PfSense won't forward traffic form LAN server to internet
-
Move it above the block all rule and then its fine.
-
Move it above the block all rule and then its fine.
I don't think I have a block all rule. And if you mean "RFC 1918 networks" and "Reserved/not assigned by IANA", then it is not possible.
-
Do you have an outbound nat rule in place that seperate subnet?
-
Do you have an outbound nat rule in place that seperate subnet?
http://i.imgur.com/L5FrSeb.png
Is that it? -
Move it above the block all rule and then its fine.
I don't think I have a block all rule. And if you mean "RFC 1918 networks" and "Reserved/not assigned by IANA", then it is not possible.
You can try unchecking the box “Block private networks” on the screen Interfaces WAN (at the bottom) and see if that solves your problem.
-
You can try unchecking the box “Block private networks” on the screen Interfaces WAN (at the bottom) and see if that solves your problem.
That's one of those things I tried and forgot to mention :(
-
Perhaps you could finally look at the firewall logs?!?!?
-
Nope…
It looks like this...
Menu -> Firewall -> NAT -> Outbound
-
Perhaps you could finally look at the firewall logs?!?!?
What am I looking for? I already said I could see nothing related to the IP I am accessing the web server from.
Nope…
It looks like this...
Menu -> Firewall -> NAT -> Outbound
That's what I have:
http://i.imgur.com/fWWY3XA.png -
You can try unchecking the box “Block private networks” on the screen Interfaces WAN (at the bottom) and see if that solves your problem.
That's one of those things I tried and forgot to mention :(
But the screen shot of the firewall rules shows Block private networks is in effect. I am confused.
-
But the screen shot of the firewall rules shows Block private networks is in effect. I am confused.
Because I re-enabled it after I found out it did not change anything. Anyway, now I have it disabled again.
-
★ My setup:
Host (ArchLinux, nanoBox):
Physical interfaces: with eth0 (no ip) and wlan0 (hostapd).
Virtual interfaces: br0 (static IP 192.168.7.2 assigned with netctl profile)Guest (pfSense inside KVM):
Guest interfaces:
vtnet0 - bridged to eth0
vtnet1 - bridged to br0 (192.168.7.1)My Host is also a web sever. I do not know if this is good practice, but br0 is the interface which which host services connect to internet.
Does this mean pfsense WAN interface is assigned to vtnet1, has a static ip of 192.168.7.1 and pfsense LAN interface is assigned to vtnet0?
-
Does this mean pfsense WAN interface is assigned to vtnet1, has a static ip of 192.168.7.1 and pfsense LAN interface is assigned to vtnet0?
No, the other way around:
eth0-WAN-85.x.x.x-vtnet0
br0-LAN-192.168.7.1-vtnet1 -
Does this mean pfsense WAN interface is assigned to vtnet1, has a static ip of 192.168.7.1 and pfsense LAN interface is assigned to vtnet0?
No, the other way around:
eth0-WAN-85.x.x.x-vtnet0
br0-LAN-192.168.7.1-vtnet1Does 192.168.7.2 have 192.168.7.1 as gateway? I am guessing not because it has internet with pfsense in shutdown.
-
Does 192.168.7.2 have 192.168.7.1 as gateway?
Yes.
@gjaltemba:I am guessing not because it has internet with pfsense in shutdown.
No, it doesn't. It only has LAN if I set br0 to static IP. I can then connect to it with my laptop (also with static IP) which connects to hostapd (bridged with br0).
-
…
Well, I need my server on the LAN to be accessible from WAN.Test approach: simplify your config, exclude your reliance on aliases & name(s).
You need probably:
[Firewall: NAT: Port Forward] with a rule like:
WAN TCP * * WAN address 80 192.168.x.y 80 -
@hda:
Test approach: simplify your config, exclude your reliance on aliases & name(s).
Thanks, but
@lockheed:(nanoBox alias is assigned to 192.168.7.2 ip. Replacing alias with the ip itself makes no difference)
I have a new find that might shed some light on the source of the problem.
When I am on the host, pinging google.com works BUT going to google.com in a browser or with wget does not. In fact, no URL address works at all in any other capacity than PING.
-
Change your outbound nat for the subnet to include UDP as well.
-
Change your outbound nat for the subnet to include UDP as well.
Like so? http://i.imgur.com/4jgDqJj.png
It didn't help.Also, please remember that those issues are experienced only on the Host of the pfSense VM. Every other pfSense manager LAN client works just fine.
-
Change your outbound nat for the subnet to include UDP as well.
Like so? http://i.imgur.com/4jgDqJj.png
It didn't help.There is nothing useful visible there at all regarding protocol. (And please, learn to use the IMG tag.)