The pfSense Store

Author Topic: Nothing getting out from LAN to WAN  (Read 6360 times)

0 Members and 1 Guest are viewing this topic.

Offline jmaynard

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Nothing getting out from LAN to WAN
« on: February 25, 2012, 08:08:52 am »
New installation of 2.0.1 on i386. I created inbound port forwarding rules, left the outbound rules at "automatic outbound NAT rule generation" enabled, defined my LAN and WAN interfaces, with a default gateway on the WAN, and plugged it in.

I can ping from the pfsense box to the WAN and to the LAN just fine. However, I can't get any traffic through from LAN to WAN at all. No pings, no HTTP, no nothing.

I must be missing something basic, but what?

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2753
  • Karma: +0/-0
    • View Profile
Re: Nothing getting out from LAN to WAN
« Reply #1 on: February 25, 2012, 08:18:46 am »
- Setup DNS Servers in "SYSTEM- > General Setup"
- Enable DNS Forwarder in "SERVICES -> DNS Forwarder"
- Add a firewall rule on the LAN interface which allows traffic to the internet
- Uncheck "block private networks" on your WAN interfaces if it is connected to a private network. (Interfaces -> WAN)
- assign the pfsense LAN interface as Gateway and DNS for your hosts on the LAN interface
- check from host with traceroute with and public IP address (e.g. 8.8.8.8) and with (www.google.com). This checks gateway and DNS functionality

No need for any inbound rules if you just want to connect from the LAN to internet.
Outbound rules on automatic is correct

Offline jmaynard

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Nothing getting out from LAN to WAN
« Reply #2 on: February 25, 2012, 08:26:49 am »
- Setup DNS Servers in "SYSTEM- > General Setup"
Done.

Quote
- Enable DNS Forwarder in "SERVICES -> DNS Forwarder"
Done.

Quote
- Add a firewall rule on the LAN interface which allows traffic to the internet
Defaulted (see screenshot)

Quote
- Uncheck "block private networks" on your WAN interfaces if it is connected to a private network. (Interfaces -> WAN)
WAN is connected to my ISP, with a routable static address.

Quote
- assign the pfsense LAN interface as Gateway and DNS for your hosts on the LAN interface
Done.

Quote
- check from host with traceroute with and public IP address (e.g. 8.8.8.8) and with (www.google.com). This checks gateway and DNS functionality
I used 8.8.8.8 as my DNS. Names resolve fine at the pfsense box.

Quote
No need for any inbound rules if you just want to connect from the LAN to internet.
I have a couple of servers I need to forward to, and set those rules up.

Quote
Outbound rules on automatic is correct
Thought so. That's where that firewall LAN rule came from, right? (The second one.)

All of those had been done before I tried it...and got nothing through.

Offline Nachtfalke

  • Hero Member
  • *****
  • Posts: 2753
  • Karma: +0/-0
    • View Profile
Re: Nothing getting out from LAN to WAN
« Reply #3 on: February 25, 2012, 09:32:13 am »
The firewall rules:
the first one (on top) ist just to make sure that you don't lockout from the GUI
the second rules is a default rule after installation which should allow all users on the LAn to connect to the internet. you can delete or edit the rule if you like. It has nothing to do with NAT or Portforwarding.

Can you ping the pfsense LAN interface from your hosts ?
Can you ping the pfsense WAN address from your hosts ?

Offline jmaynard

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Nothing getting out from LAN to WAN
« Reply #4 on: February 25, 2012, 10:06:28 am »
Can you ping the pfsense LAN interface from your hosts ?
Can you ping the pfsense WAN address from your hosts ?
Yes and yes. I can't ping the pfsense default gateway on the WAN from my hosts, though.

Offline jmaynard

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Nothing getting out from LAN to WAN
« Reply #5 on: February 25, 2012, 06:30:03 pm »
Solved.

My LAN is on a non-RFC1918 network, and the automatic NAT rules weren't being generated. I turned off the automatic NAT ont he LAN port, put in a manual rule, then went and changed the LAN network rule on the firewall outbound side to the real LAN network instead of whatever it had been using. Works fine now.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Nothing getting out from LAN to WAN
« Reply #6 on: February 25, 2012, 07:26:23 pm »
My LAN is on a non-RFC1918 network

That's bad, fix that. Your work around will work, but will leave you with broken connectivity to whoever actually owns those IPs.