Upgraded from 1.2.3 to RC1 via the update and I could not ping out
-
DNS was working correctly from the LAN side and pfsense itself had internet connectivity however none of my clients on the LAN could not ping or browse any sites.
I ran a capture on the LAN interface and could see those ping attempts and site attempts but nothing was coming back in.
Has anyone had this issue with the RC1?
-
Linked are some images to help with troubleshooting.
Imgur album: http://imgur.com/a/d6MiV
http://i.imgur.com/fJeMt.jpg - States
http://i.imgur.com/3GfAC.jpg - Packet capture
http://i.imgur.com/sO81W.jpg - Interface overview
http://i.imgur.com/n2ij8.jpg - ifconfig -
I went back to factory defaults and setup my interfaces…Same problem.
-
Your pfSense has a default route (# netstat -r -n)?
Can your LAN clients ping the pfSense upstream box (72.191.32.1?)
On a LAN client what do you see on a traceroute to somewhere on the Internet?
-
Well this is strange. I went back to 1.2.3 and then back up to 2.0 RC1 and now everything works. Here is the output requested.
# netstat -r -n Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 72.191.32.1 UGS 0 5177 em1 72.191.32.0/20 link#2 U 0 101 em1 72.191.39.125 link#2 UHS 0 0 lo0 127.0.0.1 link#4 UH 0 108 lo0 172.16.1.0/28 link#3 U 0 375 fxp0 172.16.1.1 link#3 UHS 0 0 lo0 192.168.1.0/24 link#1 U 0 5193 em0 192.168.1.1 link#1 UHS 0 0 lo0 209.18.47.61 00:30:48:b0:e9:03 UHS 0 0 em1 209.18.47.62 00:30:48:b0:e9:03 UHS 0 0 em1 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%em0/64 link#1 U em0 fe80::230:48ff:feb0:e902%em0 link#1 UHS lo0 fe80::%em1/64 link#2 U em1 fe80::230:48ff:feb0:e903%em1 link#2 UHS lo0 fe80::%fxp0/64 link#3 U fxp0 fe80::202:b3ff:fea0:6107%fxp0 link#3 UHS lo0 fe80::%lo0/64 link#4 U lo0 fe80::1%lo0 link#4 UHS lo0 ff01:1::/32 fe80::230:48ff:feb0:e902%em0 U em0 ff01:2::/32 fe80::230:48ff:feb0:e903%em1 U em1 ff01:3::/32 fe80::202:b3ff:fea0:6107%fxp0 U fxp0 ff01:4::/32 ::1 U lo0 ff02::%em0/32 fe80::230:48ff:feb0:e902%em0 U em0 ff02::%em1/32 fe80::230:48ff:feb0:e903%em1 U em1 ff02::%fxp0/32 fe80::202:b3ff:fea0:6107%fxp0 U fxp0 ff02::%lo0/32 ::1 U lo0 #
C:\Users\tom>ping 72.191.39.125 Pinging 72.191.39.125 with 32 bytes of data: Reply from 72.191.39.125: bytes=32 time<1ms TTL=64 Reply from 72.191.39.125: bytes=32 time<1ms TTL=64 Reply from 72.191.39.125: bytes=32 time<1ms TTL=64 Reply from 72.191.39.125: bytes=32 time<1ms TTL=64 Ping statistics for 72.191.39.125: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\tom>ping 72.191.32.1 Pinging 72.191.32.1 with 32 bytes of data: Reply from 72.191.32.1: bytes=32 time=7ms TTL=254 Reply from 72.191.32.1: bytes=32 time=8ms TTL=254 Reply from 72.191.32.1: bytes=32 time=8ms TTL=254 Reply from 72.191.32.1: bytes=32 time=9ms TTL=254 Ping statistics for 72.191.32.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 7ms, Maximum = 9ms, Average = 8ms C:\Users\tom>
Every time I upgraded I have had to restart the webserver. This is the first time that the upgrade worked. I'm tempted to try it again to see if I can find out why it wasn't working.
Any ideas?
-
Sounds like your outbound NAT isn't right.