Not using the WAN port



  • Hi all,

    I'm having a problem that I already had noticed with IPCOP. But that only happend when the WAN was static and not DHCP.

    Now I'm having the exact same problem with pfsense! All my traffic goes to the LAN port instead of the WAN for internet traffic. It does nothing with the wan port. I don't know what's wrong. The wan port gets it DHCP adress perfectly. Still no traffic goes to the WAN port.

    Does anyone got a suggestion?



  • Does it happens when you use the default setting of the livecd?. Else you'll need to provide more info?
    http://forum.pfsense.org/index.php/topic,7001.0.html



  • @Perry:

    Does it happens when you use the default setting of the livecd?. Else you'll need to provide more info?
    http://forum.pfsense.org/index.php/topic,7001.0.html

    I didn't test that. It was installed directly to the server before I tested it. Going to try this tomorrow.



  • @Perry:

    Does it happens when you use the default setting of the livecd?. Else you'll need to provide more info?
    http://forum.pfsense.org/index.php/topic,7001.0.html

    Same with the Live CD.

    WAN gets it's IP from the DHCP. For the rest I didn't changed any setting. Traffic still goes over the lan connection instead of the wan.

    I had this problem with IPCOP to. But only if I set the wan port to static ip instead of DHCP.



  • Can you show a screenshot of "status" –> "interfaces" ?



  • @GruensFroeschli:

    Can you show a screenshot of "status" –> "interfaces" ?

    A little information: gateway is (I know) a local one. That's the current firewall that pfsense will be replacing.
    DNS server is one from the ISP and one from the Local DNS server.

    This setup should work, I just don't understand why it's picking the lan interface.



  • That won't work, you have WAN and LAN interfaces in the same subnet. Change the LAN address to something else that is not in 192.168.2/24 subnet
    (for example 192.168.10.1).



  • @kpa:

    That won't work, you have WAN and LAN interfaces in the same subnet. Change the LAN address to something else that is not in 192.168.2/24 subnet
    (for example 192.168.10.1).

    That's the reason why it's taking the LAN? Hmm, going to be difficult to change that adres to test it.



  • Yes, you'll have to change the LAN address to make it work. Also make sure you have the Block private networks -option unchecked in Interfaces->WAN since your WAN connection is using a private (RFC 1918) address (you blanked out the wan address but I'm assuming it is in 192.168.2/24 subnet because of the gateway address).



  • I suspect you want a "transparent firewall".
    The users dont notice anything that they are being filtered / protected but you still have a firewall.
    Take a look at the documentation and look for the keyword "transparent firewall".

    With a transparent firewall you bridge the LAN to the WAN –> you have the same subnet on LAN and WAN (as you have it right now).


Log in to reply