Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - jpsense42

Pages: [1]

I have a fresh 2.2 install on a KVM guest. The host has two physical network interfaces (bridges), one LAN, one connected to my ISP router (LAN side of the router, so pfSense WAN side is a private network). pfSense has two virtio interfaces. I understand this setup causes double NAT, but I have no choice, my ISP does not allow other equipment or config changes to their router.

The following fails:
- Clients cannot reach the internet, no traffic gets passed. Ping DOES work however, see below!
- pfSense console: telnet <ISP router LAN ip> 80 > no connection, seems pfSense itself cannot do anything but ping hosts
- pfSense console: telnet <any webserver> 80 > no connection

The following all works:
- I can reach the webconfig via the LAN
- LAN clients can ping everything, using pfSense as their gateway, all the way to (!)
- pfSense can ping everything, all the way to and everything on the LAN
- Clients connected directly to the ISP router can access the internet just fine

The following config checks look OK to me:
- Firewall rules are clean, default (allow LAN to access everything. automatic NAT)
- Private networks are not blocked, bogon networks are not blocked on the WAN interface
- Gateway (ISP router LAN side) is the default and only gateway and is UP
- Double-checked IP addresses, subnet masks, gateways address.

Version: 2.2-RELEASE, built on Thu Jan 22 14:04:25 CST 2015

Pages: [1]