pfSense can ping ISP gateway but not connect to internet

DominikHoffmann · Jan 28, 2023, 11:11 PM

I have switched ISPs. I cannot get out to the internet from my LAN. My new ISP is Spectrum, but I am not thinking that this has anything to do with my troubles.

I can ping the WAN gateway address:

dominik@DominikMBP ~ % ping 47.227.192.1
PING 47.227.192.1 (47.227.192.1): 56 data bytes
64 bytes from 47.227.192.1: icmp_seq=0 ttl=254 time=6.944 ms
64 bytes from 47.227.192.1: icmp_seq=1 ttl=254 time=25.989 ms
64 bytes from 47.227.192.1: icmp_seq=2 ttl=254 time=7.132 ms
64 bytes from 47.227.192.1: icmp_seq=3 ttl=254 time=7.688 ms

The pfSense gateway has an IP address:
login-to-view

I am using the ISP’s DNS servers:

209.18.47.61
209.18.47.62

The LAN firewall rules are alright, as well:
login-to-view

And, finally, when I connect my laptop directly to the cable modem through an Ethernet cable, the laptop is online without issues.

The Spectrum support agent told me she could see my modem but not the router on my side of it, which she would expect to be able to see.

What are things I might be missing?

DominikHoffmann · Jan 28, 2023, 11:15 PM

@dominikhoffmann: I have a tendency to answer my own questions. This may not quite be the answer, but may lead me there:

Troubleshooting Network Connectivity in the Netgate Docs.

I will report back with what I find, when I am back at my client’s on Monday.

stephenw10 · Jan 30, 2023, 6:19 PM

If pfSense can ping the gateway but nothing beyond (even by IP) I'd suspect a bad or missing default route. Check Diag > Routes. If there's no default route go to Sys > Routing > Gateways and resave the WAN gateway.

Steve

Jarhead · Jan 29, 2023, 1:48 AM

@dominikhoffmann
If the pc can work then the modem has that MAC in is address table.
Plug the router into the modem and power cycle the modem.

NollipfSense · Jan 29, 2023, 1:50 AM

@dominikhoffmann said in pfSense can ping ISP gateway but not connect to internet:

I am using the ISP’s DNS servers:

Just to confirm whether pfSense is configured to use ISP's DNS?

DominikHoffmann · Jan 29, 2023, 1:48 AM

@jarhead: I had done that multiple times, every time I tried something different. That was not the issue.

I had realized that changing devices on the LAN side of the modem required a restart of the modem. Why does it have to take that long to re-establish the connection with cable-based service?

DominikHoffmann · Jan 29, 2023, 1:50 AM

@nollipfsense: A reverse lookup of 209.18.47.61 results in dns-cac-lb-01.rr.com, and 209.18.47.62 brings up dns-cac-lb-02.rr.com.

SteveITS · Jan 29, 2023, 2:05 AM

@dominikhoffmann said in pfSense can ping ISP gateway but not connect to internet:

I had realized that changing devices on the LAN side of the modem required a restart of the modem. Why does it have to take that long to re-establish the connection with cable-based service?

Some tie one MAC address to the account and disallow others. Restarting is generally a fast way to clear it. Alternatively MAC spoofing often works.

I had a situation recently where the data center forgot to allow outbound routing even though they configured inbound. (On a second public subnet). It could ping the gateway but a traceroute out further returned no response from the gateway.

DominikHoffmann · Jan 29, 2023, 2:14 AM

@steveits said in pfSense can ping ISP gateway but not connect to internet:

Some tie one MAC address to the account and disallow others. Restarting is generally a fast way to clear it. Alternatively MAC spoofing often works.

I tried that, to no avail.

stephenw10 · Jan 29, 2023, 3:49 PM

If pfSense can ping it's gateway and that gateway is some upstream public IP then it's nothing to do with the modem or MAC addresses.
If it was a DNS issue then pfSense could still ping, say, 8.8.8.8.

Did you check for a correct default route as I suggested?

DominikHoffmann · Jan 29, 2023, 7:27 PM

@stephenw10: I can’t physically get to it until tomorrow. I wish, I could check on that remotely, but then I wouldn’t have this problem, because the gateway would already be online.

DominikHoffmann · Jan 30, 2023, 6:19 PM

@stephenw10: The gateway configuration was the issue.

In System → Routing → Gateways I had this
login-to-view

When I changed the setting to this
login-to-view
it started working immediately. How could I have been thinking that “Automatic” would automatically select the correct gateway.

stephenw10 · Jan 30, 2023, 6:23 PM

It normally would, it may have lost it for some reason. Did you check Diag > Routes?

Setting anything there re-creates the default route even if you had just resaved that page without making any changes.

Steve

DominikHoffmann · Jan 31, 2023, 5:09 AM

@stephenw10: I admit, I didn’t pursue it any further, after setting it explicitly it started working. This is what it shows now:

login-to-view

… and I honestly don’t at all know, what I can diagnose from that information.

stephenw10 · Jan 31, 2023, 1:40 PM

You can see it has a default route at the top of the table and I would guess that it would would not have shown that before. It might show in logs still but it probably won't tell you anything.
If it happens again check the routing table before making any gateway changes. I doubt it will though.

Steve

frankb101 · Nov 26, 2024, 4:13 PM

@DominikHoffmann Thank you!