No Internet access to LAN2
-
Hmm, interesting.
Did you assign each adapter in turn as LAN2 or both as 2 and 3?
Reassigning adapters and ip type can sometimes result in a stale state table, with rules still in place from a previos config waiting to timeout. This can cause misleading results. You can clear the state table or reboot after a major config change to ensure everything has filtered down.Steve
-
EM0 was named SERVER and EM1 was named WIRELESS
After all the changes i restarted the firewall -
Time to get fundamental. ;)
Are you sure these NICs are working? Cables OK?
Is your box receiving DHCP inormation? Is it the correct information?Something that can catch people out (including me) is that when you create a new interface and specify it's type as static it defaults to a /32 netmask which results in no route. That is usually shown up when you try to add a dhcp server but not if you're using all static IPs.
Steve
-
All the subnet masks are /24 ( 255.255.255.0)
Cables are new out of the bag and tested them with my cable tester- Pass on all - CAT6
Box is working properly and sending and receiving DHCP info.
Tested add on card by moving my WAN port to both EM0 and EM1 with success -
And nothing in the logs? ???
Steve
-
OK…
moved the card from my PF box into my server and its working..
Tied into my LAN1 Switch and the server is online.Pulled my NC7170 network card out and put it back into my PFBox.
So... The network card and wiring is ruled out.Running 2.1-BETA0 (i386)
built on Tue Jun 12 05:15:27 EDT 2012
FreeBSD 8.3-RELEASE-p2
which is the current build -
Hmm, OK some possible scenarios:
1. You have the firewall rule wrong somehow. It could be either wrong in that it's not matching the required traffic but in that case I would expect to see hits in the firewall log from the default block all rule. It could be wrong in that it's matching traffic but routing it when it shouldn't. You would see nothing in the logs in this case but enabling logging on the rule should show you what's going on.2. The firewall rule is working correctly but there is a routing problem. Again enabling logging on the rule should show correct or incorrect working. The most likely causes of this are: no route - usually an incorrect subnet or NAT set to manual and not added to LAN2.
3. Traffic isn't making it to the firewall at all. This seems unlikely since DHCP is working. You could run a packet capture on LAN2 to make sure.
Can you ping the LAN2 interface fro the server? This would verify that it's a routing and not a firewall problem.
Steve
-
OK, everything is back to the way it was before.
However, I set up a TunnelBroker.net IPV6 account…
I followed the walk trough and now the server even gets a valid V6 but still no access :/Rules are to allow any IPv4 and IPv6 from and to WAN
-
To the server or from it? Can you ping the LAN2 interface from the server?
Steve
-
OK, everything is back to the way it was before.
However, I set up a TunnelBroker.net IPV6 account…
I followed the walk trough and now the server even gets a valid V6 but still no access :/Rules are to allow any IPv4 and IPv6 from and to WAN
Sounds similar to the issue I'm having:
http://forum.pfsense.org/index.php/topic,50500.0.html -
I can ping the server From my Laptop (LAN) and from the pfbox.
From the server I can ping my Laptop (LAN), the pfbox and the WAN.Yet my server still displays the "No Internet Connection" warning
-
Ah well now we're getting somewhere!
So you can ping between subnets in both directions. This implies pfSense is correctly routing packets and that the firewall is not blocking traffic, locally at least. If it were blocking due to the default rule it would show in the firewall logs.What is the result of attempting to ping, say, google.com from the server?
The problem is either no dns service or no route to 'the internet'.
Possibly the DHCP server on LAN2 not giving the correct value or NAT not working correctly (it's definitely not set to manual?).Alternatively the "No Internet Connection" warning could be incorrect for some other bizarre reason. ;)
Steve
-
OK…
cannot ping anything outside of the network at all.
Pinging Google and Yahoo gives me the following message:
"Ping Request could not find host google.com. Please check name and try again"Checked NAT and its set to Auto.
DHCP is dissabled on SERVER as I'm running static IP -
Ok, looks like DNS not working.
What have you set as DNS servers on your server?Steve
-
Remote Desktop Connection is working BTW…
So i have access from LAN1 to SERVERDNS SERVERS:
IPv4 :
127.0.0.1
64.59.184.13
64.59.184.15
64.59.190.242
8.8.8.8
8.8.4.4
4.2.2.2
64.102.255.44IPv6 :
2001:4860:4860::8888
2001:4860:4860::8844 -
Looks comprehensive!
So perhaps the server has no route to the dns servers. Can it ping 8.8.8.8?
What OS server is it by the way?What does it have as a gateway?
You could add the address of the LAN2 interface as a DNS server. That will probably allow DNS to work but it will still have no route to the resulting IPs.
The server should be using the LAN interface address as a gateway.Steve
-
I can ping all of the Google DNS Servers.
Server is HP Proliant DL580 G4
Quad 3.6Ghz DC w/ 64GB
Running 2K8 DatacenterI have 3 more exact servers arriving in the next few days along with 4 PCIe Mellanox cards.
The Idea is to set them up as a cluster.Anywho…
Apparently it didn't want to use the DNS servers untill i supplied it for them in the IPv4 config.Thanks Steve for all your help
