Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Another "cannot access WAN from LAN" thread

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    6 Posts 3 Posters 4.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • -flo- 0-
      -flo- 0
      last edited by

      Hi Everybody,

      I'm having problems with a really simple pfSense setup: 1 LAN, 1 WAN (PPPoE). The new system will replace existing equipment (consumer grade router with built in modem) which is running fine but lacks some features I need.

      I can access the box form the LAN and pfSense shows WAN as up.

      However I cannot access the Internet neither form the LAN not from the pfSense box itself. :(

      My setup in more detail:

      • Setup from the serial console: vr1_vlan7 and vr0_vlan2. WAN is assigned to vr1_vlan7, LAN is assigned to vr0_vlan2. I assigned 192.168.2.1 to LAN, set the Standard Gateway to 192.168.2.1, and enabled DHCP.

      • Setup wizard: Apart from a change of the timezone I only configured WAN as PPPoE, configured the PPPoE username and password, enabled Dial on Demand and set the timeout to 0. No other changes.

      WAN / Internet
                  :
                  : PPPoE-Provider (Deutsche Telekom, ADSL 16.000, Internet has VLAN 7)
                  :
            .–---+-----.
            |  Modem  |  D-Link DSL 321B
            '-----+-----'
                  |
              WAN | IP
                  |
            .-----+-----.
            |  pfSense  |  Alix 2d13 (FW 0.99m)
            '-----+-----'
                  |
              LAN | 192.168.2.1/24
                  |
            .-----+------.
            | LAN-Switch |
            '-----+------'
                  |
          ...-----+------... several clients in the LAN

      My observations:

      • The modem is operational: I could access the Internet using the modem without the pfSense box and PPPoE on my client computer connected directly into the modem.

      • WAN is up: I see an external IP. There are also a Gateway address as well as Nameservers (which are the same btw. when I connect to the Internet using my current equipment).

      • The Firewall log contains quite a few entries of blocked access attempts from the WAN side.

      • The WAN-Gateway is down: pfSense reports 100% loss.

      • I cannot access Web pages from a Browser also my E-Mail-Client cannot access the Internet.

      • I pinged 4.4.4.4 from the shell on a LAN machine, got timeouts.

      • Internet access is not only blocked from LAN: The pfSense box cannot access the Internet either. I checked the available packages in the general setup and there was an error telling me the access was not possible.

      • Interestingly DNS seems to work from the pfSense box. While investigating firewall log entries the resolution of addresses was possible in several cases.

      Because this is a very simple setup I'm probably missing something very basic. Any ideas?

      Thank you!

      -flo-

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        uess would be that you set a default gateway for LAN. The only thing to set that to is none. Is the IP are are getting on the WAN a private address or a public ip address? HAve you modified any rules in the firewall? When you setup your PC to test, did you have to assign the NIC into VLAN7? There should not need to be a valn set on LAN unless it is fully configured. Are you using only 1 swtich for both sides (LAN and WAN)? CAn you access pfsense gui from a LAN machine?

        1 Reply Last reply Reply Quote 0
        • -flo- 0-
          -flo- 0
          last edited by

          Thank you podilarius! Actually there was a default gateway on the LAN interface, I removed that. Also I can check whether I really need the VLAN7 on the WAN side.

          Unfortunately at the moment I'm having trouble to get my modem to connect to my ISP. When this works again I will see whether this helped.

          When I had a connection yesterday I had a public IP on the interface (modem is configured to work as a bridge). Firewall rules were not modified. I removed the VLAN on the LAN side now however this should not have been the problem. I could connect to the pfSense GUI fine from the LAN.

          I don't understand your question about only one switch for LAN and WAN: There is no switch between pfSense and the modem at all, only on the LAN side.

          -flo-

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            If you had a gateway on LAN and have now removed it check in System: Routing: Gateways: Remove it from there also and make sure the WAN gateway is set as default.

            What is 4.4.4.4? It's not pingable from here.

            Try running some pings at the pfSense console. Try pinging, say, google.com, to check DNS and 8.8.8.8.

            Steve

            1 Reply Last reply Reply Quote 0
            • -flo- 0-
              -flo- 0
              last edited by

              This works now.

              As suggested the problem must have been an unneeded gateway on the LAN interface.

              -flo-

              1 Reply Last reply Reply Quote 0
              • P
                podilarius
                last edited by

                Please don't set a gateway on LAN or OPT interface unless you want them to act as a WAN. It will just fail. This goes for any LAN type interface.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.