Netgate SG-1000 microFirewall

Author Topic: [SOLVED] LAN2 machine can only ping, cannot resolve  (Read 132 times)

0 Members and 1 Guest are viewing this topic.

Offline mregg964

  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
    • View Profile
[SOLVED] LAN2 machine can only ping, cannot resolve
« on: January 24, 2018, 03:55:05 am »
Hello,

I am very new to pfSense, and am trying to understand how it works before putting it into prod. I have installed pfSense 2.4 in a vm, and I assigned 3 nics to it : WAN, LAN100 and LAN200 (opt1). Those virtual nics are on 3 separate networks.

LAN100 : 192.168.100.0/24
machine1 : 192.168.100.101/24

LAN200 : 192.168.200.0/24
machine2 : 192.168.200.100/24

machine1 can reach out to the internet, no problem here.

When adding the LAN200 interface, I created 2 firewall rules to LAN200, based on those of LAN100 (automatically generated).

The NAT Outbound rule is set to automatic mode, and I can see that LAN200 has been added.

My problem is that machine2 cannot resolve anything at all. Its nameservers are 8.8.8.8 and 8.8.4.4, which it can ping. But it would seem that the firewall is blocking everything else.

What am I doing wrong?

Thanks for any idea
« Last Edit: January 26, 2018, 03:31:19 am by mregg964 »

Offline KOM

  • Hero Member
  • *****
  • Posts: 5591
  • Karma: +688/-23
    • View Profile
Re: LAN2 machine can only ping, cannot resolve
« Reply #1 on: January 24, 2018, 09:02:53 am »
Post your rules so someone can see what you've done.

Offline ThatGuy

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
Re: LAN2 machine can only ping, cannot resolve
« Reply #2 on: January 24, 2018, 02:27:22 pm »
So you are saying you can ping 8.8.8.8 but cannot resolve www.google.com when trying to ping www.google.com?

This sounds like a DNS Resolver/Forwarder issue to me.  Which one are you using, DNResolver or DNS Forwarder?

But keep in mind, I'm a newb too. But man, I love all of the stuff you can do with pfSense.

ThatGuy
ThatGuy

Offline mregg964

  • Newbie
  • *
  • Posts: 2
  • Karma: +1/-0
    • View Profile
Re: [SOLVED] LAN2 machine can only ping, cannot resolve
« Reply #3 on: January 26, 2018, 03:38:59 am »
I fixed the problem, which has to do with the virtual networking system. On virtualbox, the above issue does not happen. However, it does on kvm -- and I found the solution on the Proxmox wiki :

https://pve.proxmox.com/wiki/PfSense_Guest_Notes

In the pfSense GUI: System > Advanced > Networking and flag Disable hardware checksum offload.

Now every machine on LAN2 can ping and resolve, port forwarding to those machines work, and all my virtual networks behave as expected.