WAN connected but LAN can't connect to internet

philled

I'm just starting to get up and running with pfSense (have traditionally used Smoothwall Express). I have pf Sense set up as a VM on ESXi 5.5 and I'm almost there but not quite. My WAN connects with a PPPoE connection via a bridged modem.

From the pfSense box, and from a LAN PC, I can ping and traceroute my ISP's DNS server but nothing else. For example this is the ping to my ISP's DNS server:

traceroute to 220.233.0.4 (220.233.0.4), 64 hops max, 40 byte packets
1 * * *
2 216.8.96.58.static.exetel.com.au (58.96.8.216) 29.919 ms 29.582 ms 30.346 ms
3 139.6.96.58.static.exetel.com.au (58.96.6.139) 30.687 ms 30.938 ms 30.777 ms
4 kolanut2-dns.exetel.com.au (220.233.0.4) 30.894 ms 30.378 ms 31.543 ms

But if I try to ping to my ISP's web server by hostname (www.exetel.com.au) or IP address the traceroute times out.

I can do nslookups just fine from PC and pfSense command line.

I can't browse to any web sites.

It's probably something very simple that I've missed in the setup but I can't for the life of me figure out what. I've got screenshots of some of my settings which I tried to paste into this post but couldn't work out how to, so I've linked to the here….

Interfaces - http://picpaste.com/pfSense-Interfaces-9Iy5YtYN.gif
WAN Interface - http://picpaste.com/pfSense-WAN-Interface-mKLf3ZxI.gif
LAN Interface - http://picpaste.com/pfSense-LAN-Interface-mcOC32oc.gif
Gateways - http://picpaste.com/pfSense-Gateways-lhme8v9p.gif
NAT Outbound - http://picpaste.com/pfSense-Firewall-NAT-Outbound-QobLzDXK.gif

Can anyone please advise what I'm doing wrong?

bryan.paradis

Choose automatic for nat outbound? Does it generate the rules?

![2014-03-05 23_54_10-pfsense.localdomain - Firewall_ NAT_ Outbound.png](/public/imported_attachments/1/2014-03-05 23_54_10-pfsense.localdomain - Firewall_ NAT_ Outbound.png)
![2014-03-05 23_54_10-pfsense.localdomain - Firewall_ NAT_ Outbound.png_thumb](/public/imported_attachments/1/2014-03-05 23_54_10-pfsense.localdomain - Firewall_ NAT_ Outbound.png_thumb)

philled

@bryan.paradis:

Choose automatic for nat outbound? Does it generate the rules?

I've done what you advised but no rules are created and the problem persists. I've attached a screenshot so you can see what the Outbound rules look like after I clicked Automatic –> Save --> Apply Changes.

pfSense-Firewall-NAT-Outbound-Auto.gif_thumb

philled

As the "Automatic" button didn't work for me, I've just tried clicking the "Manual Outbound NAT rule generation" button which is supposed to generate a set of default rules. It has generated a couple of rules but they don't look right to my (untrained) eye - they're both for source=127.0.0.0/8.

So there seems to be some problem with pfSense generating NAT rules for me - can anyone please advise what I need to do to get pfSense to generate the correct rules. Or, perhaps someone could advise what rules I should manually add if pfSense isn't going to play ball.

Also, just in case my PC NIC is incorrectly set up and the problem isn't with pfSense at all, here's my PC's ipconfig output:

Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : edwards.home
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : 00-07-E9-10-34-1F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.133(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.16
DNS Servers . . . . . . . . . . . : 192.168.0.16
NetBIOS over Tcpip. . . . . . . . : Enabled

pfSense-Firewall-NAT-Outbound-Manual.gif_thumb

phil.davis

You have set an "upstream" gateway on your LAN. Actually there is no gateway on a pfSense LAN, it is the WAN that has the gateway out to the internet.
Interfaces->LAN, change the gateway to none and save.
System->Routing - delete the gateway for LAN, and set the WAN gateway to default.
Firewall->NAT, Outbound - set it back to Automatic.

Now pfSense will understand that LAN is an internal network and WAN is the way out to the big bad internet. It will auto-generate NAT rules from LAN to WAN.

philled

@phil.davis:

You have set an "upstream" gateway on your LAN. Actually there is no gateway on a pfSense LAN, it is the WAN that has the gateway out to the internet.
Interfaces->LAN, change the gateway to none and save.
System->Routing - delete the gateway for LAN, and set the WAN gateway to default.
Firewall->NAT, Outbound - set it back to Automatic.
Now pfSense will understand that LAN is an internal network and WAN is the way out to the big bad internet. It will auto-generate NAT rules from LAN to WAN.

Thanks so much for the advice. It's now working. Thanks heaps!

bryan.paradis

@phil.davis:

You have set an "upstream" gateway on your LAN. Actually there is no gateway on a pfSense LAN, it is the WAN that has the gateway out to the internet.
Interfaces->LAN, change the gateway to none and save.
System->Routing - delete the gateway for LAN, and set the WAN gateway to default.
Firewall->NAT, Outbound - set it back to Automatic.

Now pfSense will understand that LAN is an internal network and WAN is the way out to the big bad internet. It will auto-generate NAT rules from LAN to WAN.

Nice one. Didn't catch that when I looked.