Private WAN IP and Private LAN IP



  • Hi Everyone,

    I am very new to pfsense, like a week old. I have been having some issues configuring my box in many different ways, but the most is not being able to connect my LAN network to the internet. Here's my current setup:

    Modem – Router --- Internal network (192.168.11.0/24)
                                          |_ pfsense WAN (192.168.11.250) -- pfsense box -- pfsense LAN (10.0.16.0/24)

    Pfsense version: 2.1 (if that accounts for anything)

    The goal is to create another LAN segment for guest access and not give them access to the internal network. But as I've said the main issue is the LAN segment not being able to access the internet.

    Steps taken:

    1. Diagnostics > Ping - ping using WAN int can access the internet, ping using LAN int CANNOT
    2. Changed between DNS forwarder and manual DNS (Interface > General).
    3. Read some part of pfsense Cookbook 2.
    4. Prayed a lot last night for divine intervention.

    So yeah. I'm going towards the possibility that using 2 private IPs are what is causing this issue and/or NAT. I haven't done anything with NAT. Almost everything are at default value except for the usual interface config for WAN and LAN.

    I know I am missing something. Any help would be very much appreciated.

    Thanks,



  • That really does just work out of the box, LAN some private subnet, WAN some private IP sitting on a different private subnet with gateway to an upstream router.
    Maybe you did something weird, like specifying a gateway on LAN? That breaks it, because actually LAN has no gateway, it is WAN that has a gateway.



  • That's exactly what I heard. It should've worked outside the box. I did read something somewhere that someone experienced the same after upgrading to 2.1 so he rolled back to an older version and it just worked.

    As for the LAN gateway, at first I did add a gateway. But after reading cookbook 2 I removed all the little mistakes I made. I should probably do a clean install just in case I really messed up the settings. If it still doesn't work, I'll try an older version. Thanks.



  • You might still have a gayeway for LAN in System->Routing that is set as the default gateway. Select WANGW as the default gateway and completely delete the LAN GW.
    But yes, at this early stage it will be easier and safer to return to factory defaults and do your settings again.
    And there is definitely no reason to go back to an older version. 2.1 has loads of bugs fixed compared to 2.0.3. Your configuration is really simple and standard, so it will work with 2.1.



  • THAT WORKED!! You're right. I still have an entry on System > Routing for LAN. So totally removing that entry did it for me!! My LAN can now access the internet. Thank you so much for the help phil.davis! I really appreciate it!  ;D

    Please mark this issue as solved!  :)



  • I know this is a old topic but what about NAT?  Would the packets not be written with private IP's for both WAN and LAN so when the packet returns to the real WAN IP how would it make its way back?


  • LAYER 8 Netgate

    Double NAT. Or disable NAT in pfSense and instruct the outside router to do the NAT for the pfSense LAN IP network too.



  • @phil-davis
    Have the same situation even removing gw on lan doesn't work. Anything config needed on NAT.


Log in to reply