Can't get pass VLAN /WAN setup

CGTroll

Thanks for the replies!
Finally got it up and running. Using the 2.1 snapshot fixed it.  :)

I now have the router up in bridge mode, and I can access the network and the pfSense box through the network but I can not get outside. The internet is not available, but I know it works as I'm using it now after hooking my PC straight into the modem. When I go through the setup of the WAN and the LAN, straight from the box, both the WAN and the LAN get their IP, but when I check the Webgui, it says WAN IP is blank. When I check the IP straight from the box again, the WAN is blank as well. If I set up the interfaces again, same things happen. WAN IP that shows up after the setup is the ISP IP, so I know it is getting it from the ISP, but why does it disappear? i have tried to reset the pfSense installation and only use the default settings but same things happen. Any idea what could be causing this?

My setup is now:

Cable Modem > WAN pfSense (DHCP server) > LAN out > LAN in router box (bridge mode)

Thanks!

stephenw10

What sort of WAN connection do you have, PPPoE, DHCP?
Are you initially getting the correct IP?

Check the system logs for clues as to why your IP is dropped.

Steve

CGTroll

@stephenw10:

What sort of WAN connection do you have, PPPoE, DHCP?
Are you initially getting the correct IP?

Check the system logs for clues as to why your IP is dropped.

Steve

DHCP WAN connection
Yes, initially getting the correct IP
I don't understand all that's in the log, but this had the correct WAN IP in it: (swapted the IP with xxs)

php: /interfaces.php: Clearing states to old gateway xx.x.xxx.x
php: /interfaces.php: ROUTING: setting default route to xx.x.xxx.x
php: /interfaces.php: The command '/sbin/route change -inet default xx.xx.xx.x'' returned exit code '1', the output was 'route: writing to routing socket: No such process route: writing to routing socket: Network is unreachable change net default: gateway xx.x.xxx.x: Network is unreachable'

Thanks!

stephenw10

Ok, is your test PC that you connected to the modem directly running Windows?

The problem here is that you can't use a gateway that is outside your subnet when using DHCP. My understanding is that it's against the rules and FreeBSD doesn't allow it. Windows bends those rules.  ;)

Does that sound right, is the gateway outside the WAN subnet?

Steve

The problem and a possible solution are described here: http://blog.magiksys.net/pfsense-firewall-default-gateway-different-subnet

CGTroll

@stephenw10:

Ok, is your test PC that you connected to the modem directly running Windows?

The problem here is that you can't use a gateway that is outside your subnet when using DHCP. My understanding is that it's against the rules and FreeBSD doesn't allow it. Windows bends those rules.  ;)

Does that sound right, is the gateway outside the WAN subnet?

Steve

The problem and a possible solution are described here: http://blog.magiksys.net/pfsense-firewall-default-gateway-different-subnet

thanks for the reply.

ouch. This went a bit above my head and I don't understand much of this. Previusly I had the netgear router just hooked up to get ip from isp and that was that. I'm guessing the netgear box then did this automatically  but now I have to set it up manually doing the same job? Is there no way for pfsense to handle the wan and the lan as two individual networks in the same way? what i could understand of the turorial, i have to set wan ip to static but how can that work when i don't have static ip?

I've used my mac book pro to connect to the cable modem so I guess it those the same thing as windows?

stephenw10

The fact that it worked with the Netgear router, which is probably running Linux, implies it might be nothing to do with my previous suggestion. Only you can know for sure because only you know what the WAN IP settings are/were. If the gateway supplied via dhcp is outside the subnet of the supplied WAN IP then this is certainly an issue. It looks like it might be because your log shows pfSense trying to set a default gateway that is unreachable.  :-.

Steve

CGTroll

@stephenw10:

The fact that it worked with the Netgear router, which is probably running Linux, implies it might be nothing to do with my previous suggestion. Only you can know for sure because only you know what the WAN IP settings are/were. If the gateway supplied via dhcp is outside the subnet of the supplied WAN IP then this is certainly an issue. It looks like it might be because your log shows pfSense trying to set a default gateway that is unreachable.  :-.

Steve

This is what I get when I hook my Mac up to the Cable TV modem:

As for the Netgear router, all the options I have are to heck of for Get IP Dynamically from ISP:

stephenw10

The assume the redacted part is the same for both your IP and the gateway?

In that case it's not the problem I described, the gateway is in the subnet.

More likely it's some issue with the modem or ISP not accepting the MAC address. Have you tried rebooting the modem? Or spoofing the MAC in pfSense?

It could also be a compatibility problem between the two ethernet devices. I was dealing with some hardware yesterday which would negotiate a connection for about a minute and then fail, at the ethernet level. It happens more often than you think, but it's still quite rare.  ;) You can usually see if that's the case as the connection shows as down (or flaps up - down) in ifconfig.

Steve

biggsy

Did you connect the Netgear's WAN port to the pfSense LAN?
If so and you can spare a LAN port, try connecting one of the Netgear's LAN ports instead - leaving the Netgear's WAN port empty.

As Steve might have been suggesting, some ISPs will limit the number of MAC addresses to which they will give IP addresses through the same cable modem.  My ISP only allows two different MAC addresses - supposedly one for the tech to set it up for you with his PC and one for your PC or router.  In your case, your Netgear could have taken one IP and your Mac the other.  It depends on your ISP's DHCP policies.  Steve's suggestion of spoofing the MAC address of pfSense (so it looks like your Mac or the Netgear's MAC) should get around that limitation.  Strange that an IP address appears and then disappears though.

CGTroll

@stephenw10:

The assume the redacted part is the same for both your IP and the gateway?

In that case it's not the problem I described, the gateway is in the subnet.

More likely it's some issue with the modem or ISP not accepting the MAC address. Have you tried rebooting the modem? Or spoofing the MAC in pfSense?

It could also be a compatibility problem between the two ethernet devices. I was dealing with some hardware yesterday which would negotiate a connection for about a minute and then fail, at the ethernet level. It happens more often than you think, but it's still quite rare.  ;) You can usually see if that's the case as the connection shows as down (or flaps up - down) in ifconfig.

Steve

Sorry, forgot to mention that, yes they are the same.
I actually have not tried to reboot the modem, that's pretty silly, but since the connection have worked with the Mac I haven't thought of that. On the other hand, while I've been at work posting this, my wife has been home trying to use the Internet on her Windows PC the same way I did with my Mac, and she couldn't get it to work, until, she rebooted the modem. So when I get back home, I will hook the pfSense box back up and see how that goes, even reboot the modem again while the box is connected. Will also check ifconfig.

Thanks!

CGTroll

@biggsy:

Did you connect the Netgear's WAN port to the pfSense LAN?
If so and you can spare a LAN port, try connecting one of the Netgear's LAN ports instead - leaving the Netgear's WAN port empty.

As Steve might have been suggesting, some ISPs will limit the number of MAC addresses to which they will give IP addresses through the same cable modem.  My ISP only allows two different MAC addresses - supposedly one for the tech to set it up for you with his PC and one for your PC or router.  In your case, your Netgear could have taken one IP and your Mac the other.  It depends on your ISP's DHCP policies.  Steve's suggestion of spoofing the MAC address of pfSense (so it looks like your Mac or the Netgear's MAC) should get around that limitation.  Strange that an IP address appears and then disappears though.

I have not used the WAN port on the Netgear router, just one of the 4 LAN ports, so guess that is not the issues. But Some have suggested to use both the Netgear firewall and the pfsense box, and use the WAN and the LAN on both boxes, that would cause that issue I guess then?

as for the IP disappearing, that is strange, but as I told Steve, I have not tried to reboot the modem, so I will try that when I get home.

Thanks.

CGTroll

rebooted the modem did not help.

Ifconfig shows wan has ipv6 but no ipv4. In the log i'm not sure how to read it so can't tell if it is up or down.

As for spoofing, what mac address should i put in?

Could there ne hardware issues?

Thanks.

stephenw10

The ifconfig command will show an IPv6 address based on the device MAC even if it's disconnected.

Look at the end of the ifconfig output for your WAN NIC. It should show something like:

fxp0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=9 <rxcsum,vlan_mtu>ether 00:90:7f:87:dc:74
	inet6 fe80::290:7fff:fe87:dc74%fxp0 prefixlen 64 scopeid 0x7 
	inet 192.168.5.11 netmask 0xffffff00 broadcast 192.168.5.255
	nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active</full-duplex></performnud></rxcsum,vlan_mtu></up,broadcast,running,simplex,multicast> 

If it doesn't say either 'active' or 'autoselect' you have a problem.

Steve

CGTroll

It says active, and if I type "ifconfig re0 down, it change status to blank, and back to Active after ifconfig re0 up, so it does respond and seem to be ok, other then no IP. After the reboot of the modem, the WAN ip says 0.0.0.0, and during the log, it shows the ISP IP for a short while after startup, then disappears.

biggsy

It's a bit hard to follow where you're up to with this.  How does your network look now?  Is the Netgear router between the cable modem and the pfSense WAN port?

How did you bridge the Netgear?  Try it like this:

http://kb.netgear.com/app/answers/detail/a_id/965

making your Netgear a Wireless AP and 3-port switch.

CGTroll

@biggsy:

It's a bit hard to follow where you're up to with this.  How does your network look now?  Is the Netgear router between the cable modem and the pfSense WAN port?

How did you bridge the Netgear?  Try it like this:

http://kb.netgear.com/app/answers/detail/a_id/965

making your Netgear a Wireless AP and 3-port switch.

My setup is like this: Cable Modem > WAN pfSense Box -  LAN pfSense box (DHCP on - IP pool: 192.168.1.100-245 - Static IP:192.168.1.1 ) > LAN Netgeat router (DHCP off, set to bridge mode as far as I understand and WiFi AP, Static IP: 192.168.1.2) (Netgear WAN has no cable in it).

LAN works fine with no problem communicating between the computers on the network and from computer to router and to pfSense Box, both by cable and by WiFi. But I have no Internet access. unless I hook my MAC/ or PC straight up to the cable modem which then gives me correct IP and gateway.
If I hook the pfSense WAN cable to the cable modem, I get IP 0.0.0.0 on WAN on pfSense box, yet in the log I see the correct IP appear right after reboot, but then it disapears. LAN IP is fine.

biggsy

OK, Sorry I thought you might have gone back to Modem > Netgear > pfSense

Do what Steve suggested earlier and set the pfSense WAN interface to spoof the MAC address of your Mac:  Interfaces > WAN > MAC address.

stephenw10

It must also say 'autoselect' unless you have specifically told it not to auto-negotiate the link speed and duplex. This is where some hardware fails. The NIC I was dealing with recently ended up flapping (going up and down) continuously as it repeatedly failed to negotiate the line speed. I have no idea why. I also have a laptop with a Realtek NIC that just won't work with my SMC switch but works fine with other hardware.
Like I also said though this is very rare so I'd look at other thing first.

Steve

CGTroll

@biggsy:

OK, Sorry I thought you might have gone back to Modem > Netgear > pfSense

Do what Steve suggested earlier and set the pfSense WAN interface to spoof the MAC address of your Mac:  Interfaces > WAN > MAC address.

Got it, I didn't understand that it was the Mac's MAC I was spoofing. I will try try that. Thanks :)

Steve: It is set to "autoselect" but if it is flapping, would I see that in ifconfig where it then should liste different speed and duplex?

stephenw10

In the two instances I reffered to if it is flapping you should see that in the logs and also at the link LED. The other card just refused to connect so showed status 'no carrier'. If you have a conflict in auto-negotiation the card often defaults to half duplex which can cause problems.

One other thing that I just remembered. Of all the interfaces/hardware you have tried how many (and which ones) are Gigabit Ethernet? A common problem that can present itself is a bad cable that works fine at 100Mbps but fails at Gigabit due to needing all 8 conductors. It can appear to be working as the negotiation stage only requires 4 conductors.

Steve