gateway in the LAN config if the pfSense box itself has a gateway on that interface. Obviously that isn't that case in the vast majority of networks.

    Steve



  • Seems a little strange that even after removing the gateway, full functionality was not restored, is there any particular reason why that may be?


  • Netgate Administrator

    Check in System: Routing: (gateways tab). Make sure you only have one gateway listed there, that it's the WAN gateway and that it's set as default.

    Adding a gateway to LAN really causes a number of problems. Having a gateway on LAN, although incorrect, shouldn't cause a huge problem in itself. This problem is that it's almost always the most recently added gateway and hence it becomes set as the default.

    Steve


Log in to reply