HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE

TheWall2

@stephenw10 so what should I set exactly in VB or pfSense, in order to make my Kicksecure work with pfSense running? I've also entered pfSense admin panel at 192.168.1.1 but don't know what to do

stephenw10

I've never used Kicksecure, I'm not entirely sure what it is. Are you running that in a VM behind pfSense in VBox?

VBox has specific settings for it?

stephenw10

Oh wait I see, you changed the vitual NIC on the Kicksecure VM from NAT to internal?

That makes more sense, you would want to do that so traffic to/from it goes through pfSense.

That should work as long as your choose the same internal network the pfSense LAN NIC is set to.

You also need to make sure the pfSense LAN is not using the same subnet as anything else in your network. 192.168.1.X is common.

TheWall2

This post is deleted!

TheWall2

@stephenw10 That's exactly what I did. Kicksecure is Debian.

That should work as long as your choose the same internal network the pfSense LAN NIC is set to. You also need to make sure the pfSense LAN is not using the same subnet as anything else in your network. 192.168.1.X is common.

I doesn't work unfortunately. What should I do exactly? Which settings should I change and where? I set the Kicksecure network adapter from NAT to internal, which is the same as pfSense LAN NIC is set to (in pfSense I set 3 network adapters, 1st NAT, 2nd and 3rd internal network).

I know it's boring for you, but I'm a newbie and if you don't provide precise instructions I won't be able to solve my issue

stephenw10

What exactly doesn't work?

Does the Kicksecure VM pull a DHCP lease from pfSense?

Can it access the pfSense webgui?

TheWall2

@stephenw10 I cannot browse from Kicksecure, tried with 2 browsers. No data. I don't get any error message in pfSense, I can access pfSense admin panel from Kicksecure

stephenw10

Ok so it must have a valid IP address in the pfSense LAN subnet.
Is that pulling a lease fro pfSense or statically configured in the Kicksecure VM?

Are you using the default 192.168.1.1 as the pfSense LAN IP address?

TheWall2

@stephenw10 I don't know, I didn't change anything in pfSense panel (which I can access from 192.168.1.1). DHCP is enabled, no static address has been set in Kicksecure. What should I do exactly?

stephenw10

In the pfSense webgui go to Status > DHCP Leases. Make sure the Kicksecure VM is shown there and note it's IP address.

Next go to Diag > Ping and try to ping 8.8.8.8.

Then try to ping google.com

If that fails go to Diag > DNS Lookup and try to resolve google.com.

Note the failure message in each case if it does.

TheWall2

@stephenw10 When launching the pfSense panel for the 1st time, I set Primary DNS Server to 8.8.8.8. and Secondary DNS Server to 8.8.4.4

In "Configure LAN Interface", LAN IP Address is 192.168.1.1 and Subnet Mask is 24.

I went to Status > DHCP Leases, in "Leases" I see an active 192.168.1.100 with its MAC Address (I don't know if it's Kicksecure, anyway Kicksecure is the ONLY operating system installed in my VB). In "Lease Utilization" there's a LAN interface, the Pool start is 192.168.1.10 and the Pool end is 192.168.1.245. The USED value is 1, Capacity is 236.

I pinged 8.8.8.8 and google.com and it worked. However, if I open a new tab in the same browser and enter www.google.com, it doesn't work.

Also, in pfSense webgui main screen I see 2 interfaces: a WAN 1000baseT full duplex (10.0.2.15) and a LAN 1000baseT full duplex (192.168.1.1)

TheWall2

I also had a look at the command window in pfSense inside VB, there's an error message: arprequest_internal: cannot find matching address

stephenw10

Ok, that seems good.

Can you ping 8.8.8.8 and/or google.com from Kicksecure?

stephenw10

Does it show the address that is failing in that arp error?

TheWall2

@stephenw10 No, if I ping them in Kicksecure (same browser used to access pfSense webgui but different tab) it doesn't work, it says it cannot contact google.com server. I've tried also using Tor in Kicksecure, it doesn't resolve any address so it's not a browser-related issue. I also pinged 8.8.8.8. in Kicksecure's terminal window, it didn't work.

In pfSense webgui main window I can see the following DNS servers: 127.0.0.1, 10.0.0.243, 192.168.1.1, 8.8.8.8, 8.8.4.4

Moreover, in the same window the USER is admin@192.168.1.100 (Local Database), so I don't know if 192.168.1.100 is Kicksecure. Anyway, this address is the only one shown in DHCP Leases.

TheWall2

@stephenw10 It doesn't show the address that is failing in that arp error, just the error message I wrote in my previous post. Also, note that in pfSense command window inside VB I didn't set any option (Assign interfaces, Set interfaces IP address, etc.)

stephenw10

@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:

No, if I ping them in Kicksecure (same browser used to access pfSense webgui but different tab) it doesn't work,

You can't run ping from a browser you need to run that from a command prompt in Kicksecure. I've never run that so I can't help you directly but since it's Linux based there will be a terminal of some sort.

@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:

In pfSense webgui main window I can see the following DNS servers: 127.0.0.1, 10.0.0.243, 192.168.1.1, 8.8.8.8, 8.8.4.4

Ok, that's an anomaly, you should not see the LAN IP address as a DNS server.

Go to Status > Gateways. You should only see the VBox dhcp gateways shown there. The IPv4 gateway will be 10.0... It will probably also show an IPv6 gateway that is 'pending'
You should not see a gateway on LAN.

TheWall2

@stephenw10 I pinged 8.8.8.8. in Kicksecure's terminal window, it didn't work. Kicksecure is Linux Debian.

In Status > Gateways I see a WAN_DHCP 10.0.2.2, its status is Offline: Packetloss 100%

There's also a WAN_DHCP6 in pending status

Which is the LAN IP address? 127.0.0.1 or 192.168.1.1? How can I remove it from the DNS servers?

stephenw10

The LAN IP address is 192.168.1.1 by default.

Check the DNS servers listed in System > General Setup.

The WAN gateway, which is the VBox internal router, may not respond to ping I that case you should either disable the monitoring or set a different monitoring IP.
In System > Routing > Gateways first check there are only WAN gateways present.
Then edit the WAN_DHCP gateway and set a new monitoring IP. For example use 8.8.8.8 or 1.1.1.1.

The gateway should then show as up.

Go to Diag > Routes and make sure there is a default route and it's via the VBox gateway.

JonathanLee

Can you ping your DNS?