Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't get internet access with Outbound NAT configured

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Blade1
      last edited by

      Hi,

      I have pfsense setup. I have configured outbound NAT but my servers on the LAN cannot seem to get an internet connection.

      The setup is as follows:

      PFsense running in a Hyper-V VM
      I have 1 physical NIC on the Hyper-V switch
      Internal switch for LAN
      ExternalOnly switch for public internet access/web gui access
      PFSense can now ping out to the internet

      I created outbound NAT on pfsense. Please see attached.

      Thanks
      pfsensenat.png
      pfsensenat.png_thumb

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        In a simple topology like yours Automatic mode should work, like you show in the screenshot. There should be no need to touch the Outbound NAT tab.
        Can the LAN clients (VMs…) ping to pfSense LAN IP?
        Do the LAN clients have their gateway set to pfSense LAN IP?
        Is the pass all rule still there on LAN?

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • B
          Blade1
          last edited by

          Hi Phil,

          Same as what I thought, it should just work. I have had this working on the same network topology but with ESXi 5.5. Note that I use version 2.2-RC (i386) of pfsense.

          I will check if I can ping the lan IP  of pfsense from a VM, that is a good test. I can't test from here due to lack of access (partly due to this issue).

          I thought there may be an issue with having 1 physical NIC. If pfsense has internet access, the issue has to be between the VM and pfsense (config/fw, etc).

          Screenshot of lan tab in rules attached.

          pfsenserules.PNG
          pfsenserules.PNG_thumb

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            Can't go wrong with those LAN rules - the IPv4 packets will get passed twice :)
            From all of your description, it sounds like a client network config issue. If they are server/s then they probably have IP set directly in them and are not using pfSense DHCP. In that case, they need to have the correct netmask, gateway and DNS. Now I think about it, the server is probably being DNS to itself and its DNS needs the correct setting of the upstream pfSense DNS - another place to look for a setting.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • B
              Blade1
              last edited by

              @phil.davis:

              Can't go wrong with those LAN rules - the IPv4 packets will get passed twice :)
              From all of your description, it sounds like a client network config issue. If they are server/s then they probably have IP set directly in them and are not using pfSense DHCP. In that case, they need to have the correct netmask, gateway and DNS. Now I think about it, the server is probably being DNS to itself and its DNS needs the correct setting of the upstream pfSense DNS - another place to look for a setting.

              I think you may be right!

              PFSense has itself (127.0.0.1) as DNS and 62.210.16.6 (my hosting provider's DNS). The servers in LAN use AD as DNS, I will have to check if there is a DNS forwarder set as appropriate!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.