Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense install inside private network, DHCP clients can't get to the internet

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jeffb92J
      jeffb92
      last edited by

      I'm getting started trying out pfSense so here's what I have on my new installation. My WAN is hooked to my local network (192.168.20.x), unchecked the Block Private Networks option, and set to DHCP. A computer connected to the pfSense LAN port gets the IP address just fine but cannot get to the internet. However, if I set the DNS server of the client to 8.8.8.8 (or 192.168.20.3 which is the main network's DNS server) it gets out fine. I also noticed that the dashboard said that pfSense was unable to check for updates. This seemed like a related issue so I looked around and found an option to: Do not use the DNS forwarder as a DNS server for the firewall. If I check this option, 127.0.0.1 no longer shows up on the DNS server list on the Dashboard and the system IS able to see available updates. However, a client machine is still unable to get to the internet as long as it gets the DNS server from the pfSense box.

      Under System>General Setup>DNS servers I've tried nothing, 8.8.8.8, 192.168.20.3, all with and without setting the gateway.

      No other router I've worked with (dd-wrt, or standard soho router) has this problem so I'm assuming it's something DNS related that I don't have setup correctly. This is a very vanilla install of pfSense.

      Any idea what I'm doing wrong?

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        What settings do you have under 'Services\DNS Forwarder'? Screenshots would be helpful.

        1 Reply Last reply Reply Quote 0
        • jeffb92J
          jeffb92
          last edited by

          The Enable is unchecked. I tried checking it. It said I needed to disable the DNS Resolver; which I did. There was no change.

          1 Reply Last reply Reply Quote 0
          • M
            muswellhillbilly
            last edited by

            When the 'enable' button was checked, which interfaces were set to use the Forwarder? And what are your DHCP settings for the LAN set to? (Again: Screenshots would be helpful)

            1 Reply Last reply Reply Quote 0
            • jeffb92J
              jeffb92
              last edited by

              All interfaces.

              Sorry about the screenshots. Had to find a thumbdrive  :)

              By the way, I just rebooted (my PC, not the pfSense router, and it's working now. Maybe ipconfig /release - ipconfig /renew doesn't do what it used to.

              Thanks for the help. I suppose it was the forwarder info. Now that I know it CAN work in this environment I'll be able to backup this config and have a working starting point for when I screw it up again.

              InitialDashboard.png
              InitialDashboard.png_thumb
              AllInterfaces.png
              AllInterfaces.png_thumb
              ![AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png](/public/imported_attachments/1/AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png)
              ![AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png_thumb](/public/imported_attachments/1/AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png_thumb)

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Set your DNS in System - General - DNS Servers by supplying your ISP DNS as well as 3rd-party like Google, Level3, etc.  Uncheck Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.  Enable the Forwarder.  Disable the Resolver.  Forwarder interface should be Localhost.  That should do it.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.