Upgrade 2.2.3 to 2.2.4: no connection from LAN to gateway anymore
Hi, the upgrade from 2.2.3 to 2.2.4 (AMD64) went fine, but since then I don`t have access to the outside world anymore.
- LAN and VLANs can communicate
- i can ping from LAN (192.168.100.1/24 / VLAN the WAN IP (192.168.1.12)
- I can`t ping from LAN the Gateway.
When logging into the gateway (192.168.1.254; mandatory router form service provider) router, I can ping WAN (192.168.1.12)
From gateway I have access to the internet.
I have restored a configuration that was running 2 weeks ago with 2.2.3, but it did not solve the problem.
- internet connection itself is up.
- pfsense blocks the traffic from inside to the gateway (no entry in the firewall log about that)
- is it possible to step back to pfsense 2.2.3?
Can you login to the webGUI from LAN?
Any "Error loading the rules" or other flashing notice on the webGUI front screen?
What is in syslog?
From pfSense can you ping the upstream gateway?
after the upgrade, everything came up normal, except I can`t reach the gateway anymore from the LAN side:
yes, I can login to the webGUI from LAN.
No error messages flashing after the restart.
From pfSense I can ping the upstream gateway (192.168.1.254) when choosing WAN (192.168.1.12) as source.
When choosing LAN (192.168.100.1) ping fails. No entry in the firewall log for this.
Maybe it is an outbound NAT problem. If LAN addresses 192.168.100.0/24 get no reply from the upstream gateway or internet then possibly they are not being NATed out on WAN. Upstream devices will not know how to reply to 192.168.100.0/24 addresses.
What do your Outbound NAT settings look like?
What is in /tmp/rules.debug related to NAT?
Well, I have completely started from the scratch.
As the problem occurred while installing the upgrade to 2.2.4, I assumed that this was the source.
But I proofed myself wrong by installing pfSense 2.2.2 with my configuration file, and it did not work either.
So, the source of the problem was somewhere else, and finally the fresh installation seemed to be easier than to screw up even more the existing configuration.
Solved for me.