Pfsense cant connect on lan



  • Hi, anybody can help me figure out the problem i got after setting up the pfsense box. WAN is fine. It can ping and do nslookup using public ip but the LAN is offline. Thanks



  • We need more info, like topology, your connection type, current Outgoing NAT rules and firewall rules…...

    As a start check outgoing nat, check if LAN net is routed to WAN gateway (default, I assume you are on single WAN). Then check firewall rules on LAN tab, you should put a pass.

    In outbound nat, choose AON (manual), delete all rules and add:

    Do not NAT = [] (unchecked)
    Interface = [ WAN ▼]
    Protocol = [ any ▼]
    Source = [
    ] Not (unchecked)
                  Type: [ Network ▼]
                  Address: [ yourip subnet ] / [ 24 ▼]
                  Source port: [] (empty/blank)


                  Type = [ Any ▼]
                  Address: [
    ] / 24 ▼
                  Destination Port: [_____] (empty/blank)
    Translation: Address = [ Interface Address ]
    Description = [ LAN to WAN ]

    In Firewal rules, LAN TAB, you should add:

    Action = [ Pass ▼]
    Interface = [LAN ▼]
    TCP/IP Version = [IPv4 ▼]
    Protocol = [Any ▼]
    Source = [] Not (UNCHECKED)
                  Type: [ LAN Subnet ▼]
                  Address: [
    ____] (BLANK)
    Destination = [
    ] Not (UNCHECKED)
                        Type: [ Any ▼]
                        Address: [______] (BLANK)
    Description = [✎ ALLOW LAN OUTBOUND]

    That's it!



  • Hi Wolf666,

    Thanks for the very informative reply. I will give it a shot tomorrow and keep you posted. Actually, I do have a single WAN and using a model/router what i did is that i configured the modem/router to bridge then connect it to the WAN nic of pfsense server. I configured it to PPPOE and everything works fine. I connected the LAN nic to the switch to share internet connection. DHCP is running from the pfsense server. When I check the Status "Gateway" its only the WAN interface that's online and as mentioned it can ping and do nslookup. I checked the firewall under LAN and there's only 3 default rules and all of it are configured as "PASS" and for WAN there's 2 default rules which are both under "BLOCK". Maybe its something to do with the routing that's why i can't go online thru LAN. I appreciate your reply Wolf. Thanks again!


  • Netgate Administrator

    I have to say I would always advise you leave outbound NAT set to automatic unless you really need to set manual rules. The suggested rule should work though.

    @jonfil0130:

    When I check the Status "Gateway" its only the WAN interface that's online

    This implies there might be more than one gateway. A common mistake is to add a gateway to the LAN interface which is almost always incorrect. Remove it if you have and then make sure the WAN gateway is set as default in System: Routing: Gateways:

    @jonfil0130:

    for WAN there's 2 default rules which are both under "BLOCK". Maybe its something to do with the routing that's why i can't go online thru LAN.

    The two rules you are seeing 'block bogons' and 'block private networks' are not a problem if your WAN interface is receiving a public IP via PPPoE. Even if it isn't it won't prevent internet access from LAN.

    Steve


Log in to reply