Problems to access Internet
-
but you clearly stated your NOT natting on pfsense.
but robertog said
@robertog:i have just nat in modem, means i havent setup nat on pfsense.
which could mean that because he hasn't done anything to setup NAT in pfSense he assumes pfSense is not NATing. But my recollection is that NAT is on by default in pfSense between LAN and WAN.
-
Yup I agree nat is on by default normally. but way I read it was he turned nat off.
Why would he mention that he was not running it?? Unless he knew for sure it was on or off?
@robertog can you verify for us if you turned NAT off?
here
http://doc.pfsense.org/index.php/Outbound_NATTo completely disable NAT and all firewall function from all interfaces, do the following. Note that you will skip the previous section ("Disable NAT") when taking this approach.
Go to the System: Advanced page and click the Firewall / NAT tab.
Check the box to "Disable Firewall / Disable all packet filtering."
Save changes.To completely disable NAT to have a routing-only firewall, do the following.
Go to the Firewall -> NAT page, and click the Outbound tab.
Select the option "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and click Save.
Remove all automatically generated NAT rules at the bottom of the screen.
Apply changes
–-Did you do either of those on your pfsense box? If not then NAT would be on, and would explain why it works atleast some times - because if you had turned NAT off I don't see how it would work at all.
So again I would suggest you remove the "modems" nat and allow pfsense to handle your nat/firewall/etc
-
Hello!
thanks for your reply but at moment I cant verify if Nat off..Im in business trip sorry, I repeat you I havent setup nat on pfsense so if this means defaults pfsense has nat i didnt know….
But do u think that can create problems and sometimes internet connection is up and down?
thanks roberto -
As the others said by default pfSense will NAT between WAN and LAN. You almost certainly have this enabled. This means you are double NATing but that doesn't usually cause a problem. I have run double NAT setups for testing purposes for months before and never once experienced any issue. However you should be aware that under specific circumstances it can be a problem.
You need to determine where the failure is occurring and you will probably need to be doing that locally. We could speculate what might be happening but without testing it will only be speculation. ;)
The first thing I would look at is the pfSense logs. Look for WAN disconnects. Look at the RRD graphs of connection quality. Are there periods of packet loss or high latency?
How is your WAN address assigned? Static IP?
Steve
-
hello,
thanks for reply when i come back in office i will do of course.
I have wan ip static.bye
roberto -
"Look at the RRD graphs of connection quality. Are there periods of packet loss or high latency?"
But that is really not testing his internet connection in the current setup because pfsense gateway is his modem. His ISP could be offline and pfsense would still think internet is happy with a <1ms response time because he is just talking to the lan of his modem.
Which is why I suggest he puts pfsense on the border so that yes now he can see what the internet connection is doing.
-
But that is really not testing his internet connection in the current setup because pfsense gateway is his modem.
That's true. However if it does show something that will be a big clue. ;)
The fact that the connection is solid when the pfSense box is removed suggests a problem on the local side of the modem.
Having a static WAN means that it's unlikely to show anything in the system logs except perhaps if it's a faulty cable.Having a public IP on the pfSense WAN and a single NAT config is a better setup but that should not stop it working as it is.
Steve
-
I agree it can work with double nat, as stated before it is not ideal sort of setup. But it should work - but he mentions
"Can pfsense talk to your "modem" – is the modem online - YES"
Well that tells me its his ISP or pfsense. I would look to ISP first, but since his pfsense is not directly connected and behind a nat. It is impossible to tell if pfsense can not talk to the gateway. Which he would see instantly if pfsense was on public IP.
-
he mentions
"Can pfsense talk to your "modem" – is the modem online - YES"
Good point. Though that doesn't mean it's continuously online. However that should show up in the logs.
Much as I'm enjoying this speculating I think I'll wait for more information. ;)
Steve
-
hi,
thanks guys for sharing your ideas and suggestions. I can't wait when i am physically back in the office (cc. 24.9) in order to try suggested options & share back with you all results. Roberto
