PfSense install inside private network, DHCP clients can't get to the internet

DHCP and DNS
Log in to reply
  • D

    I'm getting started trying out pfSense so here's what I have on my new installation. My WAN is hooked to my local network (192.168.20.x), unchecked the Block Private Networks option, and set to DHCP. A computer connected to the pfSense LAN port gets the IP address just fine but cannot get to the internet. However, if I set the DNS server of the client to 8.8.8.8 (or 192.168.20.3 which is the main network's DNS server) it gets out fine. I also noticed that the dashboard said that pfSense was unable to check for updates. This seemed like a related issue so I looked around and found an option to: Do not use the DNS forwarder as a DNS server for the firewall. If I check this option, 127.0.0.1 no longer shows up on the DNS server list on the Dashboard and the system IS able to see available updates. However, a client machine is still unable to get to the internet as long as it gets the DNS server from the pfSense box.

    Under System>General Setup>DNS servers I've tried nothing, 8.8.8.8, 192.168.20.3, all with and without setting the gateway.

    No other router I've worked with (dd-wrt, or standard soho router) has this problem so I'm assuming it's something DNS related that I don't have setup correctly. This is a very vanilla install of pfSense.

    Any idea what I'm doing wrong?

    0
  • M

    What settings do you have under 'Services\DNS Forwarder'? Screenshots would be helpful.

    0
  • D

    The Enable is unchecked. I tried checking it. It said I needed to disable the DNS Resolver; which I did. There was no change.

    0
  • M

    When the 'enable' button was checked, which interfaces were set to use the Forwarder? And what are your DHCP settings for the LAN set to? (Again: Screenshots would be helpful)

    0
  • D

    All interfaces.

    Sorry about the screenshots. Had to find a thumbdrive  :)

    By the way, I just rebooted (my PC, not the pfSense router, and it's working now. Maybe ipconfig /release - ipconfig /renew doesn't do what it used to.

    Thanks for the help. I suppose it was the forwarder info. Now that I know it CAN work in this environment I'll be able to backup this config and have a working starting point for when I screw it up again.





    ![AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png](/public/imported_attachments/1/AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png)
    ![AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png_thumb](/public/imported_attachments/1/AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png_thumb)

    0
  • KOM

    Set your DNS in System - General - DNS Servers by supplying your ISP DNS as well as 3rd-party like Google, Level3, etc.  Uncheck Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.  Enable the Forwarder.  Disable the Resolver.  Forwarder interface should be Localhost.  That should do it.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy