Pfsense cant connect on lan
-
Hi, anybody can help me figure out the problem i got after setting up the pfsense box. WAN is fine. It can ping and do nslookup using public ip but the LAN is offline. Thanks
-
We need more info, like topology, your connection type, current Outgoing NAT rules and firewall rules…...
As a start check outgoing nat, check if LAN net is routed to WAN gateway (default, I assume you are on single WAN). Then check firewall rules on LAN tab, you should put a pass.
In outbound nat, choose AON (manual), delete all rules and add:
Do not NAT = [] (unchecked)
Interface = [ WAN ▼]
Protocol = [ any ▼]
Source = [] Not (unchecked)
Type: [ Network ▼]
Address: [ yourip subnet ] / [ 24 ▼]
Source port: [] (empty/blank)
Not (unchecked)
Type = [ Any ▼]
Address: [] / 24 ▼
Destination Port: [_____] (empty/blank)
Translation: Address = [ Interface Address ]
Description = [ LAN to WAN ]In Firewal rules, LAN TAB, you should add:
Action = [ Pass ▼]
Interface = [LAN ▼]
TCP/IP Version = [IPv4 ▼]
Protocol = [Any ▼]
Source = [] Not (UNCHECKED)
Type: [ LAN Subnet ▼]
Address: [] (BLANK)
Destination = [] Not (UNCHECKED)
Type: [ Any ▼]
Address: [__] (BLANK)
Description = [✎ ALLOW LAN OUTBOUND]That's it!
-
Hi Wolf666,
Thanks for the very informative reply. I will give it a shot tomorrow and keep you posted. Actually, I do have a single WAN and using a model/router what i did is that i configured the modem/router to bridge then connect it to the WAN nic of pfsense server. I configured it to PPPOE and everything works fine. I connected the LAN nic to the switch to share internet connection. DHCP is running from the pfsense server. When I check the Status "Gateway" its only the WAN interface that's online and as mentioned it can ping and do nslookup. I checked the firewall under LAN and there's only 3 default rules and all of it are configured as "PASS" and for WAN there's 2 default rules which are both under "BLOCK". Maybe its something to do with the routing that's why i can't go online thru LAN. I appreciate your reply Wolf. Thanks again!
-
I have to say I would always advise you leave outbound NAT set to automatic unless you really need to set manual rules. The suggested rule should work though.
When I check the Status "Gateway" its only the WAN interface that's online
This implies there might be more than one gateway. A common mistake is to add a gateway to the LAN interface which is almost always incorrect. Remove it if you have and then make sure the WAN gateway is set as default in System: Routing: Gateways:
for WAN there's 2 default rules which are both under "BLOCK". Maybe its something to do with the routing that's why i can't go online thru LAN.
The two rules you are seeing 'block bogons' and 'block private networks' are not a problem if your WAN interface is receiving a public IP via PPPoE. Even if it isn't it won't prevent internet access from LAN.
Steve