If the WAN interface is set to DHCP, then I think there is an option to override/not override the DNS server addresses from the DHCP server. Check that. Check that the rule passes TCP&UDP. When I've had this problem before, I also check from the shell, but then again, I'm an oldtime FreeBSD user, so I don't fear the CLI (check /etc/resolv.conf).
Walter On Tue, Jan 14, 2014 at 5:26 PM, [email protected] <[email protected]> wrote: > It has 8.8.8.8 & 8.8.4.4 > > What do you mean by over ride? Where is that located? As for a rule for 53 > I have one I'm there to allow all. Wouldn't that cover it? > > Sent from my HTC > > > ----- Reply message ----- > From: "Walter Parker" <[email protected]> > To: "pfSense support and discussion" <[email protected]> > Subject: [pfSense] WAN not accepting traffic > Date: Tue, Jan 14, 2014 8:04 pm > > > You might check the DNS settings on the PFSense router itself to make sure > that it has valid IP addresses for DNS servers. Also check on the override > flags (and maybe add a rule for 53 DNS traffic). > > > Walter > > > On Tue, Jan 14, 2014 at 4:47 PM, Brian Caouette <[email protected]> wrote: > >> I think we've made progress. Things in management that didn't work are >> now working. Before it was not able to do a ping or tracert and now they >> do. I think the issue is dns related now because Windows 8 laptop reports a >> dns error. Also the dns lookup in management doesn't give me any results. >> So for whatever reason its not being passed to the lan. >> >> >> On 1/14/2014 1:13 PM, Walter Parker wrote: >> >> From the PFSense UI, select Firewall->NAT. Then click on the Outbound >> tab. Then select the Manual Outbound NAT rule generation radio button (this >> turns off Automatic outbound NAT rule generation). Then delete/deactive the >> mapping that has your LAN network as a source. This is what is messing up >> your routing of packets from the linksys to the LAN side of the PFSense >> router. The option you turned off stops spoofing attacks on a router and >> turning it off is required when routing private networks, but does do the >> whole job (you also need to disable NATing to complete the job). >> >> >> >> >> Walter >> >> >> >> On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette <[email protected]>wrote: >> >>> The pf wan port is plugged into my Linksys ap so it is already behind >>> nat hence the reason I unchecked the option under the interface tab to >>> block reserved ips. I see no reason to use nat again. I'm open to >>> recommendations as to the easiest solution. Pretty sure I did create a rule >>> to allow all traffic on both lan and wan. I will confirm as soon as I have >>> access to the machine again. I do see sever options for nat. I think I did >>> uncheck the option to disable it but nothing changed. If you can give me a >>> step by step what to check / uncheck, etc... To recap my setup is: >>> >>> Cable Modem (public ip with a 192.168.100.1 management port -> Linksys >>> AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range >>> including -> PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp >>> assigns my laptop .101 when plugged in. >>> >>> Brian >>> >>> >>> On 1/14/2014 12:50 PM, Walter Parker wrote: >>> >>> By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN >>> traffic, you will need to allow it (add rules on both the WAN and LAN >>> sides). But you might want to notice something else. If PFSense is >>> operating as a straight up router where you don't want NATing of the LAN >>> packets, then you will need to disable NAT. By default, it is auto-enabled >>> for the LAN side. This is what often prevents the "LAN" side from being >>> seen by the WAN side. If you don't want any "firewall" style rules, just >>> routing, you can turn off all the firewall rules from one of the advanced >>> options. >>> >>> You need to decide how you want to use PFSense inside the network. I'd >>> make sure that there is only one NAT router on the network, use the router >>> that has the actual "real-world IP" connection. Don't NAT on the other >>> routers and live will be much easier. >>> >>> >>> Walter >>> >>> >>> On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette <[email protected]>wrote: >>> >>>> Confirmed but as I said its the WAN blocking external traffic from what >>>> I see. >>>> >>>> Brian >>>> >>>> >>>> On 1/14/2014 12:04 PM, Robert Pickett wrote: >>>> >>>>> I would start off by checking the firewall section of pfSense to make >>>>> sure that the LAN has a default allow statement. It should say something >>>>> like LAN -> any or something like that. >>>>> >>>>> -Robert >>>>> >>>>> On 1/14/2014 8:53 AM, Brian Caouette wrote: >>>>> >>>>>> I've downloaded Pfsense Live 2.1 and installed it on an old machine >>>>>> with two nics. The pf machine can ping internally and externally with no >>>>>> issues. I was able to jump to shell and telnet out to a bbs I'm part of. >>>>>> Now on the LAN nothing works except the pf web management screen. I have >>>>>> looked at the logs and it shows all blocked packets for incoming on the >>>>>> WAN. I went a step further and create a rule to all all traffic on the >>>>>> WAN >>>>>> to no avail. My network is as follows: >>>>>> >>>>>> Cable Modem -> Linksys AP -> PF. >>>>>> >>>>>> Yes I know its a little backwards but it should still work as I also >>>>>> have another ap feeding off the Linksys for a different zone in our house >>>>>> with no issues. >>>>>> >>>>>> Any idea why the PF lan does not work? Yes I did disable the option >>>>>> to disable private addresses since pf is behind another router with a >>>>>> private ip. >>>>>> _______________________________________________ >>>>>> List mailing list >>>>>> [email protected] >>>>>> http://lists.pfsense.org/mailman/listinfo/list >>>>>> >>>>> >>>>> _______________________________________________ >>>>> List mailing list >>>>> [email protected] >>>>> http://lists.pfsense.org/mailman/listinfo/list >>>>> >>>> >>>> _______________________________________________ >>>> List mailing list >>>> [email protected] >>>> http://lists.pfsense.org/mailman/listinfo/list >>>> >>> >>> >>> >>> -- >>> The greatest dangers to liberty lurk in insidious encroachment by men of >>> zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis >>> >>> >>> _______________________________________________ >>> List mailing >>> [email protected]http://lists.pfsense.org/mailman/listinfo/list >>> >>> >>> >>> _______________________________________________ >>> List mailing list >>> [email protected] >>> http://lists.pfsense.org/mailman/listinfo/list >>> >>> >> >> >> -- >> The greatest dangers to liberty lurk in insidious encroachment by men of >> zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis >> >> >> _______________________________________________ >> List mailing >> [email protected]http://lists.pfsense.org/mailman/listinfo/list >> >> >> >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list >> >> > > > -- > The greatest dangers to liberty lurk in insidious encroachment by men of > zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > > -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
