pFSense Beginner - How to Configure WAN
-
@steveits Hi Steve, thanks for responding. My setup is really messed up and I can no longer access the web interface for some reason. I'm going to try Ryan's suggestion for now and install 2.6 and start over.
Chris -
@chrisan This project is getting to be a real cluster. I attempted to install 2.6 and the install seemed successful. But when I rebooted 2.5.2 launched. Thinking I reinstalled the old software by mistake I went through the install process again. It didn't really say the version being installed anywhere but the default file partition scheme was ZFS, and I believe that was first launched on 2.6. Not really sure what to do now except maybe reformat the SSD and start over.
-
@chrisan Do you have multiple hard drives running ZFS installs? If so it might boot to the older release.
-
@rcoleman-netgate One SSD and that's all. One NIC with 4 ports and my humble goal was to just configure one as WAN and one as LAN and try to get it to work for an internet connection. That's it. Real simple. So far I have failed and probably won't work on it again until next weekend.
Thx, Chris -
@chrisan I would verify that you wrote 2.6-RELEASE to the flash drive (by writing it again) and giving it another run. There's no reason a new install should show 2.5.2 unless it failed to commit the write to a drive that it was already on. That said it could explain the factory reset not working if your SSD is switched to read-only mode.
-
@rcoleman-netgate Ryan, I have already installed it at least twice but I will try again just for grins. And I tend to agree, I think their is a write issue with the SSD.
-
@chrisan Tried again, twice. No success. Going to knock off for the evening. Thx for the help so far.
-
That sure reads like a bad SSD. I would expect to see a bunch of errors at boot and during the install though.
As a test you can probably install to another USB drive and then boot from that. I would not recommend doing that for anything but a test though.
Steve
-
Merry Christmas and happy holidays everyone!
I had a few moments today to dive back into my pFSense project. Here is where I am at:- Successfully installed V2.6
- Verified NIC ports using the autodetect option so I know I'm plugged in correctly
- Configured WAN to DHCP both V4 and 6
- Configured LAN to the default IP options
- Got into the webGUI and worked through the setup wizard until I got to the Setup Completed screen
- The last setup wizard screen presented some options like "take a survey." I couldn't connect on any of them. And couldn't connect on some popular websites like Yahoo that I tried. I tried to reset the cable modem a couple times with no luck.
My setup: Netgear Nighthawk cable modem ===> pFSense computer ===> desktop computer with a known good NIC. That's it nothing else.
Any thoughts would be appreciated. Thx
A couple shots from my work today:
-
Normally, you set the WAN to DHCP and the ISP provides all the details. I haven't had a manual config since I first got an Internet connection, back in the early 90s, when I used SLIP over a dial up modem.
BTW, you may want to use a newer version of pfSense. The current version is 2.6.0. Do an update when you get connected.
-
No need to hide RFC1918 addresses. They're irrelevant off your LAN.
-
My WAN is configured to DHCP. I'm already on version 2.6.0. I didn't really configure anything manually, just went with the defaults and then got into the webgui and went through the setup wizard.
-
@chrisan Here is the sequence that finally got my computer connected to the web:
- Reset Net gearCM1100 modem by pulling power and waiting 30 seconds or so, plug back in.
- Plug WAN cable into pFSense box
- Hit option 4 to "reset to factory derfaults" and reboot pFSense
Chris
-
@jknott In this case it might actually be the PROBLEM.
If the modem is giving the same subnet as their LAN they will lose GUI access.
-
@chrisan Makes sense. I suspect you have a public IP now.
The Netgear Cable Modems (CMs) are known to give a private (RFC1918 or 192.168.100.x) address before they negotiate with the upstream service. And the lease they give to pfSense is short (like 1-5 minutes) to force a refresh and reassignment.
It's annoying but ... better than nothing.
-
@rcoleman-netgate said in pFSense Beginner - How to Configure WAN:
If the modem is giving the same subnet as their LAN they will lose GUI access.
????
The DHCP server determines the LAN address. Where are you trying to access the GUI from? You normally access it from the LAN, which means pfSense should have an address within the same subnet as the LAN and the WAN side should have a completely different subnet. Also, you might want to put the modem into bridge mode.
Lets start from the beginning.
You normally configure the WAN side of pfSense to use DHCP. DHCP provides the subnet and addresses to devices, in this case pfSense.
PfSense in turn provides the subnet and addresses to devices on your LAN.
The LAN and WAN must have different subnets.BTW, you may want to configure your modem for bridge mode.
-
@jknott said in pFSense Beginner - How to Configure WAN:
????
The DHCP server determines the LAN address. Where are you trying to access the GUI from? You normally access it from the LAN, which means pfSense should have an address within the same subnet as the LAN and the WAN side should have a completely different subnet. Also, you might want to put the modem into bridge mode.If your WAN is handing out 192.168.1.x and your LAN is set to 192.168.1.x you will have issues.
-
@rcoleman-netgate said in pFSense Beginner - How to Configure WAN:
It's annoying but ... better than nothing.
Would the reject leases option help here?
-
Yes. But if you have your LAN on the same network as the CM management IP it won't let you use the CM's static route to that.
-
@rcoleman-netgate said in pFSense Beginner - How to Configure WAN:
If your WAN is handing out 192.168.1.x and your LAN is set to 192.168.1.x you will have issues.
If you know the modem is handing out that subnet, why are you setting the LAN to the same subnet? You are creating a situation that cannot work. You have the rest of 192.168.0.0/16, plus all of 172.16.0.0/20 and 10.0.0.0/8 to choose from.