pfsense worked with Starlink, but not with ISP Portal router
-
I purchased and configured pfsense (Netgate SG 1100) in the summer. Using a starlink ethernet connection, and an ASUS router in bridge mode, pfsense worked flawlessly.
Now I am in a new house, with a different ISP, and I set the ISP router to 'bridge', plugged the modem ethernet into WAN port on pfsense, and LAN port to ISP router WAN port. I can see the address IP values for various computers, pfsense etc, and can log into pfsense wirelessy, but there is no internet traffic.
I have no idea of how to proceed - from what I can tell, this new setup mirrors the starlink setup exactly: A dynamic IP is obtained from the ISP service modem, and delivered to pfsense WAN port. pfsense handles routing the traffic, and the router (AP) handles validating and managing traffic to individual devices on the wireless network.
Other than the fact that THERE IS NO INTERNET TRAFFIC, the setup works fine - and is exactly what it was for the starlink setup.
What magic beans do I need to get/use to get pfsense to use the internet signal being delivered to it's WAN port?
ADVthanksANCE!!
-
@grumpster So WAN does get a public IP? Can you use Diagnostics/Ping using an IP like 8.8.8.8? Does Diagnostics/DNS Lookup succeed? How about from a client device? IOW is it a DNS issue or connectivity issue?
Netgate has "Zero-to-Ping" support for their appliances, you could open a case.
-
@SteveITS Hi Steve, thanks for taking a swing!
I don't know if the WAN gets a public IP. I know that the modem from the provider has a dynamic IP out - which is going to the WAN port on the Netgate device. I am assuming this is the case - seems like how modems work, and the modem has not been reconfigured during any of this.
When I take Netgate router out of the loop, and reset the Portal (brand name) router, the internet connection is restored. When I aim that modem data at the pfsense WAN port, then connect the pfsense LAN port to the Portal WAN port, multiple devices can see each other, but no internet signal is getting to any device. So the AP seems to be doing its job - serving SSID client requests, and the pfsense router seems to be doing it's job of assigning local IP, yet the pfsense is failing to establish a valid internet gateway from the WAN port modem input.
Not sure what you mean by diagnostic ping/diagnostic lookup (I mean, I understand what the words mean, and by context what is trying to be achieved with that request, but as to HOW to do that, or where to enter the 8.8.8.8 IP ping I have no idea)
I have no way to tell at this point if it is a DNS thing or not, but I believe not. DNS is handled by the Netgate device (along with other routing functions), and they were all performing fine on the previous ISP (Starlink). I have the pfsense DNS pointed at Quad9. No configuration changes have been made since it was connected to Starlink.
Two things are weird about how the problem manifests - one is the complete lack of internet traffic, and the other is that on my Macbook, the Wifi icon is doing the throb, pulse effect that usually indicates 'trying to connect' to wifi, yet when I click on it, I have a steady check mark on the SSID (ie, successfully logged in), and I can acces web interfaces on other local devices.
-
@grumpster I mean, the Diagnostics menu in pfSense.
Status /Interfaces will show you your WAN IP.
Take a look through https://docs.netgate.com/pfsense/en/latest/troubleshooting/connectivity.html
Also try power cycling the ISP router. Some latch onto the MAC address behind it.
-
@SteveITS Ok sir, I will do that tomorrow, thanks. Will post the results back here...
Cheers!
-
I have power cycled the router at each change (ie when bringing pfsense into the mix, and when taking it back out so I can contact this forum)
Still living in the mystery. I did disable 'bogon' (?) blocking from both the LAN and WAN interfaces. No difference. (Another thread mentioned that unblocking these solved his connectivity issues).
-
The IP address of the WAN is highly suspect! 0.0.0.0 indicates that it is not recieving the dynamic IP from service provider. I tried setting the dropdown to point to the mac address of the router, but it made no difference. There is something blocking the MODEM from delivering a working IP to the netgate hardware. (or alternatively, the netgate hardware from seeing and understanding the incoming signal).
I am at a loss here.
-
Try running a packet capture on the pfSense WAN and then renewing the lease. Do you see the outgoing DHCP discover packets? Anything coming back?
-
@stephenw10 said in pfsense worked with Starlink, but not with ISP Portal router:
Try running a packet capture on the pfSense WAN and then renewing the lease. Do you see the outgoing DHCP discover packets? Anything coming back?
Hi Stephen. Again, thanks for taking the time to help me troubleshoot this.
I need a little guidance to do what you ask:
- How, (where) in pfsense do I do a 'packet capture'?
- How to renew the lease?
- How to see DHCP packets outgoing, and incoming?
-
In Diag > Packet Capture. Set it to filter for ports 67 or 68 to see the DHCP traffic.
Renew the lease in Status > Interfaces.
You will see the DHCP packets as it captures them and also can download the resulting capture to see what they contain.
Steve
