SG-3100 No internet on clients - PPPOE
-
Hello - I'm on version 21.05.1.... factory defaults. Trying to connect to Consolidated Fiber via PPPoE.
What I can do;
Ping google.com from Diagnostics>Ping - WAN
Ping google.com from Diagnostics>Ping - LAN
Ping 8.8.8.8 from client PCWhat I can't do:
ping google.com from client PC
Browse the internet (obviously)Things of note;
Everything works as it should when WAN is using DHCP to other connections. The same PPPoE connection works fine on an edgerouter.Any ideas?
-
@jare-0 If you can ping 8.8.8.8 and can't ping google.com usually the problem is DNS. Can you "nslookup google.com"? What is the DNS server set to on the PC?
-
@steveits Hello thanks for the reply. Agreed, it does seem like a DNS issue - nslookup shows the 3100 as the DNS server (192.168.1.1) and it times out.
The client adapter is set to obtain IP and DNS automatically. The client connection does say it has "internet access" but as we know it doesn't.
Just to see if it would work I manually changed DNS on the client to 8.8.8.8 - still no luck. This same client works fine with other connections.
-
@jare-0 So it can ping 8.8.8.8 but “nslookup google.com 8.8.8.8“ fails? That would say something is blocking access to DNS just for it. Is a firewall active on the PC? Any firewall rules on the pfSense LAN?
-
@steveits Correct I can ping 8.8.8.8... but when I said I changed DNS to 8.8.8.8 I did that in the client adapter settings - that's what failed. When I just tried "nslookup google.com 8.8.8.8" it did resolve to an IP - so it works.
To answer your other questions. I get the same results with the client firewall off. The 3100 has all the factory rules in place on the LAN that I believe come from setting up with the wizard (3 rules) and none on the WAN.
-
@jare-0 said in SG-3100 No internet on clients - PPPOE:
when I said I changed DNS to 8.8.8.8 I did that in the client adapter settings - that's what failed. When I just tried "nslookup google.com 8.8.8.8" it did resolve to an IP - so it works.
If the nslookup works to 8.8.8.8 then the PC can connect to an outside name server. Sounds like the problem is in the PC/OS?
-
@steveits Okay thanks - I appreciate the time. I do find it odd that I take the same setup, change the 3100 WAN to DHCP, restore my fiber connection to my existing network, hook the 3100 WAN to my switch and it all works as it should. And it's the same result on multiple PC's...
Luckily this is just for fun. I'll keep at it and hopefully have that "aha moment". Thanks again.
-
Okay - I've disabled DNS resolver and enabled DNS Forwarder and that partly solved the issue, or at least put me in a new direction. Keep in mind I'm now doing all tests on two different PC's.
I can now ping and nslookup domain names from the client command line. I cannot browse the internet and I cannot telnet from the command line to google.com 80/443. I read elsewhere this is a good indicator that those ports are blocked somewhere along the line.
Just throwing this out there if anyone has any suggestions.
Thanks!
-
Took this project up again this weekend. Wrong username - yep, I'm that guy. The fact that I could ping, nslookup etc. from the client cmd line threw me. Apologies all...