User unable to access Internet through pfSense firewall
Hello,
I am deploying pfSense firewall following the topology bellow:
Where FW1 is a router connected to Internet using a leased line connection, and pfSense firewall is located in a BACKBONE network, different as users networks.
I add too, that this is a new setup of this firewall, and connectivity in both sides is verified, i mean:
And the firewall, says that i have not the right to do so.
I'd appreciate any help from you Experts.
Regards.
I am deploying pfSense firewall following the topology bellow:
Where FW1 is a router connected to Internet using a leased line connection, and pfSense firewall is located in a BACKBONE network, different as users networks.I add too, that this is a new setup of this firewall, and connectivity in both sides is verified, i mean:
- Connection to internet : i was able to download new package SQUID/SQUIDGard from Package Manager
- Connection to the LAN : i can access firewall from my pc, and i can see SQUID error message, when i try to open a website
And the firewall, says that i have not the right to do so.
I'd appreciate any help from you Experts.
Regards.
Soulja
Do all of your routers have routes back to your source network? That is the first thing I would check since it seams you are going through multiple hops.
ASKER
yes of course. i even can manage pfsense from my desktop and squid error web page is displayed when i try to access internet.
i confirm that pfsense can reach internet too.
thanks for your reply
i confirm that pfsense can reach internet too.
thanks for your reply
From the router the pc is behind, can you access the internet?
ASKER
yes, router can reach isp and internet
pfsense can reach router, isp and internet, i even updated pfsense and downloaded packages
for pc, i have created rules for http, https and ftp. but still pc cannot access internet.
thank you for your help
pfsense can reach router, isp and internet, i even updated pfsense and downloaded packages
for pc, i have created rules for http, https and ftp. but still pc cannot access internet.
thank you for your help
ASKER
the pc should connect to internet through pfsense which is in another network, ie behind router
what does your firewall rule look like? Source --> Destination: Service. Also, when you attempt from the computer, what is the fw logs in the PSense stating.
ASKER
source (alias because it's a group of computers that need to connect to internet) -> destination (all networks or wan net, tried both) -> protocols http https ftp...
i think that by default pfsense permits every traffic between lan and wan, am i right?
if so, i believe too that even without any rule configured, there's no access to internet...
thank you for your help
i think that by default pfsense permits every traffic between lan and wan, am i right?
if so, i believe too that even without any rule configured, there's no access to internet...
thank you for your help
Is the pfsense doing any type of Natting?
ASKER
only the defaults. for outbound traffic there's only the auto created rules and outbound nat mode is set to automatic
When you tested from the router connected to your computer. Did you source the test from the interface of the network the computer is attached to?
ASKER
Hello Sir,
I reset pfSense to Factory default settings, deleted all interfaces except WAN and LAN. I would like to know now how can i make users from different subnets connect through pfsense (the solution of creating different virtual interface for every subnet cannot be done, because i have several subnets).
Thank you
I reset pfSense to Factory default settings, deleted all interfaces except WAN and LAN. I would like to know now how can i make users from different subnets connect through pfsense (the solution of creating different virtual interface for every subnet cannot be done, because i have several subnets).
Thank you
ASKER
Hello Sir,
I figured out what was my problem.
I installed SQUID Proxy Server package, then added my subnet in the allowed Subnets and everything works so fine now.
Thank you.
I figured out what was my problem.
I installed SQUID Proxy Server package, then added my subnet in the allowed Subnets and everything works so fine now.
Thank you.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.