Routing issues between WAN and LAN
-
Just for clarity, your "Default allow LAN to any rule" shows this right?:
IPv4 | LAN net | * | * | * | * |*Yes
Routing table looks normal, except for the host route in bold… that looks strange... shouldn't be needed... but who knows... someone chime in and give us an idea if that's normal.
The route in question was created automatically when I attached the WAN interface to the cable modem if that helps.
I didn't see an answer for the outbound NAT question…. are you using Manual or Automatic?
Wops, I'm using Automatic.
I didn't see an answer for the DNS question… what does google.com resolve to from a PC on your LAN? i.e. share the results of "nslookup google.com"
The fact that you can not ping 8.8.8.8 from your LAN tells me you either have a routing issue or firewall issue.
www.google.com returns 173.194.115.80-173.194.115.84 from an nslookup
If we look closer, in your OP you meantioned "if I use the ping tool under diagnostics I can ping www.google.com from the WAN interface.", but your last post shows this:
If I'm pinging from the pfsense tool I get the following:
PING www.google.com (173.194.115.81) from 192.168.1.1: 56 data bytes–- www.google.com ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet lossNotice the last part of the bottom line, "100.0% packet loss"…. which means your PFsense does NOT have internet! There's your main issue. If you just moved to PFsense from another router, you may have to bounce your modem. Assuming you're WAN is DHCP, if power cycling your modem doesn't work, you will have to call your ISP.
I should have been more clear. If I use the pfsense ping tool and choose the WAN interface as origin I can ping www.google.com just fine. If I choose the LAN interface I get the results returned above.
Your address pool doesn't tell us much. Need to know what default gateway and DNS servers you are handing out.
I have the default DNS and gateway set to 192.168.1.1 and PFSense is configured to use the DNS provided by the cable modem. I can do an nslookup successfully from a client on the LAN side of my firewall so I don't think DNS is the issue.
-
Let me know if any of this is incorrect…. but this is my understanding of your network:
Cable Modem -> (DHCP) PFsense (192.168.1.1) -> Switch -> LAN
Your LAN DHCP clients are getting:
IP - 192.168.1.100 - 192.168.1.150
Netmask - 255.255.255.0
Default Gateway - 192.168.1.1
DNS - 192.168.1.1 (assuming the DNS Forwarder is enabled on PFsense)This is all pretty standard stuff that should be working out of the box. One thing I assumed, but never asked, what version of PFsense are you running?
First thing I would do is go through your logs and look for things that would indicate an issue:
-
check (Status: System logs: Firewall) and verify there are no blocks sourced from your LAN (192.168.1.0/24).
-
check (System logs: General) and verify there are no reoccurring messages indicating a problem
-
check (Status: System logs: Gateways) for apinger alarms, etc
-
check (Diagnostics: States) After testing different rules, have you tried resetting your states? Since traffic never worked to begin with I doubt this is the problem, but might as well try it
-
This seems so trivial, but has cleared weird issues for me in the past…. have you tried rebooting?
Hopefully the logs will point you in the right directions, but After that, we just start troubleshooting from the ground up:
-
Check all layer 1 connections (check for broken tips, loose connections and exposed wires)
-
Check layer 2 (link light) status on both ends
-
Check the arp table on your clients (arp -a)… make sure the MAC address for 192.168.1.1 matches the MAC for your PFsense LAN interface
-
Check layer 3, which we've done, routing table on PFsense looks ok, clients appear to be getting the right settings… assuming the dhcp settings referenced above are accurate
-
Try rebooting. Shouldn't have to, but you never know
-
Try changing interfaces… move LAN to port 3 or 4... also try your WAN on port 3 or 4
-
Blow away your current install, Try a fresh install and vanilla config (no custom config, routes, rules, etc)… if it works, you have a config issue... if not, your issue is most likely hardware related. Power cycle all your switches. Replace custom cables with pre-manufactered cables also replace any cable that looks suspect
-
Throw a 2nd NIC into a separate, known working machine and try fresh install with vanilla config… if everything works, you know the issue is with your old setup.
-
I'll just throw this out there as a hail mary…but if you're using the 64 bit version of PFsense... maybe it's a 64 bit driver issue with your NIC's... try the 32 bit version.
-
-
Routing table looks normal, except for the host route in bold… that looks strange... shouldn't be needed... but who knows... someone chime in and give us an idea if that's normal.
Not at all normal, that's a publicly routable network to a privately routable network and should not be in there.
-
I thought it looked strange too, but he said it was automatically added when he plugged in his modem… so idk... I don't know why it would add a host route like that... doesn't look standard... I checked a couple other routing tables from routers that were connected to cable modems via dhcp and none of them had a route like that. I'm betting there's something to it... but he says it was added automatically, so I gave him the benefit of the doubt.
-
I'd actually be willing to bet that's his problem. If stuff is headed to his gateway with that static route there, it's going to try to push it to that IP which makes absolutely no sense.
OP, please try the following command in your CLI: route del 192.168.1.1 173.81.164.1
After that, try it again and let us know the results. That route should not be there. -
Since it's a fresh install and I didn't have much time put into it yet I did a reset to factory defaults. It is now functioning fine. I checked my current routing table and the aberrant route being discussed is not present. I don't know how it was created but it very well may have been the problem. Thank you all for your help.
-
Hi,
I do have exactly same problem, i tried restoring Pfsense to default settings it didn't help at all…
I can ping 8.8.8.8 from pfsense but not from any computer on my lan. Please help!!
Does some one have any suggestions? Here my route:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 70.168.57.34 UGS 0 20224 em0
10.4.1.0 link#10 U 0 0 em2_vl
10.4.1.1 link#10 UHS 0 0 lo0
10.5.1.0 link#2 U 0 11485 em1
70.168.57.34/31 link#1 U 0 2482 em0
70.168.57.35 link#1 UHS 0 0 lo0
localhost link#8 UH 0 544 lo0 -
You likely don't have the same exact problem. What is the output of "netstat -rn" on the computer you're trying to ping from? What is the LAN address of your pfSense box?
-
You likely don't have the same exact problem. What is the output of "netstat -rn" on the computer you're trying to ping from? What is the LAN address of your pfSense box?
yes it is
PFSense BOX has WAN 70.168.57.35 routed IP
and gateway 70.168.57.34I also got IP block with 4 IP's and it's own gateway where should this go??
LAN: 10.5.1.1/24
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.5.1.1 UGSc 129 16 en4
10.5.1/24 link#7 UCS 2 0 en4
10.5.1.1 0:0:24:d0:6b:59 UHLWIir 144 618 en4 1158
10.5.1.10 127.0.0.1 UHS 0 0 lo0
10.5.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 en4
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 2 39766 lo0
127.94.0.1 127.94.0.1 UH 0 21 lo0
127.94.0.2 127.94.0.2 UH 0 161 lo0
169.254 link#7 UCS 0 0 en4 -
anogmus, unless you're double natting, you have a config issue. (I guess that could be another BSD client, but looks like PFsense to me)
we're happy to help, but…Start a new thread, post a network map, post the IP schema for your network and include that routing table.
-
yes it is
Oh, my mistake then.
In the case of this thread, the fix was a factory default. I'd recommend you try that. Good luck! -
You might want to read this to know how to fix it https://forum.pfsense.org/index.php?topic=75495.0
-
Your issue has absolutely no relation to the OP's issue.