Unable to ping DNS or surf the Internet on Wifi



  • Hello, I got the Rosewill RNX-G300LX PCI card.  I read that this card was compatible as it has the Ralink chipset pfsense detects it as such and is assigned to interface OPT2 which is named WIRELESS in the web configurator.

    I have it in Access Point mode and got it configured.  My laptop and tablet are able to connect to the WiFi and they get their appropriate IP and DNS information from the wireless interface DHCP server.  I have the firewall configured to allow the Wireless Interface, see attached screenshot.

    I can ping the wireless interface which has IP of 192.168.5.1.  I can ping the pfsense main IP used for web configurator which is 192.168.0.59.  I can ping network devices on the other interfaces.  Basically I can ping all devices within my network.

    However, I cannot ping my external DNS servers nor can I surf the Internet.  I tried OpenDNS servers and Google DNS servers and the request times out.

    I don't know what's blocking the connection.  I have my other interfaces setup with similar rules, just a bit more restricted, and they can access the Internet just fine.

    What am I missing?

    ![wireless firewall.png](/public/imported_attachments/1/wireless firewall.png)
    ![wireless firewall.png_thumb](/public/imported_attachments/1/wireless firewall.png_thumb)



  • I am beginning to suspect a bug.  The firewall is set to allow Wifi traffic to Internet but the log still shows it being blocked.  I have attached the alias, wifi rules, and the log samples.

    I cannot figure why it is still being blocked.  I tried setting the DHCP server to give public DNS servers or pfsense as the DNS.  If pfsense is DNS, then when I ping cnet.com or google.com it resolves the IP address but I get request timed out.  The log screenshot shows the IP for Cnet that my laptop tries to reach.

    The laptop is using IP 192.168.5.5 given by DHCP.

    ![rfc alias.png](/public/imported_attachments/1/rfc alias.png)
    ![rfc alias.png_thumb](/public/imported_attachments/1/rfc alias.png_thumb)
    ![wifi rules.png](/public/imported_attachments/1/wifi rules.png)
    ![wifi rules.png_thumb](/public/imported_attachments/1/wifi rules.png_thumb)
    ![firewall log.png](/public/imported_attachments/1/firewall log.png)
    ![firewall log.png_thumb](/public/imported_attachments/1/firewall log.png_thumb)



  • Is there a point to putting the wireless in a different subnet? 192.168.5.x instead of the wired on 192.168.0.x…

    The allow rule looks okay in your screenshot. Plus, if you can ping all devices inside of your network, your firewall rules should be ok since you've got them on different subnets, hence no default allow rule that allows it. If you can ping other subnets you can reach internet too, unless you specifically block that.

    Is the pfsense connected to a modem or another box of some sort? Is the WAN ip a local network ip or an internet ip?

    If no go, save the config, restore pfsense to factory defaults and setup only the necessary things to test the wireless. Might help troubleshooting.



  • What rule is blocking that traffic? Click the red X.



  • Apologies for the delay and thank you for the responses.

    @cmb - Not sure how I missed that earlier, but I clicked on the red X and got this notification in screenshot below.

    @Phatsa - The standalone method is my preferred route.  The 0.x network is my lab and I didn't want any wireless touching it.  Our residential building uses a shared cable connection and a router provides IPs to the tenants.  The pfSense box gets its WAN IP from that router.  Currently the WAN firewall is using the default rules of Block Private Networks and block Bogon networks.

    I will try backing up config and doing a factory reset, but first wanted to gather more info on the rule that blocked this (per screenshot attached).

    ![firewall deny.png](/public/imported_attachments/1/firewall deny.png)
    ![firewall deny.png_thumb](/public/imported_attachments/1/firewall deny.png_thumb)



  • Oh happy days!  Looks like doing the factory restore worked.  I did that and rebuilt all interfaces and rules and the wifi now works as standalone.

    Upon reentering the NAT rules and choosing Manual AON, I stumbled upon the culprit to my problem to begin with.  There was no NAT Outbound entry for the Wireless subnet to the Internet.  As you can see in the screenshot, the other subnets had entries except 192.168.5.0 which is the wireless subnet.  Obviously without that, no Internet.  facepalm

    Thanks for the help!

    ![working outbound nat.png](/public/imported_attachments/1/working outbound nat.png)
    ![working outbound nat.png_thumb](/public/imported_attachments/1/working outbound nat.png_thumb)



  • I'm happy you resolved it :)

    I've also found that if I've created and deleted rules back and forth, sometimes it's happened that pfsense bugs out and don't route traffic correctly. In most cases it's enough to delete all rules and start over, or delete the interface and start over, but I've had to factory reset a couple of times too. And just as in your case, fiddling around long enough might have you trip over the problem at some point.

    I find it perfect for learning. Build, erase, build again and so on. Nothing as educational as that :)



  • I believe it.  I did much experimenting with the firewall and the addon packages that I'm sure something got wrecked.  Anyhow, I will be sure to remember the factory reset when things get botched.