No route to host
-
Hi,
This is my first post and first installation of pfSense although I have used other firewalls.
The issue I have is the following:
My Wan IP is 192.168.16.2 - Set via DHCP (Connecting to an VDSL router)
Lan is 10.1.1.1I have two PC's connected to the VDSL router while I'm working on setting up psSense and 2 behind the pfSense firewall.
Selecting Option 7 (Ping Host) I am able to ping either of the IP addresses at 10.1.1.10, 10.1.1.11 or the 192.168.16.100, 192.168.16.103
I have no internet on the Lan side of pfSense.
If I try to ping any external IP address suck as 8.8.8.8 or google.com I get the message "No route to host"
I haven't touched any of the default rules or added any new ones as yet.
Can anyone offer any guidance?
Best regards,
Robert.
-
Can anyone offer any guidance?
I use pfSense, LAN 192.168.1.0/24 (default setting - pfSense has 192.168.1.1) and a VDSL router as my WAN (vdsl) device.
My VDSL router had the same LAN settings, so I switched it to 192.168.10.0/24 on its LAN side FIRST - the Router LAN IP is 192.168.10.1My WAN interface is set to "DHCP" - my wan IPv4 is 192.168.10.11 right know.
So, what I have (and why didn't you show it ??) :
[2.3.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: netstat -r Routing tables Internet: Destination Gateway Flags Netif Expire default 192.168.10.1 UGS rl0 localhost link#7 UH lo0 192.168.1.0 link#3 U fxp0 pfsense link#3 UHS lo0 ..... 192.168.10.0 link#1 U rl0 192.168.10.11 link#1 UHS lo0 193.253.160.3 192.168.10.1 UGHS rl0 ....... (we forget the IPv6 lines here)
The first line tells us that my gateway (called here "default") is 192.168.10.1, or : my VDSL router.
And that's it. It works.
My own words are : " everything that is addressed and isn't local will be send trough the 'rl0' interface (the hardware name of my WAN) to IP 192.168.10.1 and "he" will take care from there ".When you hook up pfSense to a router (and put the WAN interface in DHCP mode) then pfSense will pick up an IP, a gateway (DNS, etc) just like any other device (PC, whatever). This router should have a DHCP server on it's LAN, of course.
If that doesn't work, something has been set to something non-standard (that's ok) and often this boils down to "doesn't work" (less ok, you have an issue then). -
Hi,
Many thanks for your reply and sorry for the delay in replying.
I re-installed pfSense from scratch, only changing IP addresses, so now have the following:
VDSL router set to LAN IP 192.168.16.1
IP address given to pfSense WAN port 192.168.16.35
IP addresses given on LAN interface 192.168.10.0/24From the pfSense console I can now ping some external ip address but not all, for example I can ping google.com but not Microsoft.com.
Netstat gives the following:
[2.3.4-RELEASE][root@pfSense.sloan.local]/root: netstat -r
Routing tablesInternet:
Destination Gateway Flags Netif Expire
default 192.168.16.1 UGS re0
localhost link#5 UH lo0
192.168.10.0 link#7 U ue0
pfSense link#7 UHS lo0
192.168.16.0 link#1 U re0
192.168.16.1 f4:4d:30:6e:55:0e UHS re0
192.168.16.35 link#1 UHS lo0I have no internet access on the LAN side but I don't believe this is related to DNS being resolved on my VDSL router as any machines connected directly to that router can access the internet OK.
Any further pointers you can offer would be greatly appreciated.
Regards,
Robert.
-
… but not all, for example I can ping google.com but not Microsoft.com.
Remember that not all hosts on the Internet actually reply to a ping request.
That's an administrators choice.
Consider the ping issue resolved.Netstat gives the following:
[2.3.4-RELEASE][root@pfSense.sloan.local]/root: netstat -r
Routing tables
….Your routeing table seems fine to me.
I have no internet access on the LAN side but I don't believe this is related to DNS being resolved on my VDSL router as any machines connected directly to that router can access the internet
On a freshly installed pfSense you don't need to touch any DNS settings - the resolver will work.
Because your WAN uses a 'local' adress ( 192.168.16.35 ) the " Block private networks and loopback addresses " should NOT be checked.Furthermore, check that DHCP on LAN is working and that your PC obtained an IP from pfSEnse (and with the IP, the DNS and Gateway, both should be the IP-Lan-PfSense ( 192.168.10.1 ?! ). Check with
ipconfig /all
-
Hi,
I've tried setting up on a VM (Virtualbox) instead as a process of elimination and that worked OK. I'm now thinking the issue might be one of my Ethernet adapters which is USB (Forgot to mention that fact) I'll now order an Intel mini-PCI card and try again.
Regards,Robert.
-
(Forgot to mention that fact)
Oh.
That changes all. These kind of "devices" need a big knowledge about device recognition and other technical knowledge.
I would have advised you right away : "remove it right away and you'll be fine" ;)