Reader’s Mailbag: 1-7-2015

I received an e-mail from a reader stating that even though he had an internet connection, he could not access the internet through his pfSense firewall. It occurred to me that there might be several reasons why this might be the case:

  • pfSense’s WAN interface isn’t connected to the uplink/modem.
  • The local network isn’t connected to pfSense’s LAN interface.
  • The WAN and LAN interfaces are set up correctly, but there may be another configuration issue (e.g., traffic between the WAN and LAN is blocked).

I am assuming the user’s setup (when functioning) looks something like this:

	LAN <-> pfSense box  <-> WAN <-> Internet

I advised as a first step to try to ping a server on the internet. If this is successful, then at a minimum, we know the WAN interface is set up correctly. If not, then we have a WAN configuration issue, which could be one of the following:

  • The network interface card (NIC) for the WAN interface is broken and needs to be replaced.
  • The WAN interface is functioning, but it is not connected to the internet (usually through a modem).
  • The WAN interface is functioning and is connected to the internet, but it has not been configured properly.

If the WAN interface is set up correctly, then we have other issues to consider. We have internet connectivity and can access the internet from our pfSense box, but not from the LAN. If we can ping another host on the LAN, then the LAN is functioning. If not, then we need to find out why; the issue could be a malfunctioning or misconfigured NIC and/or router or switch.

If we can ping other computers on the LAN, then the problem may still be a configuration issue with the router. We need to make sure the router is pointed towards the LAN; the default gateway address, wherever it is set on your router, needs to be set to pfSense’s LAN address. Also, if you are using your router to do DHCP, you need to make sure this is set up properly as well.

Another possibility is to have your standalone router configured as a wireless access point (WAP). In this case, you still need to make sure the default gateway is the IP address of pfSense’s LAN interface. You also need to make sure the uplink port on the router is connected to pfSense’s LAN interface. Since your router will not be doing DHCP assignment, you need to set up pfSense to do this. You can do this by going to Services -> DHCP server, clicking on the tab for the LAN interface, and clicking on the “Enable DHCP server on LAN interface” checkbox. At a minimum, you will want to define a “Range” for DHCP assignment (make sure it does not conflict with your router IP address or any of the IP addresses for pfSense’s interfaces). Press the “Save” button at the bottom of the page to save the changes.

If we know the router/switch is set up properly and the gateway is pointed towards the pfSense LAN interface, it may be possible that pfSense is somehow blocking traffic between the LAN and WAN. At this point, we probably should check the firewall rules and make sure this is not the case.

I think this should be a good start for anyone trying to troubleshoot a similar conncectivity issue, but it is not necessarily an exhaustive guide. If anyone has any further suggestions, I’d love to hear them.

External Links:

The official pfSense site

Be Sociable, Share!

Speak Your Mind


© 2013 David Zientara. All rights reserved. Privacy Policy