No internet with static IP config



  • Hello,

    I've decided to replace our current web appliance by PFSense but I'm having a really hard time trying to simply configure the pfsense box with static IPs on the WAN interface and providing internet to the LAN interface. And after 48+hours hitting my head on the wall, I've decided to share my problem with you.
    Let me try to draw a diagram for better self explanation:

    Internet(TP-link router:192.168.2.254) ->  PFSense  (WAN:192.168.2.120)
                                                                                            (LAN: 192.168.1.19) -> Laptop (wired: 192.168.1.160)

    From my laptop, I can always access config pages on both the TP-Link router and PFSense.

    Ok, first scenario - If I configure PFSense with static IP on the WAN side, I can still access both config pages but I have no internet on the LAN side, so I cannot get webpages on my laptop. So, with the exact configuration as above, which is the one I need, I get no internet.

    Second scenario - I set PFSense WAN interface to get DHCP lease, it gets a random IP within 192.168.2.?? range, and voilá, I get internet on the LAN side.

    When I set the WAN interface to DHCP, I can detect, by checking Routes table, that PFSense automatically creates a route that points all traffic from 192.168.2.254 to the corresponding mac address of PFSense WAN interface(192.168.2.120). This is just confusing to me, and I have no idea why I don't have internet on the LAN side with static ips.

    Could you please point me in the right direction?

    With best regards,
    Pedro Sousa



  • In that configuration you will be doing double NAT - pfSense LAN is NATd to the pfSense WAN IP 192.168.2.120, then the TP-Link NATs 192.168.2.0/24 into its real public IP that it was given by the ISP. That is fine for now, and actually I leave mine that way, but many other on the forum will tell you to put the TP-Link in bridge mode and get the real public IP through to pfSense WAN.

    I have lots of systems just like you describe, I even have TP-Link ADSL modem/routers at the front end. TP-Link does not need to know anything, pfSense WAN is just its 1-and-only client. In you example, I set TP-Link LAN IP to 192.168.2.254 then pfSense WAN to static IP 192.168.2.1/24 and gateway 192.168.2.254, and put DNS server(s) in System->General Setup (ISP ones, or Google 8.8.8.8 or…) - away it goes.

    Because it works when pfSense WAN is DHCP (which hands out the gateway and DNS automagically), then I suspect that you are not not setting correct gateway and/or DNS in the static setup. Post your Interfaces-WAN and System-General settings if you can't sort it out.



  • Hello Phil,

    First of all, happy new year :)

    Thank you very much for your reply. You were absolutely right. I had 192.168.2.254 configured as a DNS server, don't really know why and how it went there, but anyways, I just added the correct isp DNSs in general setup just like you said, and made sure that wan gateway was also properly configured for the WAN interface(which is 192.168.2.254). Rebooted, tested and everything is looking good so far.

    I guess this solved the issue. Thanks once again for the help.

    Kind regards,
    Pedro Sousa



  • Happy to help.
    192.168.2.254 is the TP-Link, and it should be able to provide a DNS forwarder service for its clients (including pfSense), so I am surprised your first configuration did not work. Anyway, good to hear it works by going straight to an external DNS.



  • Hello,
    I have had pfsense version 2.1.4 running now for about 8 months.  I recently bought a public static IP address for my ISP.  Now  I cannot get the internet on my WAN interface. 
    One setup I tried was as follows

    ISP–------->pfsense with static public ip  address, isp default gateway, and isp recommended dns servers on WAN-----> 10.10.10.1 LAN interface------>10.10.10.100 on Workstation

    Second setup as follows

    ISP -------->Linksys e6900 with static public ip  address, isp default gateway, and isp recommended dns servers on WAN--------> 10.10.10.1 on Linksys LAN--------->Pfsense WAN to static 10.10.10.5 and 10.10.10.1 as Default Gateway and 8.8.8.8 as DNS-------->10.10.10.100 on LAN to Workstation.  Neither configuration work.

    If I configure the linksys by itself with the static ip address, dns servers, and default gateway;  I get perfect internet.  Can someone please help me forward internet traffic through the linksys to pfsense.


  • Rebel Alliance Global Moderator

    do you mean a ea6900 from linksys?

    Why do you not just get a modem, what is the linksys plugged into on its wan side?  Pfsense is meant to be the edge router/firewall - ie public IP on its wan.. There is no reason to double NAT by putting a router in front of pfsense.



  • Sorry about that.  Yes a linksys EA 6900.
    I tried with both routers.  The internet works with the linksys EA6900 but I cannot get the internet to work with pfsense, even if I setup pfsense as an edge router.  Pfsense will work with dhcp configured on the WAN but not with a static.

    I wanted to do a defense in depth setup with the linksys router WAN configured with the public static ip address; the LAN passing on to the WAN of pfsense and the pfsense LAN to the internal network.


  • Rebel Alliance Global Moderator

    "I wanted to do a defense in depth setup "

    Yeah that is going to just cause you more grief.. If you set pfsense in dmz of your linksys - you just pretty much bypassed the firewall of the linksys.  And if your going to forward specific ports you want its more PITA than anything security related.

    Just put public IP on pfsense and you will have way less issues.  As to working with pfsense and static on its wan with linksys in front.  You need to make sure the network you have between linksys and pfsense does not overlap your pfsense lan network.

    If works with dhcp, then you just misconfigured the static settings (wrong mask maybe, forget point gw to linksys lan IP, etc).  And there is no reason to spoof any macs if your going to put pfsense behind linksys.  Only time you might want to spoof mac of wan interface on pfsense if directly connected to your "modem" and pfsense gets public ip on wan and your isp only allows specific mac, or you want to maintain your IP that you had with your linksys.

    If your going to run pfsense behind natting linksys and you don't put pfsense wan IP in the linksys dmz - then you have to forward any ports you want pfsense to forward to its lan members to the wan ip of pfsense in linksys - again PITA!

    Also if your going to run pfsense behind linksys and you disable nat on pfsense - then you have to make sure linksys has route to the lan network behind pfsense.  Its all PITA to do a double nat setup.. Just connect pfsense to your isp modem and your Good.  What is that device btw.. For all we know you have a triple nat going on!



  • Thank you so much for you help.  I decided to go with pfsense as the edge firewall.  I had to swap the OPT1 interface with the WAN and configure the OPT1 interface to operate with the static ip.  I am now up and working.  I moved the linksys ea6900 back inside the network for wifi.  Again thanks.



  • Hi,

    Last night i setup pfsense at my home with my old unused Computer with PCI Lan adaptor.

    issue:

    I have Tikona DHCP Web Based Login type ISP.

    i can use flawlessly on Basic Home/Small Router Like TPLINK/ DLINK/ TENDA etc,

    but after i go thru pfsense i can't able to access internet  because Web Based Login page unable to access.

    pfSense :- 192.168.1.1/24
    Tikona Log in Link :-1.254.254.254
    pfSense DHCP LAN :- 192.168.100.1

    Need Help!  :-\