No Internet Access from LAN
-
If you restored the old config you should be able to diff it in the config history with what was failing to see what changed.
I'm not really how I would go about replicating it to be honest. If you can replicate and note what is required to hit it I can try.
Steve
-
@johnpoz said in No Internet Access from LAN (Solved with last good config backup):
Reproducing what exactly - its not possible for some RA running on your network to change the config on a pfsense with an interface in the same network.. its just not..
I am not making up what had occurred or appeared to have...no time of that. What explanation you could offer as to why I got the screenshots on a box that was never configured with IPv6 in the first post and how it ended up in the config.xml file showing <ramode>assisted<ramode>?
In fact that's why I click on bogon on LAN to see whether it would change when I clicked save.
-
That's the default setting for LAN. I don't think the IPv6 settings there were anything to do with the IPv4 connectivity you were seeing.
Try to diff. the config between what was failing and what works now as I said.
Steve
-
@stephenw10 said in No Internet Access from LAN (Solved with last good config backup):
That's the default setting for LAN.
Wow, you're correct...thanks for sharing Steve! You had mentioned pfBlockerNG above...wondering now. Below is from the restored backup...
This even makes it more puzzling as to what happened. This was my experience only to discovered that T-Mobile does not support dhcpdv6 nor RA from upstream on the Fast5688w: https://forum.netgate.com/topic/183409/implemented-ipv6-still-feel-left-in-the-dark/39
-
Yeah, it feels like a config difference but it has to be something dynamic like pfBlocker.
Check the config history in Diag > Backup > Config History if it goes back that far since restoring.
Did something write a config change at that time? -
@stephenw10 said in No Internet Access from LAN (Solved with last good config backup):
Yeah, it feels like a config difference but it has to be something dynamic like pfBlocker.
Check the config history in Diag > Backup > Config History if it goes back that far since restoring.
Did something write a config change at that time?Well, I learn something new today and wished I had check it before restoring...it's just showing the restoration below. A radio station that had been added to pfBlockerNG's whitelist suddenly stop working about a week before the lockup...I just never suspected pfBlockerNG because it was whitelisted and was playing for a long time, as well as didn't have time to check, being busy re-configuring the private cloud box.
10/25/23 21:50:56 22.9 151 KiB (system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf Current configuration 10/25/23 21:50:43 22.9 151 KiB admin@192.168.1.100 (Local Database): Interfaces settings changed 10/25/23 21:45:07 22.9 151 KiB (system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf 10/25/23 21:44:46 22.9 151 KiB (system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf 10/25/23 21:44:32 22.9 151 KiB (system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf 10/25/23 20:50:09 22.9 151 KiB (system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf 10/25/23 20:49:54 22.9 151 KiB (system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf 10/25/23 20:49:51 22.9 151 KiB (system): Overwrote previous installation of suricata. 10/25/23 20:49:50 22.9 150 KiB (system): Installed cron job for /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc 10/25/23 20:49:14 22.9 150 KiB (system): Intermediate config write during package install for suricata. 10/25/23 20:49:12 22.9 150 KiB (system): Intermediate config write during package removal for suricata. 10/25/23 20:49:06 22.9 151 KiB (system): Overwrote previous installation of squid3. 10/25/23 20:49:04 22.9 148 KiB (system): Installed cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.confpfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud. -
So one of those changes broke the connection you think?
None of those look like they would. At least none of the system changes.
-
@NollipfSense said in No Internet Access from LAN (Solved with last good config backup):
Overwrote previous installation of squid3.
So your running a proxy? No that would never break anything <rolleyes>
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@stephenw10 said in No Internet Access from LAN (Solved with last good config backup):
So one of those changes broke the connection you think?
None of those look like they would. At least none of the system changes.
No, that's all after the restoration which happened last night about 8pm...that's no all, just a sample but they were all after 8pm.
-
@johnpoz said in No Internet Access from LAN (Solved with last good config backup):
@NollipfSense said in No Internet Access from LAN (Solved with last good config backup):
Overwrote previous installation of squid3.
So your running a proxy? No that would never break anything <rolleyes>
No, just Squid's antivirus.
-
@NollipfSense said in No Internet Access from LAN (Solved with last good config backup):
No, just Squid's antivirus.
And how and the hell do you think that could work if you don't proxy all your connections through it?
-
@johnpoz said in No Internet Access from LAN (Solved with last good config backup):
@NollipfSense said in No Internet Access from LAN (Solved with last good config backup):
No, just Squid's antivirus.
And how and the hell do you think that could work if you don't proxy all your connections through it?
This is a package you just set and forget since just using the antivirus feature...but it seems that it's going through a proxy...
-
@NollipfSense said in No Internet Access from LAN (Solved with last good config backup):
but it seems that it's going through a proxy...
Well duh ;) how else would it scan anything? And unless you setup ssl through the proxy it like 99.9999 going to be utterly pointless doing nothing because everything is https these days.. What would you be downloading to even be scanned over just in the clear http?
-
@johnpoz said in No Internet Access from LAN (Solved with last good config backup):
And unless you setup ssl through the proxy it like 99.9999 going to be utterly pointless
John, you make a valid point and to be honest, I have had this like like for years and glad you pointed this out to make me rethink its implementation. I do have an SSL for the the webgui but that's it. As I had said, this was a set and forgot but that turns to nonsense. Your https statement also punches me in the gut with reality...really appreciate the feedback. I shall remove...
