Can't get internet access with Outbound NAT configured
-
Hi,
I have pfsense setup. I have configured outbound NAT but my servers on the LAN cannot seem to get an internet connection.
The setup is as follows:
PFsense running in a Hyper-V VM
I have 1 physical NIC on the Hyper-V switch
Internal switch for LAN
ExternalOnly switch for public internet access/web gui access
PFSense can now ping out to the internetI created outbound NAT on pfsense. Please see attached.
Thanks
-
In a simple topology like yours Automatic mode should work, like you show in the screenshot. There should be no need to touch the Outbound NAT tab.
Can the LAN clients (VMs…) ping to pfSense LAN IP?
Do the LAN clients have their gateway set to pfSense LAN IP?
Is the pass all rule still there on LAN? -
Hi Phil,
Same as what I thought, it should just work. I have had this working on the same network topology but with ESXi 5.5. Note that I use version 2.2-RC (i386) of pfsense.
I will check if I can ping the lan IP of pfsense from a VM, that is a good test. I can't test from here due to lack of access (partly due to this issue).
I thought there may be an issue with having 1 physical NIC. If pfsense has internet access, the issue has to be between the VM and pfsense (config/fw, etc).
Screenshot of lan tab in rules attached.
-
Can't go wrong with those LAN rules - the IPv4 packets will get passed twice :)
From all of your description, it sounds like a client network config issue. If they are server/s then they probably have IP set directly in them and are not using pfSense DHCP. In that case, they need to have the correct netmask, gateway and DNS. Now I think about it, the server is probably being DNS to itself and its DNS needs the correct setting of the upstream pfSense DNS - another place to look for a setting. -
Can't go wrong with those LAN rules - the IPv4 packets will get passed twice :)
From all of your description, it sounds like a client network config issue. If they are server/s then they probably have IP set directly in them and are not using pfSense DHCP. In that case, they need to have the correct netmask, gateway and DNS. Now I think about it, the server is probably being DNS to itself and its DNS needs the correct setting of the upstream pfSense DNS - another place to look for a setting.I think you may be right!
PFSense has itself (127.0.0.1) as DNS and 62.210.16.6 (my hosting provider's DNS). The servers in LAN use AD as DNS, I will have to check if there is a DNS forwarder set as appropriate!