HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE
-
@stephenw10 I cannot browse from Kicksecure, tried with 2 browsers. No data. I don't get any error message in pfSense, I can access pfSense admin panel from Kicksecure
-
Ok so it must have a valid IP address in the pfSense LAN subnet.
Is that pulling a lease fro pfSense or statically configured in the Kicksecure VM?Are you using the default 192.168.1.1 as the pfSense LAN IP address?
-
@stephenw10 I don't know, I didn't change anything in pfSense panel (which I can access from 192.168.1.1). DHCP is enabled, no static address has been set in Kicksecure. What should I do exactly?
-
In the pfSense webgui go to Status > DHCP Leases. Make sure the Kicksecure VM is shown there and note it's IP address.
Next go to Diag > Ping and try to ping 8.8.8.8.
Then try to ping google.com
If that fails go to Diag > DNS Lookup and try to resolve google.com.
Note the failure message in each case if it does.
-
@stephenw10 When launching the pfSense panel for the 1st time, I set Primary DNS Server to 8.8.8.8. and Secondary DNS Server to 8.8.4.4
In "Configure LAN Interface", LAN IP Address is 192.168.1.1 and Subnet Mask is 24.
I went to Status > DHCP Leases, in "Leases" I see an active 192.168.1.100 with its MAC Address (I don't know if it's Kicksecure, anyway Kicksecure is the ONLY operating system installed in my VB). In "Lease Utilization" there's a LAN interface, the Pool start is 192.168.1.10 and the Pool end is 192.168.1.245. The USED value is 1, Capacity is 236.
I pinged 8.8.8.8 and google.com and it worked. However, if I open a new tab in the same browser and enter www.google.com, it doesn't work.
Also, in pfSense webgui main screen I see 2 interfaces: a WAN 1000baseT full duplex (10.0.2.15) and a LAN 1000baseT full duplex (192.168.1.1)
-
I also had a look at the command window in pfSense inside VB, there's an error message: arprequest_internal: cannot find matching address
-
Ok, that seems good.
Can you ping 8.8.8.8 and/or google.com from Kicksecure?
-
Does it show the address that is failing in that arp error?
-
@stephenw10 No, if I ping them in Kicksecure (same browser used to access pfSense webgui but different tab) it doesn't work, it says it cannot contact google.com server. I've tried also using Tor in Kicksecure, it doesn't resolve any address so it's not a browser-related issue. I also pinged 8.8.8.8. in Kicksecure's terminal window, it didn't work.
In pfSense webgui main window I can see the following DNS servers: 127.0.0.1, 10.0.0.243, 192.168.1.1, 8.8.8.8, 8.8.4.4
Moreover, in the same window the USER is admin@192.168.1.100 (Local Database), so I don't know if 192.168.1.100 is Kicksecure. Anyway, this address is the only one shown in DHCP Leases.
-
@stephenw10 It doesn't show the address that is failing in that arp error, just the error message I wrote in my previous post. Also, note that in pfSense command window inside VB I didn't set any option (Assign interfaces, Set interfaces IP address, etc.)
-
@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:
No, if I ping them in Kicksecure (same browser used to access pfSense webgui but different tab) it doesn't work,
You can't run ping from a browser you need to run that from a command prompt in Kicksecure. I've never run that so I can't help you directly but since it's Linux based there will be a terminal of some sort.
@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:
In pfSense webgui main window I can see the following DNS servers: 127.0.0.1, 10.0.0.243, 192.168.1.1, 8.8.8.8, 8.8.4.4
Ok, that's an anomaly, you should not see the LAN IP address as a DNS server.
Go to Status > Gateways. You should only see the VBox dhcp gateways shown there. The IPv4 gateway will be 10.0... It will probably also show an IPv6 gateway that is 'pending'
You should not see a gateway on LAN. -
@stephenw10 I pinged 8.8.8.8. in Kicksecure's terminal window, it didn't work. Kicksecure is Linux Debian.
In Status > Gateways I see a WAN_DHCP 10.0.2.2, its status is Offline: Packetloss 100%
There's also a WAN_DHCP6 in pending status
Which is the LAN IP address? 127.0.0.1 or 192.168.1.1? How can I remove it from the DNS servers?
-
The LAN IP address is 192.168.1.1 by default.
Check the DNS servers listed in System > General Setup.
The WAN gateway, which is the VBox internal router, may not respond to ping I that case you should either disable the monitoring or set a different monitoring IP.
In System > Routing > Gateways first check there are only WAN gateways present.
Then edit the WAN_DHCP gateway and set a new monitoring IP. For example use 8.8.8.8 or 1.1.1.1.The gateway should then show as up.
Go to Diag > Routes and make sure there is a default route and it's via the VBox gateway.
-
Can you ping your DNS?
-
@stephenw10 In System > General Setup the DNS Servers are 8.8.8.8 and 8.8.4.4 (I set them during the initial setup).
In System > Routing > Gateways there's a WAN_DHCP and a WAN_DHCP6.
I edited the WAN_DHCP gateway and set a new monitoring IP 8.8.8.8.
The gateway is now up.
In Diag > Routes there's a default gateway 10.0.2.2, Flag UGS, Uses 8, MTU 1500 and Interface em0. There are 7 more IPv4 Routes.
Also, in Diag > Routes do I need to enable "Resolve names" under Routing Table Display options?
FINAL RESULT: I still cannot reach any website in my Kicksecure browsers, except for Tor which works fine. I rebooted pfSense but I still cannot browse through Firefox in Kicksecure. I tried with Brave as well, same result. Should I change anything in the browser's network settings maybe? Tor is working and can reach any websites, I don't know why.
I went to Diag > Ping and pinged both 8.8.8.8 and google.com, it worked.
-
When you tested in Diag > DNS Lookup do you see all configured DNS servers responding?
If Torbrowser is working from the Kicksecure VM then it must have a route out. Pings to an external IP should also work?
-
@stephenw10 I entered 8.8.8.8 and google.com in Diag > DNS Lookup and this is the result:
- 127.0.0.1, 10.0.0.243 and 192.168.1.1 DNS servers responded
- 8.8.8.8 and 8.8.4.4 DNS servers didn't respond
I didn't change any settings in Tor nor in the other browsers, nevertheless Tor seems to have a route out. Any idea?
-
Tor doesn't rely on the system DNS servers.
But it still needs a valid route. Did you try to ping out from Kicksecure to an external IP as I asked? That should also work. Try 1.1.1.1 since you have added static roues for google's DNS servers.
Did Diag > DNS Lookup show valid responses for the query for the servers that did respond.
-
@stephenw10 I went to Diag > Ping and pinged 1.1.1.1, it worked. I'm not sure if this is what you asked me to do.
In Diag > DNS Lookup I made a DNS lookup for 1.1.1.1, it showed valid responses for the query for the 3 servers that did respond (query time 2 msec, 32 msec and 2 msec). 8.8.8.8 and 8.8.4.4 did not respond.
-
@stephenw10 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:
Did you try to ping out from Kicksecure to an external IP as I asked?
Test pings from he Kicksecure VM not from pfSense, we know it works from pfSense.
@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:
In Diag > DNS Lookup I made a DNS lookup for 1.1.1.1,
You need to query an FQDN like google.com not an IP address.
