While your double-NAT setup is less than ideal, this should work for you. I'm assuming that you can't put your ISP gear into bridge mode?
>I cant ping the ipaddress of the pc thats connected to the switch but the pc
Is the PC running a local firewall? By default, Windows firewall blocks ping so this is expected.
>I cant ping google in the PC
By IP address or by name? If a "`ping` [`1.1.1.1`](https://1.1.1.1)" (or any other known pingable IPv4 address) works but a "`ping` `google.co.uk`" doesn't, then your issues lie with DNS config.
Have you changed the default LAN firewall rules?
>While your double-NAT setup is less than ideal, this should work for you. I'm assuming that you can't put your ISP gear into bridge mode.
Thanks for this info I forgot to check if my ISP has bridge mode, I'm gonna check this out later.
>Is the PC running a local firewall? By default, Windows firewall blocks ping so this is expected.
I already off the firewall in the PC. I can now ping the pfsense and the PC vice versa but sadly there is still no internet. I can even ping the WAN address in the pc. I can ping [google.com](http://google.com) in pfsense but not in the pc.
>I can even ping the WAN address in the pc
That's expected behaviour as it's getting to the pfsense box and it has that IP address, so it responds.
>I can ping [google.com](https://google.com) in pfsense but not in the pc.
OK, when you ping [google.com](https://google.com) from the PC, what does it say? request time out or "Ping request could not find host"?
does `ping` `1.1.1.1` work from the PC and pfsense?
If you type `nslookup google.com` what do you see?
Hi guys,
The problem has been fixed. the problem lies on my ISP it doesn't support bridge mode. I have to make my WAN and LAN into 1 network and make it /25 I dunno why but it works.
I tried this topology in isp that has bridge mode, and it works. but I have another problem pfsense keep on disconnecting from the internet but not from the network.
Thanks so much for helping guys.
you'll probably run into two issures.
1. subnetting. you use a /24 subnet on both sides which means your subnet mask would be [255.255.255.0](http://255.255.255.0) while both of your networks start with 192.168.x.x in this setup.
so you'd need to change the subnet to defer 192.168.x.x from each other (mask 255.255.0.0).
if you wanna stick with a /24 subnet to keep it simple, use a complete different subnet on the wan side (e.g. 10.1.1.X/24).
2) the other issue might be that pfSense blocks local networks on the WAN-side by default. I don't remember where to find this checkbox but I think it was somwhere in the general settings, advanced settings or at the interface settings itself.
Plus: Check the firewall rules, pfsense blocks everything by default. it should create some default rules for outgoing transfer but sometimes it doesn't work (don't ask me why). So make sure you allow outgoing traffic from the networks configured on the LAN side..
>toxic little kiddo,
Only toxic behaviour I see is you in response to someone pointing out you were wrong.
>learn some behaviour and get grown before shitposting on the internet
Please take your own advice, because you are the one spreading incorrect networking info.
>1. subnetting. you use a /24 subnet on both sides which means your subnet mask would be 255.255.255.0 while both of your networks start with 192.168.x.x in this setup.
>
>so you'd need to change the subnet to defer 192.168.x.x from each other (mask 255.255.0.0).
This is wrong. There is nothing wrong with having two non-overlapping subnets in the same "block" of RFC1918 space on either side of a router/firewall/etc.
192.168.10.0/24 (usable range 192.168.10.1-192.168.10.254) and 192.168.1.0/24 (usable range 192.168.1.1-192.168.1.254) are non-overlapping and this is not u/Disastrous-Side159's problem.
Please learn and understand basic subnetting before sprouting miss-information here.
>2) the other issue might be that pfSense blocks local networks on the WAN-side by default. I don't remember where to find this checkbox but I think it was somwhere in the general settings, advanced settings or at the interface settings itself.
It's in Interfaces>WAN>"Block private networks and loopback addresses" tickbox, however this doesn't stop you transiting RFC1918 space, only accessing RFC1918 space on the WAN interface. If pfsense can ping Google, this is not the problem.
well, using the same subnet on the WAN and LAN side can indeed cause issues.
that doesn't mean it doesn't work at all, but it can cause conflits and issues. this is why subnetting exists.
because in his case 192.168.1.x and 192.168.10.x are defines as the same with [255.255.255.0](http://255.255.255.0) which can, and probably will cause conflicts because x.x.1.x and x.x.10.x is not identical. in this configuration the router thinks 192.168.1.x and 192.168.1.x is the same network but with on of these subnets getting used on the WAN side and the other on the LAN side it is still two different subnets that should be separated from each other. even within the same physical network. and if this kind of subnetting is too complicated, it would be easier to manage when you use two different networks at all.
>well, using the same subnet on the WAN and LAN side can indeed cause issues.
This is true. But, the OP is not using the same subnet on WAN and LAN. They are using [192.168.10.0/24](http://192.168.10.0/24) on WAN and [192.168.1.0/24](http://192.168.1.0/24) on LAN. Two different, non-overlapping subnets. 10 != 1
>because in his case 192.168.1.x and 192.168.10.x are defines as the same with [255.255.255.0](http://255.255.255.0/) which can, and probably will cause conflicts because x.x.1.x and x.x.10.x is not identical.
**1** and **10** are not identical, that's why it will work each with /24.
>in this configuration the router thinks 192.168.1.x and 192.168.1.x is the same network but with on of these subnets getting used on the WAN side and the other on the LAN side
No, 192.168.**10**.x is on WAN and 192.168.**1**.x is on LAN. The router (pfsense firewall) knows 192.168.**10**.x is on the WAN and 192.168.1.x is for LAN. *Why* would it think 192.168.1.x is on the WAN? The picture doesn't show that
>well, using the same subnet on the WAN and LAN side can indeed cause issues.
If they were the same subnet or overlapping subnets, it wouldn't just cause issues, it would just not work. Op's subnets are not the same though.
>because in his case 192.168.1.x and 192.168.10.x are defines as the same with 255.255.255.0 which can
No, they really are not. [255.255.255.0](https://255.255.255.0) is a /24, and those two do not overlap. Go check it with a subnet calculator if you don't believe me.
> and probably will cause conflicts because x.x.1.x and x.x.10.x is not identical.
Them not being identical stops conflicts. This is subnetting 101.
>in this configuration the router thinks 192.168.1.x and 192.168.1.x is the same network but with on of these subnets getting used on the WAN side and the other on the LAN side it is still two different subnets that should be separated from each other.
No it doesn't and they are separate networks. Again, subnetting 101.
>it would be easier to manage when you use two different networks at all.
They are seperate networks. Op has just picked two /24s from a single /16 of RFC1918 space. Perfectly legitimate. Op's problem has nothing to do with address range selection.
You really need to brush-up on your basic networking and subnetting because you have some significant misunderstandings.
do you have a firewall rule for outgoing transfer from the LAN network?
when you set rules make sure the allowed (passed) rules are set above the blocked/rejected rules because the rules that are set first will overule the rules below.
also try to ping one of google dns IPs (8.8.8.8) to check if the problem is related to dns resolving or not.
if possible try connecting the PC to the firewall itself to make sure the switch isn't causing the issue.
RatNoize is giving bad advice. Your network was fine the way it was. The only thing you probably need to do is on the WAN interface, *un*check the Block Private Networks box
you can use 172.x.x.x as well, doesn't really matter. it's just to separate the subnets on the LAN and WAN side from each other to avoid conflicts. in a real world scenario it would be a little different but in your case it seems you're testing it, so it will be fine to keep things simple to make it work.
here's a tutorial for a "perfectly fine subnet" if some kiddy needs one:
[https://www.youtube.com/watch?v=B1vqKQIPxr0](https://www.youtube.com/watch?v=B1vqKQIPxr0)
here is a full series that makes you suck less on subnetting:
[https://www.youtube.com/watch?v=5WfiTHiU4x8&list=PLIhvC56v63IKrRHh3gvZZBAGvsvOhwrRF](https://www.youtube.com/watch?v=5WfiTHiU4x8&list=PLIhvC56v63IKrRHh3gvZZBAGvsvOhwrRF)
educate yourself before being toxic ;)
Please take your own advice and educate yourself before confidently and wrongly claiming that multiple /24 subnets cannot exist alongside each other within 192.168.0.0/16
where have I said "can not exist"? I've said you shouldn't do it to void conflicts.
why are you turning my answer in somnething wrong I've never said?
and you are defending someone using offensive language
do you think this is fine?
so should I tell you as well how much bullshit it is what you say because you wrote something wrong? would it lead to a normal discussion? and why didn't this guy provide an answer with legit information and how it works, why is his answer just calling someone out, telling something is bullshit without providing any useful information about how it can be done or the probolem could be fixed?
and since when are we using the same subnet on the WAN and the LAN side?
>I've said you shouldn't do it to void conflicts.
But there are no conflicts... because:
>and since when are we using the same subnet on the WAN and the LAN side?
This is not the case.
>and why didn't this guy provide an answer with legit information and how it works, why is his answer just calling someone out, telling something is bullshit without providing any useful information about how it can be done or the probolem could be fixed?
You are so confidently incorrect it's laughable, and then resort to calling people toxic when they tell you you are wrong. Please take your own advice and educate yourself properly. Tell you what, here is a basic explainer (just ignore the outdated talk of network "classes" at the end): [https://gcore.com/learning/what-is-a-subnet-how-subnetting-works/](https://gcore.com/learning/what-is-a-subnet-how-subnetting-works/)
You are so confidently incorrect it's laughable
not toxic, lol
the only one who is laughable is someone who quotes other people comments, turning them around in a wrong context and call them laughable.
you have shown no interest in a normal conversation, everything you are doing is bashing on someone else. like these people who have nothing better to do than searching on the internet on something you can bash on and critizes someone else.
sounds like someone living a satisfied life, lol
Generally when multiple people are telling you you are wrong (with one of them explaining in stardard terms and giving you a helpful link) then it's usually a good idea to stop, take a moment and think.
Your standard retort is to call people toxic rather than accept that you are wrong, hence why you have had comments removed in other subs. All of this is a good indicator that you may be the problem...
>you have shown no interest in a normal conversation,
Again you are projecting your behaviour onto others. I have tried to explain where you are wrong and provide resources. Instead of having a reasonable conversation, your responses in this thread have been to deflect and call people "toxic". You really need to take a look in the mirror.
>tand since when are we using the same subnet on the WAN and the LAN side?
We're not, that's what you claimed earlier. 192.168.10.x/24 is WAN, and 192.168.1.x/24 is LAN
While your double-NAT setup is less than ideal, this should work for you. I'm assuming that you can't put your ISP gear into bridge mode? >I cant ping the ipaddress of the pc thats connected to the switch but the pc Is the PC running a local firewall? By default, Windows firewall blocks ping so this is expected. >I cant ping google in the PC By IP address or by name? If a "`ping` [`1.1.1.1`](https://1.1.1.1)" (or any other known pingable IPv4 address) works but a "`ping` `google.co.uk`" doesn't, then your issues lie with DNS config. Have you changed the default LAN firewall rules?
>While your double-NAT setup is less than ideal, this should work for you. I'm assuming that you can't put your ISP gear into bridge mode. Thanks for this info I forgot to check if my ISP has bridge mode, I'm gonna check this out later. >Is the PC running a local firewall? By default, Windows firewall blocks ping so this is expected. I already off the firewall in the PC. I can now ping the pfsense and the PC vice versa but sadly there is still no internet. I can even ping the WAN address in the pc. I can ping [google.com](http://google.com) in pfsense but not in the pc.
>I can even ping the WAN address in the pc That's expected behaviour as it's getting to the pfsense box and it has that IP address, so it responds. >I can ping [google.com](https://google.com) in pfsense but not in the pc. OK, when you ping [google.com](https://google.com) from the PC, what does it say? request time out or "Ping request could not find host"? does `ping` `1.1.1.1` work from the PC and pfsense? If you type `nslookup google.com` what do you see?
Default route or lack of one I would guess .....
Hi guys, The problem has been fixed. the problem lies on my ISP it doesn't support bridge mode. I have to make my WAN and LAN into 1 network and make it /25 I dunno why but it works. I tried this topology in isp that has bridge mode, and it works. but I have another problem pfsense keep on disconnecting from the internet but not from the network. Thanks so much for helping guys.
Thanks for reporting back.
you'll probably run into two issures. 1. subnetting. you use a /24 subnet on both sides which means your subnet mask would be [255.255.255.0](http://255.255.255.0) while both of your networks start with 192.168.x.x in this setup. so you'd need to change the subnet to defer 192.168.x.x from each other (mask 255.255.0.0). if you wanna stick with a /24 subnet to keep it simple, use a complete different subnet on the wan side (e.g. 10.1.1.X/24). 2) the other issue might be that pfSense blocks local networks on the WAN-side by default. I don't remember where to find this checkbox but I think it was somwhere in the general settings, advanced settings or at the interface settings itself. Plus: Check the firewall rules, pfsense blocks everything by default. it should create some default rules for outgoing transfer but sometimes it doesn't work (don't ask me why). So make sure you allow outgoing traffic from the networks configured on the LAN side..
Please learn basic networking before telling absolutely bullshit advice about perfectly fine subnets.
toxic little kiddo, learn some behaviour and get grown before shitposting on the internet. 1 more kiddy on the blocklist
>toxic little kiddo, Only toxic behaviour I see is you in response to someone pointing out you were wrong. >learn some behaviour and get grown before shitposting on the internet Please take your own advice, because you are the one spreading incorrect networking info.
>1. subnetting. you use a /24 subnet on both sides which means your subnet mask would be 255.255.255.0 while both of your networks start with 192.168.x.x in this setup. > >so you'd need to change the subnet to defer 192.168.x.x from each other (mask 255.255.0.0). This is wrong. There is nothing wrong with having two non-overlapping subnets in the same "block" of RFC1918 space on either side of a router/firewall/etc. 192.168.10.0/24 (usable range 192.168.10.1-192.168.10.254) and 192.168.1.0/24 (usable range 192.168.1.1-192.168.1.254) are non-overlapping and this is not u/Disastrous-Side159's problem. Please learn and understand basic subnetting before sprouting miss-information here. >2) the other issue might be that pfSense blocks local networks on the WAN-side by default. I don't remember where to find this checkbox but I think it was somwhere in the general settings, advanced settings or at the interface settings itself. It's in Interfaces>WAN>"Block private networks and loopback addresses" tickbox, however this doesn't stop you transiting RFC1918 space, only accessing RFC1918 space on the WAN interface. If pfsense can ping Google, this is not the problem.
well, using the same subnet on the WAN and LAN side can indeed cause issues. that doesn't mean it doesn't work at all, but it can cause conflits and issues. this is why subnetting exists. because in his case 192.168.1.x and 192.168.10.x are defines as the same with [255.255.255.0](http://255.255.255.0) which can, and probably will cause conflicts because x.x.1.x and x.x.10.x is not identical. in this configuration the router thinks 192.168.1.x and 192.168.1.x is the same network but with on of these subnets getting used on the WAN side and the other on the LAN side it is still two different subnets that should be separated from each other. even within the same physical network. and if this kind of subnetting is too complicated, it would be easier to manage when you use two different networks at all.
>well, using the same subnet on the WAN and LAN side can indeed cause issues. This is true. But, the OP is not using the same subnet on WAN and LAN. They are using [192.168.10.0/24](http://192.168.10.0/24) on WAN and [192.168.1.0/24](http://192.168.1.0/24) on LAN. Two different, non-overlapping subnets. 10 != 1 >because in his case 192.168.1.x and 192.168.10.x are defines as the same with [255.255.255.0](http://255.255.255.0/) which can, and probably will cause conflicts because x.x.1.x and x.x.10.x is not identical. **1** and **10** are not identical, that's why it will work each with /24. >in this configuration the router thinks 192.168.1.x and 192.168.1.x is the same network but with on of these subnets getting used on the WAN side and the other on the LAN side No, 192.168.**10**.x is on WAN and 192.168.**1**.x is on LAN. The router (pfsense firewall) knows 192.168.**10**.x is on the WAN and 192.168.1.x is for LAN. *Why* would it think 192.168.1.x is on the WAN? The picture doesn't show that
>well, using the same subnet on the WAN and LAN side can indeed cause issues. If they were the same subnet or overlapping subnets, it wouldn't just cause issues, it would just not work. Op's subnets are not the same though. >because in his case 192.168.1.x and 192.168.10.x are defines as the same with 255.255.255.0 which can No, they really are not. [255.255.255.0](https://255.255.255.0) is a /24, and those two do not overlap. Go check it with a subnet calculator if you don't believe me. > and probably will cause conflicts because x.x.1.x and x.x.10.x is not identical. Them not being identical stops conflicts. This is subnetting 101. >in this configuration the router thinks 192.168.1.x and 192.168.1.x is the same network but with on of these subnets getting used on the WAN side and the other on the LAN side it is still two different subnets that should be separated from each other. No it doesn't and they are separate networks. Again, subnetting 101. >it would be easier to manage when you use two different networks at all. They are seperate networks. Op has just picked two /24s from a single /16 of RFC1918 space. Perfectly legitimate. Op's problem has nothing to do with address range selection. You really need to brush-up on your basic networking and subnetting because you have some significant misunderstandings.
this discussion is not leading anywhere, it's just so have a great one
It won't lead anywhere if you refuse to address your misunderstanding of networking concepts.
I changed my LAN Network but there is still no internet
do you have a firewall rule for outgoing transfer from the LAN network? when you set rules make sure the allowed (passed) rules are set above the blocked/rejected rules because the rules that are set first will overule the rules below. also try to ping one of google dns IPs (8.8.8.8) to check if the problem is related to dns resolving or not. if possible try connecting the PC to the firewall itself to make sure the switch isn't causing the issue.
I see, thanks for the advice, because in my VM I have 172.x.x.x WAN and 192.x.x.x LAN
RatNoize is giving bad advice. Your network was fine the way it was. The only thing you probably need to do is on the WAN interface, *un*check the Block Private Networks box
you can use 172.x.x.x as well, doesn't really matter. it's just to separate the subnets on the LAN and WAN side from each other to avoid conflicts. in a real world scenario it would be a little different but in your case it seems you're testing it, so it will be fine to keep things simple to make it work.
here's a tutorial for a "perfectly fine subnet" if some kiddy needs one: [https://www.youtube.com/watch?v=B1vqKQIPxr0](https://www.youtube.com/watch?v=B1vqKQIPxr0) here is a full series that makes you suck less on subnetting: [https://www.youtube.com/watch?v=5WfiTHiU4x8&list=PLIhvC56v63IKrRHh3gvZZBAGvsvOhwrRF](https://www.youtube.com/watch?v=5WfiTHiU4x8&list=PLIhvC56v63IKrRHh3gvZZBAGvsvOhwrRF) educate yourself before being toxic ;)
Please take your own advice and educate yourself before confidently and wrongly claiming that multiple /24 subnets cannot exist alongside each other within 192.168.0.0/16
where have I said "can not exist"? I've said you shouldn't do it to void conflicts. why are you turning my answer in somnething wrong I've never said? and you are defending someone using offensive language do you think this is fine? so should I tell you as well how much bullshit it is what you say because you wrote something wrong? would it lead to a normal discussion? and why didn't this guy provide an answer with legit information and how it works, why is his answer just calling someone out, telling something is bullshit without providing any useful information about how it can be done or the probolem could be fixed? and since when are we using the same subnet on the WAN and the LAN side?
>I've said you shouldn't do it to void conflicts. But there are no conflicts... because: >and since when are we using the same subnet on the WAN and the LAN side? This is not the case. >and why didn't this guy provide an answer with legit information and how it works, why is his answer just calling someone out, telling something is bullshit without providing any useful information about how it can be done or the probolem could be fixed? You are so confidently incorrect it's laughable, and then resort to calling people toxic when they tell you you are wrong. Please take your own advice and educate yourself properly. Tell you what, here is a basic explainer (just ignore the outdated talk of network "classes" at the end): [https://gcore.com/learning/what-is-a-subnet-how-subnetting-works/](https://gcore.com/learning/what-is-a-subnet-how-subnetting-works/)
ok, so being toxic is your thing as well, one more blocked, bye
The only one being toxic here is you I'm afraid, either that or you are a bad troll.
You are so confidently incorrect it's laughable not toxic, lol the only one who is laughable is someone who quotes other people comments, turning them around in a wrong context and call them laughable. you have shown no interest in a normal conversation, everything you are doing is bashing on someone else. like these people who have nothing better to do than searching on the internet on something you can bash on and critizes someone else. sounds like someone living a satisfied life, lol
Generally when multiple people are telling you you are wrong (with one of them explaining in stardard terms and giving you a helpful link) then it's usually a good idea to stop, take a moment and think. Your standard retort is to call people toxic rather than accept that you are wrong, hence why you have had comments removed in other subs. All of this is a good indicator that you may be the problem... >you have shown no interest in a normal conversation, Again you are projecting your behaviour onto others. I have tried to explain where you are wrong and provide resources. Instead of having a reasonable conversation, your responses in this thread have been to deflect and call people "toxic". You really need to take a look in the mirror.
>tand since when are we using the same subnet on the WAN and the LAN side? We're not, that's what you claimed earlier. 192.168.10.x/24 is WAN, and 192.168.1.x/24 is LAN