2 weeks still nothing.

johnpoz

@pfsensenewbie1 said in 2 weeks still nothing.:

Next I assume trace route is the best way to detect if the dns is being routed correctly?

Huh??? Where would you have gotten that idea from?

Traceroute has to do with the network path your taking - that has zero to do with who you ask for what is the ip of www.netgate.com

So in the big picture - you want to expand your wifi, and you thought pfsense was the best solution? Seems a 20$ old wifi router used as an AP would be a much better fit for what your trying to do.

The only thing dns has to do with a traceroute - is if in the traceroute your wanting to resolve the PTRs of the IPs along your path.. Or if you use a fqdn as to where your tracing too vs an IP.

user@NewUC:~$ traceroute www.netgate.com
traceroute to group3.sites.hscoscdn00.net (199.60.103.30), 64 hops max
  1   192.168.2.253  0.596ms  0.186ms  0.200ms 
  2   69.47.60.1  20.122ms  19.230ms  9.810ms 
  3   216.80.79.9  13.406ms  12.512ms  15.430ms 
  4   207.172.18.116  31.214ms  15.457ms  16.177ms 
  5   207.172.19.255  14.927ms  18.085ms  13.353ms 
  6   208.115.136.180  19.068ms  16.339ms  22.470ms 
  7   172.70.176.2  16.507ms  18.613ms  12.932ms 
  8   199.60.103.30  21.435ms  17.625ms  21.402ms 
user@NewUC:~$ traceroute www.netgate.com --resolve-hostnames
traceroute to group3.sites.hscoscdn00.net (199.60.103.226), 64 hops max
  1   192.168.2.253 (sg4860.wlan.local.lan)  0.730ms  0.227ms  0.236ms 
  2   69.47.60.1 (d47-69-1-60.col.wideopenwest.com)  14.747ms  9.375ms  12.144ms 
  3   216.80.79.9 (static.rcn.com)  14.484ms  11.982ms  28.447ms 
  4   207.172.18.48 (hge0-0-0-14.core2.chgo.il.rcn.net)  13.457ms  17.367ms  11.223ms 
  5   207.172.19.141 (hge0-0-0-3.border2.eqnx.il.rcn.net)  21.958ms  19.420ms  16.802ms 
  6   208.115.136.180 (13335.chi.equinix.com)  13.663ms  14.947ms  13.875ms 
  7   172.70.128.2 (172.70.128.2)  21.985ms  23.804ms  14.090ms 
  8   199.60.103.226 (199.60.103.226)  20.734ms  16.899ms  11.529ms 
user@NewUC:~$ 

See in the 2nd one it comes back with names for some of the IPs along the path..

To see what your using for dns, nslookup or dig or host - whatever your fav dns tool is.

A Former User

@johnpoz I presumed that traceroute would show the full path that packets would take and should have taken into account dns. Clearly I don’t know enough about networks, but while your help is useful and I’m appreciative of, the attitude is not. I ask you please tone down your critical responses, to just be information, Im having a hard enough time getting this to work as it is. I’m here to learn and clearly I have a lot still to learn. I’ll give those tools a look when I’m at home. Do any of them exist in pfsense interface?

johnpoz

@pfsensenewbie1 said in 2 weeks still nothing.:

packets would take and should have taken into account dns.

DNS is not in the "path".. has nothing to do with the "path" that your traffic takes from getting from A to B..

DNS is a phone book.. It has nothing to do with how traffic is routed from point A to B.

pfsense has all of them on it to use from the cmd line.. And traceroute, and a gui dns lookup and traceroute interface as well.

But if your looking to see the path that is taken from a device "behind" pfsense you would want to run the tool on that device - then pfsense would be in the path. If your wanting to see what device is using for dns - you would want to check again on the device. Maybe it defaults to googledns, or your dhcp is handing out something other than what you want it to hand out, etc.

Out of the box pfsense would hand out its own IP for dhcp clients behind it to use for their dns. It would then resolve vs forwarding. If you want all your clients to use your PI for dns - then you either need to tell them to use that directly, or have pfsense forward to it vs resolving. None of which would be in the actual path that traffic takes.

SteveITS

@pfsensenewbie1 There are such tools in the Diagnostics menu.

@johnpoz I think you’re confusing the normal use of DNS and OP is asking how the traffic routes to the internal DNS server.

Traceroute would help you see that yes. But, using the default setup it should work, just as if the wireless device tried to talk to 8.8.8.8 or some other DNS server. pfSense knows where your DNS server is (its WAN) so routes the packet there.

The downside to not bridging is the wireless devices aren’t in the same broadcast as the devices in your LAN (pfSense WAN) and while they can connect (e.g. by IP) they aren’t going to auto discover devices on another network.

I have not looked but I would almost expect there is software to make a PC into an access point…

johnpoz

@steveits said in 2 weeks still nothing.:

wireless devices aren’t in the same broadcast as the devices in your LAN (pfSense WAN)

If that is what he wants - pfsense is not what should be used here then. He should pickup an actual AP, or find some wifi router and use it as an access point.

Be like trying to use a corvette for delivering stuff - sure it can do that, but it has very little storage for the stuff your delivering. Gets horrible gas mileage, and insurance on it way more than some say delivery van ;)

Pfsense is a layer 3 firewall/router - while sure it can bridge, and sure it can even be wifi AP if you will. But if the goal adding wifi to some area, and you want those devices to be on the same L2 as your other device - it is not the correct choice.

A Former User

@johnpoz thank you. I didn’t quite follow the analogy but from the discussion it sounds like I will need bridging. My original intent was to use the box to route all traffic, hence the reason for the expense. Now I know I can’t do that I just have to make it work until I have a better option. I kinda like the vette analogy.

if this software is like a corvette and is not suitable for the task, does that mean the software is specifically designed for larger networks where many advanced features would be used regularly? I honestly want to redo my network entirely and the pi is barely suitable for the dns server, so I was going to have it all on one box then forward all traffic and actually use the firewall features as well hence the box. If I didn’t need the modem/router for the wireless range it offers and obviously the modem features I would ditch it and use pfsense box for the lot with a switch for the wired connections. Unfortunately cash is short this time of year so buying anything is out of the question, I simply need to make this work or totally forget all about it.

With that said removing the bridge had no effect so I’m now going to dig into the tools to check dns forwarding etc.

A Former User

@pfsensenewbie1 and in fact removing the bridge I now have no access to the firewall interface. I did last night now I don’t.

Both wan and lan are set to dhcp yet both are on the same subnet - how is this possible if they must be on separate subnets?

I’m going to reboot everything - when it fails I’m starting from scratch, I’m not putting much more effort into this especially as I can’t make it do what I need.

In case this is my last post I thank you for trying to help.

A Former User

Ok I’m done. Totally lost access yet still got dhcp in the same subnet with no changes other than enabling dhcp and enabling Wifi. This is not supposed to happen so I’m taking your advice and trying something else.

stephenw10

Just catching up here...
This sort of setup should be quite simple as long as you have WAN and LAN in separate subnets.

If you need the wifi clients to be in the same subnet as the WAN they must be bridged. However if you do that you can't apply layer3 forwarding rules to redircet DNS traffic. You would have to use layer2 rules, like the captive portal does, and there's no facility to do that in the pfSense GUI. Yet.

Steve

johnpoz

@A Former User said in 2 weeks still nothing.:

at least fairly proficient with networks.

Dunning-Kruger in action ;)

Gertjan

@A Former User said in 2 weeks still nothing.:

when it fails I’m starting from scratch, I’m not putting much more effort into this especially as I can’t make it do what I need

Just accept what is proposed by default.

"Default" is : A DHCP client on the WAN interface.
This way, pfSense will grab an IP, actually a lease, from an upstream, probably ISP router, just like any other device already present on your ISP router network. This is a plug and play operation.

The LAN interface has to be set to a static IP, like the default 192.168.1.1/24
And you have to think now.
if your WAN network is already using 192.168.1.1/24 (many ISP router do !) then you have to ** set your (static) LAN interface to, for example, 192.168.2.1/24 - it could be any network, but not 192.168.1.1/24
Adapt DHCP server settings for this LAN interface accordingly.

See it like this : a router can not route between two identical networks.

** like this : your see a red light ? Stop the car. Don't ask why for now.

If you think this is what you need, please reconsider, ask advise, write down what you want. We'll help.

Jarhead

@gertjan As I said earlier, he doesn't have things connected correctly.
If I had to guess, I'd say the WAN and LAN are both connected to his ISP router.

johnpoz

@jarhead he left.. Deleted his account..