PFsense cannot ping on a new connection?
-
TL;DR: I can't ping any IP address on a new connection. Please help.
Hi all,
I have an FTTP broadband service that provides a heavily locked down router, so heavily locked that even ports 80 and 443 do not respond. I can't even change the wifi password or SSID. Any configuration changes have to be emailed to them. Connecting our routers to the termination box was forbidden. However, our routers in their routers DMZ are permitted. I have a PFSense box attached to the router. The ISP put the PFsense box in a DMZ. All works OK.
Recently, the ISP has announced they now allow our routers to be connected directly to the fibre termination box. I called in and got this set up. I connected my PFSense box directly to the termination box and set the WAN to DHCP, as explained by my ISP. The PFsense box picked up the IP address and 2 DNS addresses. The PFsense box can ping their DNS servers. However, I can't ping 8.8.8.8 or any other IP address.
I called the ISP. They said it was all set up and ready to go, and it might take up to 24 hours for it to work correctly, but they didn't pay much attention to my issue. Of course, I can't expect them to support routers they don't supply. I'm concerned there's a legacy setting from when the PFsense was in their router DMZ that I still need to remove or change. I need help finding outdated settings or services that need to be altered or removed. Or are they right? Do I need to be more patient? I hope someone can help, please.
.
.
.I would appreciate any help you can provide.
-
@Eddles
What's the status of the WAN gateway?
Check in Status > Gateways.If it's offline go to System > Routing, edit its settings and check "Disable Gateway Monitoring Action".
-
-
@Eddles
So I would expect, that you can ping 8.8.8.8 or other IPs in the web, presumed the outbound NAT is in automatic or hybrid mode.You can sniff the WAN traffic with packet capture to see if the ICMP requests leave pfSense with the correct WAN IP as source.
-
@viragomann thanks for this. To clarify, I CANNOT ping 8.8.8.8 or any other IP address EXCEPT for my ISP own DNS servers.
-
It looks good. Check the Routing tables in Diag > Routes. Make sure you have a default route via the WAN Gateway.
It looks like you probably do since you can ping the ISPs DNS servers and they are outside the WAN subnet. Unless you have specific static routes for those allowing it.
-
@stephenw10 heres the routing tables. Does this look ok to you?
Outbound NAT is in Automatic mode.
-
Nope, there's no default route. Go to System > Routing > Gateways and set the default IPv4 gateway as WAN_DHCP instead of automatic. Recheck the routing table.
-
@stephenw10 That fixed it! THANK YOU so much!!!!! You are a superstar! Can I send you $5 please?
-
Ha, nope. Get yourself a coffee and relax!
-
@stephenw10 Bless you! Have a lovely day.
