Upgraded from 2.4 to 2.7.0 and no internet
-
Yes that works.
Sorry for being such a noob. -
Is your lan 192.168.x.x and wan 10.0.0.16 in pfsense?
-
Yes.
In dashboard, the WAN and LAN have the correct IP.
Also, from pfSense, I can ping urls on the internet. -
So that means you also have working DNS, and can ping netgate.com from pfsense?
This may seem silly, but re-applying interface settings may help.
Simply changing nothing and save and apply.
Save button at bottom of page.
Nothing has to be changed.
lan and wan -
I set IPv6 to none on all interfaces (after disabling DHCPv6 &RA), saved/applied
No change -
Is pfsense cpu at idl?
Do have any packages installed, squid or other proxy(s)?
Is pfsense handling dhcp?
Can gateway be ping 100% of time?
If pfsense ip is 192.168.1.1 can it be pinged?ping -t 192.168.1.1 -
CPU is at 1%
Packages:
bandwidthid, iperf, suricata
pfsense is handling DHCP
No ping reply on gateway!! -
Please update us when you fix it.
Is dhcp able to bind to the lan interface and reply to request?
The dhcp logs can be found herehttp://192.168.1.1/status_logs.php?logfile=dhcpdIs your computer on a static ip?
Does pfsense cpu ever hit 0% or is it idling at 1%?
What is your "Default Gateway" at the computer using command promptipconfig /all | findstr /IR "Default ethernet adapter" | findstr /IRV "description tunnel vpn dial bluetooth [2-9]:$" | findstr /LV "*"All clients or just one not connecting to internet?
Do you have ssh access?
Is suricata on the lan wan or both?
If suricata on lan try switching to only wan.
I assume for troubleshooting suricata is off? -
From the computer connected to pfsense:
Configured to get IP/DNS automaticallyper ipconfig:
IP = 192.168.1.10 (as dictated by pfsense DHCP static mapping) so that is working
Gateway = 192.168.1.1
However can't ping 192.168.1.1 so I can't get to the log file but I can access it from pfsenseHaven't seen CPU go to 0%
so this is interesting. Dashboard shows WAN at 10.0.0.16 but Status/Gateways shows WAN_DHCP (default) as 10.0.0.1 and status is online.
At the moment there is only one client but prior to this troubleshooting, there were many.
I can physically access the computer.
suricata in only on the WAN and running. I have stopped it. no change -
DHCP logs can be found here
http://192.168.1.1/status_logs.php?logfile=dhcpd
In firewall rules is a rule sush as ?Default allow LAN to any ruleCan pfsense ping 192.168.1.10 ?
-
To me, you're wasting valuable time. Since you lagged in upgrading and have such a wide gap, the proper solution is to do a clean install of pfSense and restore config from a backup.
-
I can see the dhcp log through pfsense.
The only firewall rule for the LAN is the anti-lockout rule.
I added an Action-Pass, interface-LAN, protocol-Any rule and that worked.
So do I dare try and restore a backup?
I would think this rule should have been there by default and if so, why did it get removed on the update? -
@fathead
Thanks for the help!!!!!! -
@sjgallo said in Upgraded from 2.4 to 2.7.0 and no internet:
I can see the dhcp log through pfsense.
The only firewall rule for the LAN is the anti-lockout rule.
I added an Action-Pass, interface-LAN, protocol-Any rule and that worked.
So do I dare try and restore a backup?
I would think this rule should have been there by default and if so, why did it get removed on the update?If you only had one firewall rule, your system is messed up...again, do a clean install and reconfigured as your back appears to be messed up too.
-
Yes the any lockout rule only allows access to the firewall itself.
By default there is an 'Allow LAN to any' rule which allow LAN side clients to access external resources but if you removed that they will be blocked.
-
@NollipfSense I will do the clean install. THANKS!
