Simple test lab, no connectivity



  • Hi all,
    I'm trying to use pfSense for a simple test lab of virtual machines under Virtual Box. Configuration looks right but LAN clients can't access the real world. You can't really ask for a simpler configuration:

    House LAN is on the 192.168.1.0/24 network, using a Verizon FiOS ActionTec router who's LAN side is 192.168.1.1.
    Test lab is on a machine with a static IP of 192.168.1.3
    Default Gateway is the ActionTec, on 192.168.1.1

    On Virtualbox, adapter one is set to Bridged (using the host PC's wired NIC). Adapter 2 is set to Internal Network (intnet). I'm using Virtualbox version 4.3.6 loaded on a Win7/64 host machine.

    em0 is set to a static address, on the "WAN" (House private IP) side, to 192.168.1.253/24, Gateway 192.168.1.1
    em1 is set to a static address, on the test network LAN side, to 192.168.10.1/24.

    Initially pfSense pulled a valid IP of 192.168.1.19 from the house DHCP server, but I changed that to a static IP.

    From the pfSense Command line/console:
    I can login via the https protocol from machines on the test LAN.
    I can ping external names and external IP addresses.
    I can ping internal IPs (but not hostnames)
    I can traceroute to external IPs and domains.

    From a client on the test lab's LAN (192.168.10.anything):
    I can ping the LAN side of pfSense (192.168.10.1)
    I can NOT ping the WAN side (192.168.1.253)
    I can NOT ping anything on the 192.168.1.x network
    I can NOT ping anything external, ALTHOUGH, if I enter a domain name, it WILL resolve the domain, but not successfully ping it.
    In other words….

    ping cnn.com

    Pinging cnn.com [157.166.266.25] with 32 bytes of data:
    Request timed out
    Request timed out
    Request timed out
    Request timed out

    Ping statistics for 157.166.226.25
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

    This is about as far as I can go. Obviously domain resolution is working but nothing else. I'm sure it's something simple, but nothing I've found online says to do anything differently than I've done. Any help greatly appreciated! Thanks!!

    Cheers,
    Peter


  • Netgate Administrator

    Did you enter a gateway on the LAN interface? That would cause this behaviour. There shouldn't be one.
    If you did remove it from LAN and then go to System: Routing: and make sure it's not there either and that the WAN gateway is  set as default

    Steve



  • OK, there was a LAN gateway setup, but when I removed it it still did not work. I reloaded from scratch, ensuring there was no LAN gateway set up and still nothing.

    EDIT: Found the problem. RFC1918 was blocked by default. Since my "WAN" interface is actually on my internal LAN side of the real-world gateway (192.168.1.1). I wish that was part of the initial setup option from CLI–itwould have saved me a day of grief!


  • Netgate Administrator

    The blocked rfc1918 rule will not prevent access to the WAN from the LAN. It should not have caused this problem.
    Anyway glad you're good.  :)

    Steve