PfSense install inside private network, DHCP clients can't get to the internet


  • I'm getting started trying out pfSense so here's what I have on my new installation. My WAN is hooked to my local network (192.168.20.x), unchecked the Block Private Networks option, and set to DHCP. A computer connected to the pfSense LAN port gets the IP address just fine but cannot get to the internet. However, if I set the DNS server of the client to 8.8.8.8 (or 192.168.20.3 which is the main network's DNS server) it gets out fine. I also noticed that the dashboard said that pfSense was unable to check for updates. This seemed like a related issue so I looked around and found an option to: Do not use the DNS forwarder as a DNS server for the firewall. If I check this option, 127.0.0.1 no longer shows up on the DNS server list on the Dashboard and the system IS able to see available updates. However, a client machine is still unable to get to the internet as long as it gets the DNS server from the pfSense box.

    Under System>General Setup>DNS servers I've tried nothing, 8.8.8.8, 192.168.20.3, all with and without setting the gateway.

    No other router I've worked with (dd-wrt, or standard soho router) has this problem so I'm assuming it's something DNS related that I don't have setup correctly. This is a very vanilla install of pfSense.

    Any idea what I'm doing wrong?


  • What settings do you have under 'Services\DNS Forwarder'? Screenshots would be helpful.


  • The Enable is unchecked. I tried checking it. It said I needed to disable the DNS Resolver; which I did. There was no change.


  • When the 'enable' button was checked, which interfaces were set to use the Forwarder? And what are your DHCP settings for the LAN set to? (Again: Screenshots would be helpful)


  • All interfaces.

    Sorry about the screenshots. Had to find a thumbdrive  :)

    By the way, I just rebooted (my PC, not the pfSense router, and it's working now. Maybe ipconfig /release - ipconfig /renew doesn't do what it used to.

    Thanks for the help. I suppose it was the forwarder info. Now that I know it CAN work in this environment I'll be able to backup this config and have a working starting point for when I screw it up again.





    ![AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png](/public/imported_attachments/1/AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png)
    ![AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png_thumb](/public/imported_attachments/1/AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png_thumb)


  • Set your DNS in System - General - DNS Servers by supplying your ISP DNS as well as 3rd-party like Google, Level3, etc.  Uncheck Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.  Enable the Forwarder.  Disable the Resolver.  Forwarder interface should be Localhost.  That should do it.