Interfaces -> WAN -> Private Networks settings question

MakOwner · Sep 29, 2015, 12:28 AM

I'm setting up a 2.2.4 installation where the upstream gateway for the WAN interface is a 10/8 network. - the pfSense box appears to be working as expected so for, however, it isn't able to check for updates.

I assumeed that this check box, unchecked would fix the issue, but it hasn't:


 	Block private networks
When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8).  
You should generally leave this option turned on, unless your WAN network lies in such a private address space, too.

I unchecked this box too, but no difference – however the time diference between flipping htme both was very close.
Would a reboot cause these changes to go into effect?


  	Block bogon networks
When set, this option blocks traffic from IP addresses that are reserved (but not RFC 1918) or not yet assigned by IANA.   
Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive.

Note: The update frequency can be changed under System->Advanced Firewall/NAT settings.

I can resolve and browse to the updates URL from a system on the same 10/8 network as the WAN interface; it uses the same DNS servers as the WAN interface of the pfsense box.

cmb · Sep 29, 2015, 2:38 AM

That applies to ingress traffic on WAN, not egress. No relation to whether or not you can check for updates. Usually that's because you're missing DNS or a default gateway, or otherwise can't get out to the Internet from the host itself. If static IP WAN, you have to configure DNS servers under System>General Setup.