Pfsense has connection, connected machines don't
-
Of course, pfsense now seems to be failing at having an internet connection(can't fetch packages anymore) so I'm really not sure what to do with that…I'm really on the verge of just entirely giving up on this,
Please provide more details of the package fetch failure: what package? What was reported? etc There has been some discussion in the forums in the last few weeks about problems downloading packages.
Lots of people have found pfSense a very effective firewall. If you want to use it effectively you need to make some investment in learning to use it, especially when you connect equipment with "non standard" configurations.
-
Of course, pfsense now seems to be failing at having an internet connection(can't fetch packages anymore) so I'm really not sure what to do with that…I'm really on the verge of just entirely giving up on this,
Please provide more details of the package fetch failure: what package? What was reported? etc There has been some discussion in the forums in the last few weeks about problems downloading packages.
Lots of people have found pfSense a very effective firewall. If you want to use it effectively you need to make some investment in learning to use it, especially when you connect equipment with "non standard" configurations.
I've attempted to learn it, I have done everything to the letter of the pfsense book….and yet it doesn't work. There is nothing non-standard about my self, I have a few machines connected and trying to hit the internet through pfsense, that seems like a fairly basic setup. My aim was to do the bare minimum with it before trying to add extra flash on top.
I've removed the Hamachi connection, my machine can still do DNS lookups but can't ping or load webpages.
-
Please, again, provide the output of netstat -rn
-
===========================================================================
Interface List
12…00 22 68 52 60 31 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-InterfaceIPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.10 266
192.168.0.10 255.255.255.255 On-link 192.168.0.10 266
192.168.0.255 255.255.255.255 On-link 192.168.0.10 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.10 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.10 266Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 DefaultIPv6 Route Table
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:2043:34f1:3f57:fff5/128
On-link
12 266 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::2043:34f1:3f57:fff5/128
On-link
12 266 fe80::49b5:87db:9135:c98c/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 266 ff00::/8 On-linkPersistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link -
You still have a persistent route left that you need to remove. As Administrator you need to run:
route delete 0.0.0.0 mask 0.0.0.0 5.0.0.1
-
Worked, no dice
-
netstat -rn again please
-
===========================================================================
Interface List
12…00 22 68 52 60 31 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-InterfaceIPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.10 266
192.168.0.10 255.255.255.255 On-link 192.168.0.10 266
192.168.0.255 255.255.255.255 On-link 192.168.0.10 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.10 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.10 266Persistent Routes:
NoneIPv6 Route Table
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:3813:1f87:3f57:fff5/128
On-link
12 266 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::3813:1f87:3f57:fff5/128
On-link
12 266 fe80::49b5:87db:9135:c98c/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 266 ff00::/8 On-linkPersistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link -
From a computer inside the network please post the output of:
tracert -d 8.8.8.8 (Windows)
traceroute -n 8.8.8.8 (Linux)Please also post a screenshot of the LAN rules.
-
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.Trace complete.
-
The most likely thing is that you have something on the Windows clients that is interfering (a software firewall or some other package).
Can you try booting into a Linux live CD (such as Ubuntu) and see if you get the same result?
-
Just tested using my laptop(OS X) and the result was the same. Roommates laptop(Joli OS) has same result.
-
Just tested using my laptop(OS X) and the result was the same. Roommates laptop(Joli OS) has same result.
I presume you mean that on both machines a traceroute 8.8.8.8 displayed @No1451:
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.0.1
2 * * * Request timed out.
3 * * * Request timed out.
. . .I would check the traceroute (or ping 8.8.8.8 ) is really arriving on the pfSense LAN interface. (Perhaps you have another system on your LAN with IP address 192.168.0.1)
-
(Perhaps you have another system on your LAN with IP address 192.168.0.1)
That's one thing that came to mind. Another, maybe LAN and WAN are on the same subnet, which of course won't work.
Attaching the full config backup would at least show us whether your config is sane.
-
Just tested using my laptop(OS X) and the result was the same. Roommates laptop(Joli OS) has same result.
I presume you mean that on both machines a traceroute 8.8.8.8 displayed @No1451:
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.0.1
2 * * * Request timed out.
3 * * * Request timed out.
. . .I would check the traceroute (or ping 8.8.8.8 ) is really arriving on the pfSense LAN interface. (Perhaps you have another system on your LAN with IP address 192.168.0.1)
That is what I meant, yes. I have nothing else on the network with the same IP(and I have tried alternative IPs as well to rule that out as a possibility). When running a ping/traceroute there wasn't any reported activity in the log(I was watching firewall).
I'm fairly certain that WAN and LAN are on separate subnets, LAN is on /24 and WAN is entirely handled by DHCP.
My config file: http://dl.dropbox.com/u/9118076/config-pfSense.localdomain-20111010144530.xml
-
Your laptops apparently are using 192.168.0.1 as their gateway. The pfSense LAN interface IP address in the configuration file is 192.168.0.2.
What has IP address 192.168.0.1 and why are your clients routing through it?
I'm fairly certain that WAN and LAN are on separate subnets, LAN is on /24 and WAN is entirely handled by DHCP.
?
WAN having its IP address assigned by DHCP is not sufficient to guarantee it will get an IP address in a different subnet from the subnet you have assigned to LAN.I don't recall you mentioning what you have upstream of the WAN interface. Lots of small routers/modems use 192.168.0.0/24 as their LAN so one of them would assign your WAN interface an IP address on 192.168.0.0/24 which is the same subnet as your LAN. I suggest you check your WAN IP address (Status -> Interfaces) and report it here. If there is a conflict with your LAN subnet I suggest you move your LAN subnet to 192.168.251.0/24 (or something else well away from 192.168.0.0/24) and adjust the DHCP range on the LAN interface accordingly, restart pfSense, connect a client, cold start (fresh start, not 'resume from suspend' or the like) the client (to ensure you completely refresh its network configuration) and then test.
-
It being on 192.168.0.2 was due to a test(to see if there may be something that wasn't showing up on 192.168.0.1 that was conflicting).
24.52.224.193 is the gateway listed under Status–>Interfaces for WAN.
Should it normally be this hard to get pfsense set up to do something as basic as normal router functionality?
-
Should it normally be this hard to get pfsense set up to do something as basic as normal router functionality?
Are you referring to the length of time from your first post to now and that you still don't have it working? I'm sure it didn't take me anything like that long to get my first pfSense configuration working.
Some things haven't helped. Sometimes there have been long intervals between someone asking for information and you replying. There are probably good reasons for that. I'm just saying those intervals haven't helped.
I asked for the WAN IP address but instead you gave me the IP address of the WAN gateway. Please provide the IP address of the pfSense WAN interface.
I noticed your configuration file still has a gateway on the LAN. This appears unnecessary. The configuration file of my production pfSense has two gateways on the LAN but these correspond to actual gateways for "downstream" networks. The configuration file for my test pfSense has no gateways on LAN and it works fine. I don't know if removing your unnecessary gateway definition will help but in the interests of making the configuration as simple as possible please delete the LANGW gateway through the web GUI, confirm it has gone from the configuration file, reboot pfSense to ensure the running firewall has no hint of the LANGW and retest.
-
Well damn, that was a ridiculously simple fix. Thanks
-
What was the ridiculously simple fix? There were a number of configuration problems.
