HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE
-
@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:
after changing the network adapter from NAT to intern in the VB Kicksecure settings, I cannot browse any websites.
Why did you do that? That's not a step in the guide.
The pfSense VM WAN NIC has to be either bridged or NAT'd from the host to access anything external. If you set it to an internal network pfSense has no external route.
-
@stephenw10 I did that because I read it in another guide. Could you provide a link with detailed instructions on what to do? I'm not an expert and "bridged or NAT'd from the host" means nothing to me
-
In the NAT setting there VirtualBox provides NAT, routing and DHCP as though it is a virtual router between that virtual NIC and the host physical NIC. That works in almost any situation.
In the bridged setting it connects it dircetly to the host NIC as though it were a switch. That means that the Virtual NIC exists in the same subnet as the host. It will pull a DHCP lease from an external server etc.
When you set it to one of the internal networks it's completely isolated from the host NIC so cannot connect to anything external.
-
@stephenw10 so what should I set exactly in VB or pfSense, in order to make my Kicksecure work with pfSense running? I've also entered pfSense admin panel at 192.168.1.1 but don't know what to do
-
I've never used Kicksecure, I'm not entirely sure what it is. Are you running that in a VM behind pfSense in VBox?
VBox has specific settings for it?
-
Oh wait I see, you changed the vitual NIC on the Kicksecure VM from NAT to internal?
That makes more sense, you would want to do that so traffic to/from it goes through pfSense.
That should work as long as your choose the same internal network the pfSense LAN NIC is set to.
You also need to make sure the pfSense LAN is not using the same subnet as anything else in your network. 192.168.1.X is common.
-
This post is deleted! -
@stephenw10 That's exactly what I did. Kicksecure is Debian.
That should work as long as your choose the same internal network the pfSense LAN NIC is set to. You also need to make sure the pfSense LAN is not using the same subnet as anything else in your network. 192.168.1.X is common.
I doesn't work unfortunately. What should I do exactly? Which settings should I change and where? I set the Kicksecure network adapter from NAT to internal, which is the same as pfSense LAN NIC is set to (in pfSense I set 3 network adapters, 1st NAT, 2nd and 3rd internal network).
I know it's boring for you, but I'm a newbie and if you don't provide precise instructions I won't be able to solve my issue
-
What exactly doesn't work?
Does the Kicksecure VM pull a DHCP lease from pfSense?
Can it access the pfSense webgui?
-
@stephenw10 I cannot browse from Kicksecure, tried with 2 browsers. No data. I don't get any error message in pfSense, I can access pfSense admin panel from Kicksecure
-
Ok so it must have a valid IP address in the pfSense LAN subnet.
Is that pulling a lease fro pfSense or statically configured in the Kicksecure VM?Are you using the default 192.168.1.1 as the pfSense LAN IP address?
-
@stephenw10 I don't know, I didn't change anything in pfSense panel (which I can access from 192.168.1.1). DHCP is enabled, no static address has been set in Kicksecure. What should I do exactly?
-
In the pfSense webgui go to Status > DHCP Leases. Make sure the Kicksecure VM is shown there and note it's IP address.
Next go to Diag > Ping and try to ping 8.8.8.8.
Then try to ping google.com
If that fails go to Diag > DNS Lookup and try to resolve google.com.
Note the failure message in each case if it does.
-
@stephenw10 When launching the pfSense panel for the 1st time, I set Primary DNS Server to 8.8.8.8. and Secondary DNS Server to 8.8.4.4
In "Configure LAN Interface", LAN IP Address is 192.168.1.1 and Subnet Mask is 24.
I went to Status > DHCP Leases, in "Leases" I see an active 192.168.1.100 with its MAC Address (I don't know if it's Kicksecure, anyway Kicksecure is the ONLY operating system installed in my VB). In "Lease Utilization" there's a LAN interface, the Pool start is 192.168.1.10 and the Pool end is 192.168.1.245. The USED value is 1, Capacity is 236.
I pinged 8.8.8.8 and google.com and it worked. However, if I open a new tab in the same browser and enter www.google.com, it doesn't work.
Also, in pfSense webgui main screen I see 2 interfaces: a WAN 1000baseT full duplex (10.0.2.15) and a LAN 1000baseT full duplex (192.168.1.1)
-
I also had a look at the command window in pfSense inside VB, there's an error message: arprequest_internal: cannot find matching address
-
Ok, that seems good.
Can you ping 8.8.8.8 and/or google.com from Kicksecure?
-
Does it show the address that is failing in that arp error?
-
@stephenw10 No, if I ping them in Kicksecure (same browser used to access pfSense webgui but different tab) it doesn't work, it says it cannot contact google.com server. I've tried also using Tor in Kicksecure, it doesn't resolve any address so it's not a browser-related issue. I also pinged 8.8.8.8. in Kicksecure's terminal window, it didn't work.
In pfSense webgui main window I can see the following DNS servers: 127.0.0.1, 10.0.0.243, 192.168.1.1, 8.8.8.8, 8.8.4.4
Moreover, in the same window the USER is admin@192.168.1.100 (Local Database), so I don't know if 192.168.1.100 is Kicksecure. Anyway, this address is the only one shown in DHCP Leases.
-
@stephenw10 It doesn't show the address that is failing in that arp error, just the error message I wrote in my previous post. Also, note that in pfSense command window inside VB I didn't set any option (Assign interfaces, Set interfaces IP address, etc.)
-
@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:
No, if I ping them in Kicksecure (same browser used to access pfSense webgui but different tab) it doesn't work,
You can't run ping from a browser you need to run that from a command prompt in Kicksecure. I've never run that so I can't help you directly but since it's Linux based there will be a terminal of some sort.
@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:
In pfSense webgui main window I can see the following DNS servers: 127.0.0.1, 10.0.0.243, 192.168.1.1, 8.8.8.8, 8.8.4.4
Ok, that's an anomaly, you should not see the LAN IP address as a DNS server.
Go to Status > Gateways. You should only see the VBox dhcp gateways shown there. The IPv4 gateway will be 10.0... It will probably also show an IPv6 gateway that is 'pending'
You should not see a gateway on LAN.
