Upgraded from 2.4 to 2.7.0 and no internet

sjgallo

I set IPv6 to none on all interfaces (after disabling DHCPv6 &RA), saved/applied
No change

fathead

Is pfsense cpu at idl?
Do have any packages installed, squid or other proxy(s)?
Is pfsense handling dhcp?
Can gateway be ping 100% of time?
If pfsense ip is 192.168.1.1 can it be pinged?

ping -t 192.168.1.1

sjgallo

CPU is at 1%
Packages:
bandwidthid, iperf, suricata
pfsense is handling DHCP
No ping reply on gateway!!

fathead

Please update us when you fix it.
Is dhcp able to bind to the lan interface and reply to request?
The dhcp logs can be found here

http://192.168.1.1/status_logs.php?logfile=dhcpd

Is your computer on a static ip?
Does pfsense cpu ever hit 0% or is it idling at 1%?
What is your "Default Gateway" at the computer using command prompt

ipconfig /all | findstr /IR "Default ethernet adapter" | findstr /IRV "description tunnel vpn dial bluetooth [2-9]:$" | findstr /LV "*"

All clients or just one not connecting to internet?
Do you have ssh access?
Is suricata on the lan wan or both?
If suricata on lan try switching to only wan.
I assume for troubleshooting suricata is off?

sjgallo

From the computer connected to pfsense:
Configured to get IP/DNS automatically

per ipconfig:
IP = 192.168.1.10 (as dictated by pfsense DHCP static mapping) so that is working
Gateway = 192.168.1.1
However can't ping 192.168.1.1 so I can't get to the log file but I can access it from pfsense

Haven't seen CPU go to 0%

so this is interesting. Dashboard shows WAN at 10.0.0.16 but Status/Gateways shows WAN_DHCP (default) as 10.0.0.1 and status is online.

At the moment there is only one client but prior to this troubleshooting, there were many.
I can physically access the computer.
suricata in only on the WAN and running. I have stopped it. no change

fathead

DHCP logs can be found here
http://192.168.1.1/status_logs.php?logfile=dhcpd
In firewall rules is a rule sush as ?

Default allow LAN to any rule

Can pfsense ping 192.168.1.10 ?

NollipfSense

To me, you're wasting valuable time. Since you lagged in upgrading and have such a wide gap, the proper solution is to do a clean install of pfSense and restore config from a backup.

sjgallo

I can see the dhcp log through pfsense.
The only firewall rule for the LAN is the anti-lockout rule.
I added an Action-Pass, interface-LAN, protocol-Any rule and that worked.
So do I dare try and restore a backup?
I would think this rule should have been there by default and if so, why did it get removed on the update?

sjgallo

@fathead
Thanks for the help!!!!!!

NollipfSense

@sjgallo said in Upgraded from 2.4 to 2.7.0 and no internet:

I can see the dhcp log through pfsense.
The only firewall rule for the LAN is the anti-lockout rule.
I added an Action-Pass, interface-LAN, protocol-Any rule and that worked.
So do I dare try and restore a backup?
I would think this rule should have been there by default and if so, why did it get removed on the update?

If you only had one firewall rule, your system is messed up...again, do a clean install and reconfigured as your back appears to be messed up too.

stephenw10

Yes the any lockout rule only allows access to the firewall itself.

By default there is an 'Allow LAN to any' rule which allow LAN side clients to access external resources but if you removed that they will be blocked.

sjgallo

@NollipfSense I will do the clean install. THANKS!