PfSense install inside private network, DHCP clients can't get to the internet
-
I'm getting started trying out pfSense so here's what I have on my new installation. My WAN is hooked to my local network (192.168.20.x), unchecked the Block Private Networks option, and set to DHCP. A computer connected to the pfSense LAN port gets the IP address just fine but cannot get to the internet. However, if I set the DNS server of the client to 8.8.8.8 (or 192.168.20.3 which is the main network's DNS server) it gets out fine. I also noticed that the dashboard said that pfSense was unable to check for updates. This seemed like a related issue so I looked around and found an option to: Do not use the DNS forwarder as a DNS server for the firewall. If I check this option, 127.0.0.1 no longer shows up on the DNS server list on the Dashboard and the system IS able to see available updates. However, a client machine is still unable to get to the internet as long as it gets the DNS server from the pfSense box.
Under System>General Setup>DNS servers I've tried nothing, 8.8.8.8, 192.168.20.3, all with and without setting the gateway.
No other router I've worked with (dd-wrt, or standard soho router) has this problem so I'm assuming it's something DNS related that I don't have setup correctly. This is a very vanilla install of pfSense.
Any idea what I'm doing wrong?
-
What settings do you have under 'Services\DNS Forwarder'? Screenshots would be helpful.
-
The Enable is unchecked. I tried checking it. It said I needed to disable the DNS Resolver; which I did. There was no change.
-
When the 'enable' button was checked, which interfaces were set to use the Forwarder? And what are your DHCP settings for the LAN set to? (Again: Screenshots would be helpful)
-
All interfaces.
Sorry about the screenshots. Had to find a thumbdrive :)
By the way, I just rebooted (my PC, not the pfSense router, and it's working now. Maybe ipconfig /release - ipconfig /renew doesn't do what it used to.
Thanks for the help. I suppose it was the forwarder info. Now that I know it CAN work in this environment I'll be able to backup this config and have a working starting point for when I screw it up again.
![AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png](/public/imported_attachments/1/AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png)
![AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png_thumb](/public/imported_attachments/1/AfterChecking_Do not use the DNS Forwarder or Resolver as a DNS server for the firewall.png_thumb) -
Set your DNS in System - General - DNS Servers by supplying your ISP DNS as well as 3rd-party like Google, Level3, etc. Uncheck Do not use the DNS Forwarder or Resolver as a DNS server for the firewall. Enable the Forwarder. Disable the Resolver. Forwarder interface should be Localhost. That should do it.