No internet access, but webgui works

itsignas

Hello, so I installed ESXI on my server. Then I installed pfSense. Well seems everything works fine, it gets my ISP ip which is okay. It gives ip to other network cards. So I have 3 NIC's. 1 for WAN, 2 for LAN. Wan works as it should, LAN gives IP, but I can access only pfSense web gui by lan IP 192.168.1.1 (192.168.3.1 for other nic). Web gui loads fine, no problems. I get ISP ip as I said, i can upgrade, install packages just fine. Problem is, I can't access any website, nothing! Only pfsense web gui, what's the cause of problem? Thanks!

viragomann

Do you have firewall rule in place at the 2 LAN interfaces allowing internet access?

And are your vms behind pfSense configured to use pfSense LAN IP for default gateway?

itsignas

I have plugged in internet cable for LAN nic to other my pc, so I need to have connection to it. I can access pfsense web gui, nothing else.
I set ipv4 rule for any port for any source, so i opened all ports, still same result.

–UPDATED--
Screenshots:
http://imgur.com/a/8F7Tl

KOM

Post screen shots of your LAN interface details.  How are your LAN clients configured?

itsignas

http://imgur.com/a/C0J8W
Anything else?

KOM

I did ask for your client details, but if you can grab packages then it's likely a DNS issue.  What are your clients using for DNS?

itsignas

Here it is my client:
http://imgur.com/4uv2bLX

viragomann

So you haven't entered any DNS server at the client.
This way you can only access website by IP address, like http://98.138.253.109 for yahoo.

itsignas

Oh god, I can't believe.. When I entered the IP, it works.. But nothing else, how should I fix this? I entered all possible DNS combos, still same result.

KOM

Try 192.168.1.1 (pfSense), or 8.8.8.8 or 8.8.4.4 (Google DNS), or 4.4.4.4 (Level3 DNS), or your ISP's DNS.  But you must have something to resolve hostnames to IP addresses.  Networking 101.

itsignas

@KOM:

Try 192.168.1.1 (pfSense), or 8.8.8.8 or 8.8.4.4 (Google DNS), or 4.4.4.4 (Level3 DNS), or your ISP's DNS.  But you must have something to resolve hostnames to IP addresses.  Networking 101.

Same problem, doesn't work. :/

KOM

We need more detail other than it doesn't work.  What exactly did you do?  Why is your win7 VM on both WAN and LAN switches?  It should be on LAN only.

itsignas

@KOM:

We need more detail other than it doesn't work.  What exactly did you do?  Why is your win7 VM on both WAN and LAN switches?  It should be on LAN only.

Okay, small update sorry, win7 just a test, never used.

So my main LAN switch don't work same problem as I said, but my OPT1 interface (second lan), works flawlessly. If you need any info tell me, I provide.

KOM

Post screens of your firewall rules for both LANs.

itsignas

@KOM:

Post screens of your firewall rules for both LANs.

Not working:
http://prntscr.com/aaq5xx

Working:
http://prntscr.com/aaq625

Now i have tought just a bit, can it be ESXI management network issue?
–Update--
Okay so I found problem why my LAN don't work. There is ESXI management network running at LAN nic, which maybe causes problem with it, if I change management network to OPT1 nic then same problem appears on OPT1, but then my LAN works.

KOM

No, it's DNS issue.  Your PC LAN rule should use * for protocol, not just IPv4 TCP, but that's not your issue.  Your issue is purely DNS-related since you can access websites based on their IP address but not FQDN.  Your Windows XP client that was missing DNS details, what did you do about that?  I had recommended several DNS servers that you could use, and you replied that it didn't work and I then asked what exactly did you do.

itsignas

@KOM:

No, it's DNS issue.  Your PC LAN rule should use * for protocol, not just IPv4 TCP, but that's not your issue.  Your issue is purely DNS-related since you can access websites based on their IP address but not FQDN.  Your Windows XP client that was missing DNS details, what did you do about that?  I had recommended several DNS servers that you could use, and you replied that it didn't work and I then asked what exactly did you do.

Okay so yea, what I did i set it to GET DNS AUTOMATICALLY, same settings for other LAN (OPT1, which works without problems).

ESXI have it own settings for management console (Maybe interrupting DNS with pfsense?) (photos included)
http://imgur.com/a/2AQ4b

KOM

Humour me and set it manual DNS, 8.8.8.8 and then try again.

itsignas

@KOM:

Humour me and set it manual DNS, 8.8.8.8 and then try again.

Esxi or client?

KOM

Client.  ESXi isn't making the DNS calls on behalf of the VM, the VM is, so we only care about setting client DNS.