LAN works fine but can't get Internet connectivity over WAN


  • So I recently moved to a new house and had to setup my network again. Same configuration, no changes. Internal (LAN) is fine, however I am unable to access the internet from any device connected to the net thats behind the pfsense box.

    If connected directly to the cable modem, the internet works fine no problem (device IP of 10.0.0.3)

    modem -> pfsense -> asus router -> devices

    My external IP is 73.xx.xx.xx,

    My Cable modem's IP is  10.0.0.1, It's giving pfsense a WAN IP of 10.0.0.3 with a Gateway of 10.0.0.1.

    pfsense LAN ip is 192.168.1.1 and the ASUS router side of that connection is 192.168.1.2

    devices are 192.168.1.x/24 with a gateway of 192.168.1.1

    From a device, I am able to ping 192.168.1.1, 192.168.1.2 and 10.0.0.3, however I am unable to ping 10.0.0.1. That is where my issue arises. I am unable to ping anything on the other side of the WAN connection and thus no internet connectivity.

    in pfsense, if I go to Status -> Gateways  .. It shows the Interface WAN Gateway as Online with an RTT of 0.8ms. From the pfsense shell, I can ping 10.0.0.1 as well.

    Any ideas on why I don't have internet connectivity? At this point, i'm so confused.. It almost seems like a firewall issue to me however I haven't changed any of the rules from my previous config. Any help/troubleshooting tips would be greatly appreciated.

  • Netgate Administrator

    Since you are able to ping 10.0.0.1 from the pfSense machine but not from LAN clients the pfSense box is not routing traffic correctly.
    Do you have more than one gateway listed in Status: Gateways:?  This is a common mistake.
    What does your IPv4 routing table look like in Diagnostics: Routes:?

    Steve


  • Some ISPs are picky about your MAC address.  Have you tried cloning the Asus router's MAC to pfSense?  Why do you have a router after pfSense, for wireless?  If you use the Asus MAC address with pfSense, you will have to change it on the Asus for them to coexist on the same network.


  • @KOM:

    Some ISPs are picky about your MAC address.  Have you tried cloning the Asus router's MAC to pfSense?  Why do you have a router after pfSense, for wireless?  If you use the Asus MAC address with pfSense, you will have to change it on the Asus for them to coexist on the same network.

    I have not tried the mac address cloning but I will give it a shot.

    The asus router is running dd:wrt and has all of the routing and dhcp stuff turned off. Its basically functioning as a switch so I can hardwire multiple devices, and for wireless.


  • @stephenw10:

    Since you are able to ping 10.0.0.1 from the pfSense machine but not from LAN clients the pfSense box is not routing traffic correctly.
    Do you have more than one gateway listed in Status: Gateways:?  This is a common mistake.
    What does your IPv4 routing table look like in Diagnostics: Routes:?

    Steve

    Hey, two Steves!

    Status > Gateways, there are two gateways listed:

    GW_LAN  - Gateway: 192.168.1.1
    GW_WAN - Gateway: 10.0.0.1

    here is  Diag > Routes (while the WAN link was unplugged..not sure if that makes a difference)


  • Remove the LAN gateway in the LAN interface settings. It is an error to have a gateway for the LAN network because there's no other way out of the LAN network than the pfSense router itself.

  • Netgate Administrator

    ^Exactly.
    Also check System: Routing: to ensure the LAN gateway has been removed and that the WAN gateway is set as default.

    Steve


  • @kpa:

    Remove the LAN gateway in the LAN interface settings. It is an error to have a gateway for the LAN network because there's no other way out of the LAN network than the pfSense router itself.

    AWESOME! This was the issue. Looking back, the 192.168.1.1 gateway was set to default … I removed the bogus gateway and bam were up and running! thanks a lot!