Pfsense OPT1 interface no WAN connectivity

1

I have an issue with adding an additional interface in pfsense. I have done this on 1 different port and everything works fine, Its the same hardware as the working one.

When trying to get out to the internet I cant, and the following have been done/checked

  • Firewall rule has been added and is correct (same as working interface)

  • Outbound NAT is setup and in automatic mode

  • I can ping the interfaces static ip that is assigned but cant ping for example 9.9.9.9

  • When I look at the states table for that interface I see the ICMP state for interface IP but I do not see the state for the 9.9.9.9 ping.

  • In pfsense under diagnostic->traceroute and source address OPT1 interface, it does a traceroute fine.

I am stumped and any help in this matter would be really great. Any logs I should look at? Could it be a bad interface?

2

do you have the correct gateway assigned to the OPT interface?

3

The IPv4 Upstream gateway? that is blank, its setup the same as the other networks that work. This is really strange.

interface%20settings
interface%20settings1189×775 75.1 KB

4

you need a gateway in order for it to route out

5

I didn’t need to specify any gateway for other interfaces/networks, the lan interface doesn’t have anything? This in essence is another lan type interface. According to netgate lan type interfaces don’t need an upstream gateway. What gateway would I put into there? Thanks for your help Tom.

Snip
Snip614×687 39 KB

https://forum.netgate.com/topic/87732/interfaces-ipv4-upstream-gateway

6

I misread and thought you were trying to create a second WAN interface, I will assume that you need to make sure you have the proper firewall rules in place for that new interface to pass traffic.

7

No problem, The firewall rule is in place, I only have 1 for now to make this simple rule for outgoing internet.

I did the same thing on a separate physical interface and that one woks fine it seems to be this interface. Could it be a bad interface?

8

Because you can ping the interface, that makes me think that it is not a bad interface, but a rule problem.

9

Naturally that makes sense but it doesn’t work. Attached is a screenshot of the firewall rule
:thinking:

test%20Net
test%20Net1292×443 19.2 KB

10

Maybe the problem is related to your NAT settings? The default setting for outbound NAT should work though, have you touched these at all?

11

Also, a word of caution in case this wasn’t clear to you: From the description you gave the rule it seems this should allow traffic from the test net to the internet, which it technically does. However, it also allows traffic from the test net into any other local net! This might be what you intended, but I noticed the discrepancy and thought I’d let you know.

12

Thanks for pointing this out. I am aware of this and have it setup temporarily for testing.

I doesn’t appear to be a NAT issue, t all looks correct. I did try changing to manual and then to automatic but that didn’t make a difference.

13

Thanks for all the suggestions I was able to make it work after re-installing pfsense and setting up the rules from scratch.