No internet access on lan ip adressing scheme… I am missing something



  • Good day to all. I am a first time user of this software. I am stumped….. This is my first time setting up pfsense.

    Background:

    I am to use pfsense for a large high rise apartment building (185 units) free wireless network, located in Ocean City New Jersey. I have installed 3 wireless access points to a switch, to trial a few floors, and plan the server placement in between the 200 MB internet connection supplied by comcast and a switch. Each wireless access point will be connected to the switch.

    I will using it initially for a click through splash page and for issuing ip addressees to devices connecting to the network. After it is up and running, I will implement the firewall, and authentication with pfsenses user directory.

    My first question

    Is there an ip addressing scheme to get the dhcp server to issue more than 254 ip addresses? A few 1000 plus would be great. During the summer months there can be up to 1000 people residing in the building.

    My current problem

    I can access the web configurator, but can not get internet access for the test sup prior to placement in the network.

    I successfully installed pfsense on a computer with 2 NIC cards, and can access it through a switch to web configuration utility, but get no internet access to the computer connected to it as a client.

    Here is my settings:

    WAN  DHCP 10.0.3.9/24 (issued by another current router on the extisitng lan)
    LAN            192.168.0.1/16

    I am running the DHCP server on the LAN interface above, with ip addressing scheme from 192.168.0.10 thru 192.168.0.254. My gateway and DNS is set to 192.168.0.1.

    I did not set up any firewall rules, and no authentication, or security. Just enabled the captive portal for the test set up.

    I rebooted and restarted everything multiple times, but I still can not access the internet through pfsense.

    If your near ocean city I'll buy you some beers, if you can help me with this.

    Thanx

    Ron



  • You don't have a gateway defined for LAN, do you?



  • That should "just work". LAN should have a default pass all rule. A client on LAN will get DHCP from pfSense that gives it pfSense as the gateway. The DHCP that the WAN acquires from upstream should get it out to the internet. The default automatic outbound NAT will do the right thing to NAT from LAN going out WAN.

    What unusual other change did you make?

    On the addressing thing, I would use some more obscure part of the private address space. In a situation like yours there will be clients in the some units that have their own firewall/router device with some devices behind it. The WAN of their device will be sitting on your LAN (just like your pfSense WAN now sits on an upstream LAN). Those client firewall/router devices will quite often have a LAN side that uses 192.168.0.0/24 or 192.168.1.0/24 subnet. If you use that range then it can make it difficult for others.

    I would pick something like 172.[16..31].0.0/16 or 10.x.0.0/16

    e.g. pfSense LAN IP 10.42.0.1/16 and you can give some large DHCP address pool up to 10.42.255.254

    Is it a 200 MByte or 200 Mbit internet - 200 Mbit might get maxed out with 185 units, and thus who knows how many laptops, tablets, phones… all doing their thing. And it might be better to have a few subnets, with a VLAN switch or... to split up groups of units into their own subnet/broadcast domain to save on all the broadcast traffic clogging 1 single LAN.



  • I'm a newbie too. First time I setup Pfsense I can't access internet, after I changing a few config it worked.

    • Don't define gateway at first config (both LAN & WAN).
    • Interfaces > LAN,WAN, I  changed IP6 configuration type to: none.


  • You never define a gateway for LAN, only WAN.


Log in to reply