No Internet Access from LAN

NollipfSense

@stephenw10 said in No Internet Access from LAN (Solved with last good config backup):

That's the default setting for LAN.

Wow, you're correct...thanks for sharing Steve! You had mentioned pfBlockerNG above...wondering now. Below is from the restored backup...

Screenshot 2023-10-26 at 5.01.16 PM.png

This even makes it more puzzling as to what happened. This was my experience only to discovered that T-Mobile does not support dhcpdv6 nor RA from upstream on the Fast5688w: https://forum.netgate.com/topic/183409/implemented-ipv6-still-feel-left-in-the-dark/39

stephenw10

Yeah, it feels like a config difference but it has to be something dynamic like pfBlocker.

Check the config history in Diag > Backup > Config History if it goes back that far since restoring.
Did something write a config change at that time?

NollipfSense

@stephenw10 said in No Internet Access from LAN (Solved with last good config backup):

Yeah, it feels like a config difference but it has to be something dynamic like pfBlocker.

Check the config history in Diag > Backup > Config History if it goes back that far since restoring.
Did something write a config change at that time?

Well, I learn something new today and wished I had check it before restoring...it's just showing the restoration below. A radio station that had been added to pfBlockerNG's whitelist suddenly stop working about a week before the lockup...I just never suspected pfBlockerNG because it was whitelisted and was playing for a long time, as well as didn't have time to check, being busy re-configuring the private cloud box.

	10/25/23 21:50:56	22.9	151 KiB	(system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf	Current configuration
	10/25/23 21:50:43	22.9	151 KiB	admin@192.168.1.100 (Local Database): Interfaces settings changed	  
	10/25/23 21:45:07	22.9	151 KiB	(system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf	  
	10/25/23 21:44:46	22.9	151 KiB	(system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf	  
	10/25/23 21:44:32	22.9	151 KiB	(system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf	  
	10/25/23 20:50:09	22.9	151 KiB	(system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf	  
	10/25/23 20:49:54	22.9	151 KiB	(system): Updated cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf	  
	10/25/23 20:49:51	22.9	151 KiB	(system): Overwrote previous installation of suricata.	  
	10/25/23 20:49:50	22.9	150 KiB	(system): Installed cron job for /usr/bin/nice -n20 /usr/local/bin/php-cgi -f /usr/local/pkg/suricata/suricata_check_cron_misc.inc	  
	10/25/23 20:49:14	22.9	150 KiB	(system): Intermediate config write during package install for suricata.	  
	10/25/23 20:49:12	22.9	150 KiB	(system): Intermediate config write during package removal for suricata.	  
	10/25/23 20:49:06	22.9	151 KiB	(system): Overwrote previous installation of squid3.	  
	10/25/23 20:49:04	22.9	148 KiB	(system): Installed cron job for /usr/local/bin/freshclam --config-file=/usr/local/etc/freshclam.conf

stephenw10

So one of those changes broke the connection you think?

None of those look like they would. At least none of the system changes.

johnpoz

@NollipfSense said in No Internet Access from LAN (Solved with last good config backup):

Overwrote previous installation of squid3.

So your running a proxy? No that would never break anything <rolleyes>

NollipfSense

@stephenw10 said in No Internet Access from LAN (Solved with last good config backup):

So one of those changes broke the connection you think?

None of those look like they would. At least none of the system changes.

No, that's all after the restoration which happened last night about 8pm...that's no all, just a sample but they were all after 8pm.

NollipfSense

@johnpoz said in No Internet Access from LAN (Solved with last good config backup):

@NollipfSense said in No Internet Access from LAN (Solved with last good config backup):

Overwrote previous installation of squid3.

So your running a proxy? No that would never break anything <rolleyes>

No, just Squid's antivirus.

johnpoz

@NollipfSense said in No Internet Access from LAN (Solved with last good config backup):

No, just Squid's antivirus.

And how and the hell do you think that could work if you don't proxy all your connections through it?

NollipfSense

@johnpoz said in No Internet Access from LAN (Solved with last good config backup):

@NollipfSense said in No Internet Access from LAN (Solved with last good config backup):

No, just Squid's antivirus.

And how and the hell do you think that could work if you don't proxy all your connections through it?

This is a package you just set and forget since just using the antivirus feature...but it seems that it's going through a proxy...

Screenshot 2023-10-26 at 9.12.14 PM.png
Screenshot 2023-10-26 at 9.13.41 PM.png

johnpoz

@NollipfSense said in No Internet Access from LAN (Solved with last good config backup):

but it seems that it's going through a proxy...

Well duh ;) how else would it scan anything? And unless you setup ssl through the proxy it like 99.9999 going to be utterly pointless doing nothing because everything is https these days.. What would you be downloading to even be scanned over just in the clear http?

NollipfSense

@johnpoz said in No Internet Access from LAN (Solved with last good config backup):

And unless you setup ssl through the proxy it like 99.9999 going to be utterly pointless

John, you make a valid point and to be honest, I have had this like like for years and glad you pointed this out to make me rethink its implementation. I do have an SSL for the the webgui but that's it. As I had said, this was a set and forgot but that turns to nonsense. Your https statement also punches me in the gut with reality...really appreciate the feedback. I shall remove...