New user / setup help



  • I'm new to Pfsense.  The breakdown of my setup is this:

    Cable modem –--->(WAN interface)PfSense PC (LAN interface) –---> LAN switch ------> Windows Server 2012 R2 DC

    My server 2012 domain controller handles both DNS and DHCP.  I simply want to use PfSense as a firewall / web filter, etc.  The problem I'm having is after connecting the WAN interface to the modem.  I reset the cable modem, but no computer attached to my LAN has internet access.  I can ping the server, ping the pfsense box, but no internet.  For my WAN interface I have input the static IP and gateway for our ISP.  I have set a static IP in the LAN interface to 192.168.0.41, with no gateway (the pfsense pc will be the gateway).  In the general setup page, what do i use for DNS servers? I have found some people use the Google addresses 8.8.8.8, but since my DC handles DNS would I input the address of that server there, or should i use the DNS servers of my external ISP?  I can't think of anything else off the top of my head.



  • but since my DC handles DNS would I input the address of that server there, or should i use the DNS servers of my external ISP?

    If you want to be able to lookup other hosts on your network, you should use your DC DNS.  This assumes taht your DC DNS is configured to forward to your ISP or some other 3rd-party DNS for non-local addresses.



  • I wasn't planning on changing any configuration with my domain controller.  Like I said, it is handling both DNS and DHCP.  I don't think I have PfSense properly configured, however, since I cannot reach the internet from my LAN.



  • Post screencaps of your WAN & LAN details (Interfaces - WAN/LAN), plus your LAN firewall rules (Firewall - Rules - LAN).



  • FYI - the interface names are for my own reference, so I remember which network card is assigned to which interface.








  • Looks good, but you should put those two blocks for private networks and bogons back on WAN.

    Can any of your clients ping 8.8.8.8?  In other words, is this a DNS issue exclusively?  What do you have defined for DNS under System - General?



  • @SageIT:

    I'm new to Pfsense.  The breakdown of my setup is this:

    Cable modem –--->(WAN interface)PfSense PC (LAN interface) –---> LAN switch ------> Windows Server 2012 R2 DC

    My server 2012 domain controller handles both DNS and DHCP.  I simply want to use PfSense as a firewall / web filter, etc.  The problem I'm having is after connecting the WAN interface to the modem.  I reset the cable modem, but no computer attached to my LAN has internet access.  I can ping the server, ping the pfsense box, but no internet.  For my WAN interface I have input the static IP and gateway for our ISP.  I have set a static IP in the LAN interface to 192.168.0.41, with no gateway (the pfsense pc will be the gateway).  In the general setup page, what do i use for DNS servers? I have found some people use the Google addresses 8.8.8.8, but since my DC handles DNS would I input the address of that server there, or should i use the DNS servers of my external ISP?  I can't think of anything else off the top of my head.

    How many nics does  your 2012 server have? 1 or 2?

    Have you just inserted PFsense into your network?
    In other words did you use to have the cable modem, I'm assuming with a fixed ip, plugged straight into your network which your server and pc's are connected to?

    Its possible your 2012 Server is setup with the gateway setup as your WAN fixed ip if using a single nic. If the case and assuming a single nic, then you need to change this to the LAN interface IP address on pfsense and make sure the cable from your switch with your server and pc's plugged in only goes to your pfsense lan nic/interface. Then a single cable going from your pfsense box to your modem, anything else could potentially spell trouble for you.

    You can see a similar setup here, some may be relevant it depend on what version of 2012 server you run.
    http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Using-Windows-Server-NAT-Router.html



  • I forgot to mention…my previous gateway, the one I'd like to replace with the pfsense box, is just an asus AC-rt66u router running dd-wrt.  It has an ip address of 192.168.0.26, and all of my clients on the LAN are static IP's, pointing to that router (0.26) as the gateway, and to my primary DC for dns (0.2)  I have tried changing the gateway on my server to point to pfsense (0.41), as well as trying another PC set to dhcp...neither one will reach the internet.  The odd thing is...when i do an ipconfig /release/renew on a dhcp machine, it renews with the old gateway address (0.26), despite it being turned off and disconnected entirely from my network.  Am i missing something?



  • Wherever your DHCP server is set up, you are going to have to modify that so that it gives out the new gateway IP - pfSense LAN IP. There is no magic system in IPv4 for the DHCP server or client to guess where a new gateway is.

    And the DNS server on your Windows server will have a setting telling it where to look upstream to resolve public names. If that was pointing to a DNS service that was on your old gateway then you need to modify it to point to the pfSense LAN IP, and have DNS Forwarder or Resolver running on pfSense.



  • @SageIT:

    I forgot to mention…my previous gateway, the one I'd like to replace with the pfsense box, is just an asus AC-rt66u router running dd-wrt.  It has an ip address of 192.168.0.26, and all of my clients on the LAN are static IP's, pointing to that router (0.26) as the gateway, and to my primary DC for dns (0.2)  I have tried changing the gateway on my server to point to pfsense (0.41), as well as trying another PC set to dhcp...neither one will reach the internet.  The odd thing is...when i do an ipconfig /release/renew on a dhcp machine, it renews with the old gateway address (0.26), despite it being turned off and disconnected entirely from my network.  Am i missing something?

    Have you got the pfsense lan interface setup with the default ip address range ie 192.168.1.1 or have you changed the lan interface to 192.168.0.26 to be identical to your old router?