Pfsense 2.4.2/APU2 - LAN can ping/nslookup ANY, but can't browse
-
Dear all,
I have recently installed pfsense 2.4.2-RELEASE (amd64) on a PC Engines APU2 device.
The setup I performed is as follows:
- Fresh install using pfSense-CE-memstick-serial-2.4.2-RELEASE-amd64.img.gz
- Connect laptop to igb1/LAN, assigned 192.168.1.100 and browse to 192.168.1.1
- Using the wizard all defaults are kept, except that I specify the DNS servers provided by my ISP, specify my timezone, set the WAN interface “SelectedType” to PPPoE and specify the PPPoE username and password, and change the default admin password
- At this point WAN interface is marked as “Down”
- Using the Web interface create VLAN interface (Interfaces > VLANs) with the parent interface set to igb0/WAN
- Using the Web interface I then update the Interface Assignment for WAN from PPPOE0 (igb0) to “VLAN 11 on igb0” and click “Save”
- At this point WAN interface is marked as “Up” but no IP address is assigned
- Using the Web interface I then update the WAN Interface (Interfaces > WAN) with the PPPoE username & password again as they seem to be missing, then “Apply Changes”
- At this point WAN interface is marked as “Up” with my public IPv4 address assigned
From my laptop I am able to perform nslookups and ping public IP addresses (e.g. ping 8.8.8.8 and ping/nslookup google.com work fine). However, I am unable to browse any websites.
I have looked at the following relevant posts, but neither have helped:
https://forum.pfsense.org/index.php?topic=118941.0
https://forum.pfsense.org/index.php?topic=119077.0And I have gone through the troubleshooting guide and all tests pass:
https://doc.pfsense.org/index.php/Connectivity_TroubleshootingI have confirmed that the default LAN to ANY firewall rules are matching packets. I have also tried adding on explicit firewall rule to permit any traffic from 192.168.1.0/24 to any (all protocols) and confirmed there were packets matching this rule.
Unfortunately I have had no success and have been at this for a few hours.
Any support or advice would be highly appreciated.
Many thanks!
-
- Connect laptop to igb1/LAN, assigned 192.168.1.100 and browse to 192.168.1.1
Confirm that DHCP is working, and that you didn't assign anything manually.
Like : hook up the laptop, and you can - at least - access the GUI right away.
Check that you received the expected and correct IP / DNS / gateway.- Using the wizard all defaults are kept, except that I specify the DNS servers provided by my ISP, specify my timezone, set the WAN interface “SelectedType” to PPPoE and specify the PPPoE username and password, and change the default admin password
- At this point WAN interface is marked as “Down”
This was the right moment to stop any changes and make the WAN works first.
Advice : I wouldn't even use ISP' DNS's - just the pppoe login and password and your up. Worked for me like that for nearly a decade.- Using the Web interface create VLAN interface (Interfaces > VLANs) with the parent interface set to igb0/WAN
- Using the Web interface I then update the Interface Assignment for WAN from PPPOE0 (igb0) to “VLAN 11 on igb0” and click “Save”
- At this point WAN interface is marked as “Up” but no IP address is assigned
- Using the Web interface I then update the WAN Interface (Interfaces > WAN) with the PPPoE username & password again as they seem to be missing, then “Apply Changes”
- At this point WAN interface is marked as “Up” with my public IPv4 address assigned
Do I understand that your WAN interface needs some VLAN flags ?
Very unusual ans strange (not to mention : non-logic) that you need to enter pppoe credentials on 2 interfaces.
Your WAN connections seems special to me. Details ISP spec / devices you used before.I have looked at the following relevant posts, but neither have helped:
https://forum.pfsense.org/index.php?topic=118941.0
https://forum.pfsense.org/index.php?topic=119077.0These 2 posts do not mention VLANs at all.
Just, as I said, "a make it work story".I have confirmed that the default LAN to ANY firewall rules are matching packets. I have also tried adding on explicit firewall rule to permit any traffic from 192.168.1.0/24 to any (all protocols) and confirmed there were packets matching this rule.
If you didn't "touch" the LAN, that part works out of the box.
-
had the same problem, mine wound up being that the isp didn't like the constant ping for gateway monitor. I shut that off and it internet worked like a charm.
-
Thank you both. For the record, turning off gateway monitoring fixed the issued.