Default install NAT issue when wan dhcp = 192.168.1.x/24
-
scenario:
- Install pfsense to harddisk without configuring anything (option I )
- System reboots
- option1:assign interfaces & option2:Set interface ipadresses from console
3a) WAN gets dhcp from upstream, ip = 192.168.1.x/24 (example)
3b) Set LAN ip to some other valid lan subnet example: 10.30.30.1/24
3c) Enable Dhcp on LAN - Notice client can connect to pfsense LAN, but can not ping any addresses on the web.
- log in to GUI
- ping/traceroute from WAN –> 8.8.8.8 works | ping from LAN --> 8.8.8.8 Fails
- goto lan interface config, uncheck "Block private networks" & save
- retry (6) <-- still fails
- check firewall & nat rules from GUI | do filter reload <--- looks ok, but still doesnt work
- reboot
- all OK
Tried this procedure two times, so on this supermicro hardware it is reproducable.
So i'm guessing something goes wrong when the WAN & LAN subnets are identical at one point in the configuration phase. only fix is i've currently found is to reboot.
if i find some time this weekend i'll try this in a VM environment.
-
The routing table was probably FUBAR from the moment WAN picked up an address in the same network as LAN, which happened as soon as the interfaces were assigned.
In step 3 did you only configure the LAN address?
What happens if you use the console menu to change the WAN address (entering "dhcp" again) after moving the LAN to another subnet?
-
yes i've only configured the LAN address.
tried to replicate this @home using vbox …. can't get it to fail.....
i'm guessing there is code in place to detect identical wan/lan subnets on empty config as it appears that in vbox the LAN-ip is set to null with a default config when wan receives the same subnet by dhcp.
could someone point me to that code?i'm thinking that on real hardware, it (potentially) takes more time to acquire the dhcp-lease (background process?) and the default_static_lan_ip is set before the dhclient finishes ? => route corruption ?
i'm just speculating
