Lots of stuff not working, don't know where to start

stephenw10

Does that /28 overlap any of your internal /24s?

Are you policy routing traffic?

What DNS servers are you setting on the laptop? Usually it would pull DNS server via DHCP from pfSense. Are you not using DHCP?

Let's see some screenshots of your rules.

Steve

simonjcarr

@stephenw10 IP Ranges from Internal networks are completely different with no chance of overlap.

A number of screen shots below of my config. I have just reinstalled this evening, so very little changed other than the going through the setup wizard, which I think will be covered by what is in the screenshots.

stephenw10

@simonjcarr said in Lots of stuff not working, don't know where to start:

The WAN port is a private address form a /28 range

The screenshot there looks like a public IP on WAN. Was that just a typo?

Everything else looks as expected.

Is your Outbound NAT still set to automatic? Firewall > NAT > Outbound.

You see any blocked traffic in the firewall log on any internal interface?

Steve

simonjcarr

@stephenw10 Public IP is correct. I have a hitron router. When the static IP addresses are enabled the router effectively becomes a modem. x.x.x.1 is assigned to my router and the other 13 IP addresses are mine to use internally, of which x.x.x.2 I have assigned to my PFSense Firewall.

I have not changed Firewall > NAT > Outbound, so it will be the default value.

I can't see any blocked traffic. I am in process of setting some block rules as the last rule on each of the interfaces with logging turned on, so I can double-check that.

Patch

@simonjcarr said in Lots of stuff not working, don't know where to start:

Currently, I am only able to connect to pfsense if I plug my laptop directly into igb1 and pickup a 192.168.1 address. I can not connect if I try to connect over WIFI, even ping does not respond

The default LAN interface has a default anti-lockout rule. If you add other LAN or VLAN interfaces from which you want to be able to access pfsense you need to manually add rules to allow that.

simonjcarr

@patch Hi Patch, as you can see from the screen shots, I have added Allow All to All to every network interface, unless I am missing something, which I obviously am due the problems I seem to be having.

What do you think I need to change?

Patch

@simonjcarr said in Lots of stuff not working, don't know where to start:

What do you think I need to change?

So what is now the problem?

If you want to control isolation between interfaces this post may help

simonjcarr

@patch said in Lots of stuff not working, don't know where to start:

this post

My problem is that none of the interfaces on the protectli box can communicate with each other. Even though an Allow All from All rule for all protocols is on all the interfaces, none of them can ping each other.

On top of that anything connected to my wifi interface can talk to the internet but anything connected to my LAN port can not talk to the internet.

The protectli box was reinstalled tonight and scratch and the settings are as per the screen shots I have provided above.

Patch

@simonjcarr said in Lots of stuff not working, don't know where to start:

none of the interfaces on the protectli box can communicate with each other.

Are you trying to ping / communicate via IP address or logical name. The latter requires more to be set up.

Edit
In particular local network discovery does not work between interfaces by default.

bPsdTZpW

@simonjcarr Can you disable ipv6 and see whether things begin working with just ipv4?

JKnott

@bpsdtzpw

One has nothing to do with the other.

stephenw10

Not being able to connect out to the internet from LAN is a pretty basic problem somewhere.

How exactly are you testing?

bPsdTZpW

@jknott Simplification sometimes helps solve vexing problems.

simonjcarr

@patch I am going to try testing with another PC tomorrow because I am getting confused now.

I can connect to the internet and to PFSense over WIFI

When connected via Cable, I can ping a domain name like google.com, but can not connect via the browser and I see nothing in the PFSense logs.

Very confused because both connections over wifi and via cable were from the same Macbook but with very different outcomes.

Scratching my head.

Simon

JKnott

@bpsdtzpw

Quite so, but disabling IPv6 won't do anything for IPv4. You also have to understand what affects what when working on a problem.

Patch

@simonjcarr said in Lots of stuff not working, don't know where to start:

When connected via Cable, I can ping a domain name like google.com, but can not connect via the browser

If you

• only connect one interface (wifi or Ethernet cable)
• flush the buffers in your web browser cache
• restart your laptop
• restart pfsense (to ensure all configuration changes are implemented and caches cleared).
• this should simply your network and remove problems related to dynamically changing the network interface / gateways.

Does it then work.

@simonjcarr said in Lots of stuff not working, don't know where to start:

Even though an Allow All from All rule for all protocols is on all the interfaces, none of them can ping each other.

I suspect this is different to problem. I would look at local network discovery broadcast packets relay between interfaces. Either that or the mask on the device you are trying to access from another interface.

simonjcarr

@patch Problem Solved. It was a problem with my MacBook. I created a new profile on my MacBook and that one works fine. So there is issue with the network setup on my other profile.

Anyway, Thank you so much for everyones help and advice. It has only strengthened my feelings about PFSense being a good choice.