A couple clarifications...the ping from LAN to the WAN gateway is timing out, not saying "unreachable" or something like that. I can ping the router's WAN IP (and CARP WAN IP) from the LAN, as allowed by firewall rule.
-- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates Sent: Thursday, November 30, 2017 3:44 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [pfSense] pfSense can get to Internet but LAN cannot Short version: a PC on the LAN cannot ping the router's gateway, though the router can ping it and get to the Internet. Routing table looks OK, default firewall rule isn't blocking packets (rule to allow LAN to any is in place), and it's not a private IP address. Looking for suggestions? We are replacing two routers using CARP with two 4860s. I edited the saved configuration files to add two LAGGs, and changed the interfaces to match the new hardware. As I said ping/traceroute/nslookup from the pfSense to the Internet works fine. Route table shows the proper gateway IP as the default. We have tried changing off the LAGGs, no difference. A traceroute from the PC shows the pfSense router LAN IP as expected but not the gateway which is the next hop. It's as if the routing isn't sending packets out the WAN? I have rebooted the routers, and disabled CARP and disconnected the second router (and changed the PC gateway accordingly). Changing the PC to an IP on the WAN side and plugging it into the gateway router works fine to get past the gateway. -- Steve Yates ITS, Inc. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold