Need help to figuring out why I cannot make internet connection through pfSense
-
I have a problem. Maybe somebody can help me. ???
-
I have connected my network as the picture show it.
-
My LAN connection is setted on em0 (192.168.1.1) and my Wan connection is setted DHCP, (non-static).
-
I have connected my internet connection (router/T1) on the Wan port and my Lan connection on my switch Cisco.
-
I setted my dns server into pfSense.
-
I can ping www.yahoo.com but I can't access Internet with my PCs. Windows (win 7) don't see my Internet connection.
I tried to connect one pc (with 192.168.1.*) directly on pfsense. I can enter into the webgui and test my internet connection (ping) but I can't access internet with my pc. Any tips will be appreciate.
Regards :)
Frank
-
-
Where are you pinging from? the pfSense box or one of your LAN pc's?
Is your router handing a public IP to pfSense or doing NAT? Is it on a different subnet to LAN?
Check the firewall logs when you are trying to connect.
Welcome to pfSense. ;)
Steve
-
Hi Steve,
Thank you for your answer.I ping from my pfSense box (into the webgui) to test if my pfSense box is well connected to Internet.
Regards,
Frank.
-
Ok so you can ping from the pfSense webGUI but can't ping from a LAN computer.
Sounds like you have either no gateway set or the wrong subnet mask.
What are the IP settings on one of your LAN computers?
What about any of my other questions above?
Steve
-
I will check that :) let me 1/2 hour :)
Regards
-
Hi,
I will try to answer completly at your questions :)To well understand my answers, your can check the picture :)
Is your router handing a public IP to pfSense or doing NAT? Is it on a different subnet to LAN?
My router is always connected on internet (broadband) The signal is always on. I can only precise that (because I'm not an expert in this domain) This router is connected directly on optic fiber. My pfSense box, can access at Internet by this router. So, I have no problem (I think) in this case.Example when I ping from my pfsense box
ping.pfsense.org
Ping output:
PING ping.pfsense.org.wminer.com (68.178.232.99) from ??.??.??.??: 56 data bytes
64 bytes from 68.178.232.99: icmp_seq=0 ttl=119 time=77.172 ms
64 bytes from 68.178.232.99: icmp_seq=1 ttl=119 time=78.979 ms
64 bytes from 68.178.232.99: icmp_seq=2 ttl=119 time=78.770 ms–- ping.pfsense.org.wminer.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 77.172/78.307/78.979/0.807 msCheck the firewall logs when you are trying to connect.
Ok. I will check that.Ok so you can ping from the pfSense webGUI but can't ping from a LAN computer.
yes, exacltlySounds like you have either no gateway set or the wrong subnet mask.
What are the IP settings on one of your LAN computers?
I disconnected my switch and assign its IP address on a computer 192.168.1.254 Mask:255.255.240.0 to make sure is not a subnet problem but… I'm not an expert :)Pfsense IP:191.168.1.1 Mask:255.255.240.0
Regards
-
Ok.
There are a number of reasons this could be happening.
1. There is no gateway or the incorrect gateway set on your client computers.
If you are configuring clients manually you need to set the gateway to the pfSense LAN address (192.168.1.1). If you're using DHCP you need to make sure it's working correctly. From Windows (if you're using that) open a command prompt and check the gateway:C:\Documents and Settings\Steve>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : fire.box IP Address. . . . . . . . . . . . : 192.168.1.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1
2. Your pfSense box is blocking outgoing connections.
You can check this easily enough as it will appear in the firewall logs. However by default all connections from LAN are allowed so unless you have changed with the firewall rules this is unlikely.3. Your pfSense box is not routing traffic correctly.
A number of things could cause this but top of the list is that your modem/router is giving pfSense a WAN IP in the same subnet as LAN. This stops routing working correctly. Is your WAN address a public or private IP?
If it is a private IP you need to disable blocking of private networks from the webGUI under: Interfaces: WAN:Unrelated but interesting is that when you pinged ping.pfsense.org (a url that doesn't exist!) your DNS server incorrectly returned ping.pfsense.org.wminer.com. It should return an error but whoever runs that DNS is collecting advertising revenue by sending you to another site. ::)
Steve
-
Hi Steve :)
Thank for your information.C:\Users\Frank>ipconfig
Configuration IP de Windows
Ethernet adapter pfSense :
Connection-specific DNS Suffix. . . : wminer.com
IP Address . . . . . . . . . . . . . . . . : 192.168.1.245
Subnet Mask. . . . . . . . . . . . . . : 255.255.255.0
Default Gateway. . . . . . . . . . . . : 192.168.1.1Now :) I can access internet if I put ip address (not domain name)
2. Your pfSense box is blocking outgoing connections. ==> Checked
3) Your pfSense box is not routing traffic correctly. ==> Checked
Unrelated but interesting is that when you pinged ping.pfsense.org ==> yes indeed. In the pfsense box its work but not outside :)I send my lan settings (see the picture) maybe you will see something :)
Regards
-
Now :) I can access internet if I put ip address (not domain name)
Ah, so you can access internet sites by IP from your client PCs but not by URL.
So that implies that DNS is not working at the client machine.What are you using for DNS? Your ISP's DNS servers?
The default pfSense setup is that pfSense receives it's WAN address via DHCP/PPP along with DNS servers from your ISP. Your clients use the pfSense box for DNS which forwards the requests to your ISP via the DNS forwarding service. Have you altered this at all?
Check that your clients are getting DNS server information:
C:\Documents and Settings\Steve>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : NewTuring Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Mixed IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : fire.box Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : fire.box Description . . . . . . . . . . . : Realtek RTL8139/810X Family PCI Fast Ethernet NIC Physical Address. . . . . . . . . : 00-30-1B-AB-18-C3 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 Lease Obtained. . . . . . . . . . : 07 February 2012 14:13:48 Lease Expires . . . . . . . . . . : 07 February 2012 16:13:48
Steve
-
Hi :)
Thanks for all your information :)
I have succeeded to set pfsense. I will put information here, in case if it can help somebody else :)My pfSense box is set with 192.168.1.1
Carte Ethernet pfSense :
Suffixe DNS propre à la connexion. . . : wminer.com
Description. . . . . . . . . . . . . . : D-Link DGE-530T Gigabit Ethernet Adapter (rev.B)
Adresse physique . . . . . . . . . . . : 00-26-5A-84-6F-3C
DHCP activé. . . . . . . . . . . . . . : Oui
Configuration automatique activée. . . : Oui
Adresse IPv4. . . . . . . . . . . . . .: 192.168.1.245
Masque de sous-réseau. . . . . . . . . : 255.255.255.0
Bail obtenu. . . . . . . . . . . . . . : 7 février 2012 13:59:53
Bail expirant. . . . . . . . . . . . . : 7 février 2012 15:59:53
Passerelle par défaut. . . . . . . . . : 192.168.1.1
Serveur DHCP . . . . . . . . . . . . . : 192.168.1.1
Serveurs DNS. . . . . . . . . . . . . : 24.xxx.yyy.37
24.xxx.yyy.77
NetBIOS sur Tcpip. . . . . . . . . . . : ActivéIn the pfsense webgui
Interfaces: Assign ==> Verified if you wan port is setted
Interfaces: WAN Type DHCP
Services: DHCP server [checked] Enable DHCP server on LAN interface
DNS servers
24.xxx.yyy.37
24.xxx.yyy.77Status: Interfaces ==> Make sure your status is UP
ISP DNS servers (most be the same than above
24.xxx.yyy.37
24.xxx.yyy.77Test in the pfsense box
Diagnostics: Ping to 4.2.2.2
Ping to google.comEthernet adpter set (at the end)
- Get ip automaticallyautomatically
- Get DSN address automatically
Test in the command line from your pc
Diagnostics: Ping to 4.2.2.2
Ping to google.com