Try to uncheck under wan 'block private network'.
On Tue, Jan 14, 2014 at 8:33 PM, Walter Parker <[email protected]> wrote: > If the WAN interface is set to DHCP, then I think there is an option to > override/not override the DNS server addresses from the DHCP server. Check > that. Check that the rule passes TCP&UDP. When I've had this problem > before, I also check from the shell, but then again, I'm an oldtime FreeBSD > user, so I don't fear the CLI (check /etc/resolv.conf). > > > Walter > > > On Tue, Jan 14, 2014 at 5:26 PM, [email protected] <[email protected]>wrote: > >> It has 8.8.8.8 & 8.8.4.4 >> >> What do you mean by over ride? Where is that located? As for a rule for >> 53 I have one I'm there to allow all. Wouldn't that cover it? >> >> Sent from my HTC >> >> >> ----- Reply message ----- >> From: "Walter Parker" <[email protected]> >> To: "pfSense support and discussion" <[email protected]> >> Subject: [pfSense] WAN not accepting traffic >> Date: Tue, Jan 14, 2014 8:04 pm >> >> >> You might check the DNS settings on the PFSense router itself to make >> sure that it has valid IP addresses for DNS servers. Also check on the >> override flags (and maybe add a rule for 53 DNS traffic). >> >> >> Walter >> >> >> On Tue, Jan 14, 2014 at 4:47 PM, Brian Caouette <[email protected]> wrote: >> >>> I think we've made progress. Things in management that didn't work are >>> now working. Before it was not able to do a ping or tracert and now they >>> do. I think the issue is dns related now because Windows 8 laptop reports a >>> dns error. Also the dns lookup in management doesn't give me any results. >>> So for whatever reason its not being passed to the lan. >>> >>> >>> On 1/14/2014 1:13 PM, Walter Parker wrote: >>> >>> From the PFSense UI, select Firewall->NAT. Then click on the Outbound >>> tab. Then select the Manual Outbound NAT rule generation radio button (this >>> turns off Automatic outbound NAT rule generation). Then delete/deactive the >>> mapping that has your LAN network as a source. This is what is messing up >>> your routing of packets from the linksys to the LAN side of the PFSense >>> router. The option you turned off stops spoofing attacks on a router and >>> turning it off is required when routing private networks, but does do the >>> whole job (you also need to disable NATing to complete the job). >>> >>> >>> >>> >>> Walter >>> >>> >>> >>> On Tue, Jan 14, 2014 at 10:01 AM, Brian Caouette <[email protected]>wrote: >>> >>>> The pf wan port is plugged into my Linksys ap so it is already behind >>>> nat hence the reason I unchecked the option under the interface tab to >>>> block reserved ips. I see no reason to use nat again. I'm open to >>>> recommendations as to the easiest solution. Pretty sure I did create a rule >>>> to allow all traffic on both lan and wan. I will confirm as soon as I have >>>> access to the machine again. I do see sever options for nat. I think I did >>>> uncheck the option to disable it but nothing changed. If you can give me a >>>> step by step what to check / uncheck, etc... To recap my setup is: >>>> >>>> Cable Modem (public ip with a 192.168.100.1 management port -> Linksys >>>> AP dhcp to modem 192.168.100.1 lan ip with all connected pc's in this range >>>> including -> PF 192.168.100.20 and pf lan of 192.168.1.1 of which is dhcp >>>> assigns my laptop .101 when plugged in. >>>> >>>> Brian >>>> >>>> >>>> On 1/14/2014 12:50 PM, Walter Parker wrote: >>>> >>>> By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN >>>> traffic, you will need to allow it (add rules on both the WAN and LAN >>>> sides). But you might want to notice something else. If PFSense is >>>> operating as a straight up router where you don't want NATing of the LAN >>>> packets, then you will need to disable NAT. By default, it is auto-enabled >>>> for the LAN side. This is what often prevents the "LAN" side from being >>>> seen by the WAN side. If you don't want any "firewall" style rules, just >>>> routing, you can turn off all the firewall rules from one of the advanced >>>> options. >>>> >>>> You need to decide how you want to use PFSense inside the network. >>>> I'd make sure that there is only one NAT router on the network, use the >>>> router that has the actual "real-world IP" connection. Don't NAT on the >>>> other routers and live will be much easier. >>>> >>>> >>>> Walter >>>> >>>> >>>> On Tue, Jan 14, 2014 at 9:40 AM, Brian Caouette <[email protected]>wrote: >>>> >>>>> Confirmed but as I said its the WAN blocking external traffic from >>>>> what I see. >>>>> >>>>> Brian >>>>> >>>>> >>>>> On 1/14/2014 12:04 PM, Robert Pickett wrote: >>>>> >>>>>> I would start off by checking the firewall section of pfSense to make >>>>>> sure that the LAN has a default allow statement. It should say something >>>>>> like LAN -> any or something like that. >>>>>> >>>>>> -Robert >>>>>> >>>>>> On 1/14/2014 8:53 AM, Brian Caouette wrote: >>>>>> >>>>>>> I've downloaded Pfsense Live 2.1 and installed it on an old machine >>>>>>> with two nics. The pf machine can ping internally and externally with no >>>>>>> issues. I was able to jump to shell and telnet out to a bbs I'm part of. >>>>>>> Now on the LAN nothing works except the pf web management screen. I have >>>>>>> looked at the logs and it shows all blocked packets for incoming on the >>>>>>> WAN. I went a step further and create a rule to all all traffic on the >>>>>>> WAN >>>>>>> to no avail. My network is as follows: >>>>>>> >>>>>>> Cable Modem -> Linksys AP -> PF. >>>>>>> >>>>>>> Yes I know its a little backwards but it should still work as I also >>>>>>> have another ap feeding off the Linksys for a different zone in our >>>>>>> house >>>>>>> with no issues. >>>>>>> >>>>>>> Any idea why the PF lan does not work? Yes I did disable the option >>>>>>> to disable private addresses since pf is behind another router with a >>>>>>> private ip. >>>>>>> _______________________________________________ >>>>>>> List mailing list >>>>>>> [email protected] >>>>>>> http://lists.pfsense.org/mailman/listinfo/list >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> List mailing list >>>>>> [email protected] >>>>>> http://lists.pfsense.org/mailman/listinfo/list >>>>>> >>>>> >>>>> _______________________________________________ >>>>> List mailing list >>>>> [email protected] >>>>> http://lists.pfsense.org/mailman/listinfo/list >>>>> >>>> >>>> >>>> >>>> -- >>>> The greatest dangers to liberty lurk in insidious encroachment by >>>> men of zeal, well-meaning but without understanding. -- Justice Louis >>>> D. Brandeis >>>> >>>> >>>> _______________________________________________ >>>> List mailing >>>> [email protected]http://lists.pfsense.org/mailman/listinfo/list >>>> >>>> >>>> >>>> _______________________________________________ >>>> List mailing list >>>> [email protected] >>>> http://lists.pfsense.org/mailman/listinfo/list >>>> >>>> >>> >>> >>> -- >>> The greatest dangers to liberty lurk in insidious encroachment by men of >>> zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis >>> >>> >>> _______________________________________________ >>> List mailing >>> [email protected]http://lists.pfsense.org/mailman/listinfo/list >>> >>> >>> >>> _______________________________________________ >>> List mailing list >>> [email protected] >>> http://lists.pfsense.org/mailman/listinfo/list >>> >>> >> >> >> -- >> The greatest dangers to liberty lurk in insidious encroachment by men of >> zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis >> >> _______________________________________________ >> List mailing list >> [email protected] >> http://lists.pfsense.org/mailman/listinfo/list >> >> > > > -- > The greatest dangers to liberty lurk in insidious encroachment by men of > zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > > -- Alexandre
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
