Obihai install trouble
-
I've set all the ports on 192.168.1.250 (the Obi202) to be static under manual outbound NAT - see the second screenshot I posted. It didn't make a difference.
-
What is your obihai connecting too? Google voice or some SIP server?
If its some SIP server, who's SIP server? I have an idea what may be causing this.
-
I have an idea as well. Since
If I plug it straight into the DSL modem, it works
the idea would be this all borkage is caused by the huge overengineering of the configuration. Once again, keep it simple! As in:
My obihai worked just fun with only the default allow rule on LAN +DHCP.
-
Yeah - I'm thinking NAT (as in NAT on the SIP server side) is creating a problem where the obihai is only working if it runs against the public IP without NAT. If not that, then maybe OP is double NATed and doesn't realize it. obihai + pfsense is usually stupid simple. No special care required.
I'm waiting to hear back who provides his SIP. I run a SIP server here, and that is the only reason I am using manual outbound plus static port. Obihai worked without that. Asterisks didn't.
-
I've tried to connect to Google Voice, but first I'm trying to get their echo test service to work with no success. It's trying to connect to root.pnn.obihai.com, which is their provisioning service.
I did try the Obihai with the defaults as well, with no success - that's why I started port forwarding, etc., which also hasn't worked.
From the syslogs from the Obihai, all it keeps doing is trying to resolve the DNS for root.pnn.obihai.com over and over. I've tried turning off DNS forwarding, as well as putting the IP address for root.pnn.obihai.com into the DNS forwarder static section. I've also tried using different DNS servers on the Obihai with no luck either. I've also tried an explicit firewall rule to allow (and log) DNS lookups, which shows requests to pfSense and then requests out to the network.
-
Well, if DNS resolution does not work, then any messing with NAT/port forwards and uPNP sounds rather premature, to put it mildly?!
-
Hmmmm…
From a console on one of your computers, try:
ping root.pnn.obihai.com
Then, from pfsense console do the same.
Please tell results.
-
dok: I didn't find out it was a DNS issue until after starting with port issues.
Ping from my computer:
PING root.pnn.obihai.com (54.241.160.4): 56 data bytes
64 bytes from 54.241.160.4: icmp_seq=0 ttl=55 time=100.852 ms
64 bytes from 54.241.160.4: icmp_seq=1 ttl=55 time=93.125 ms
64 bytes from 54.241.160.4: icmp_seq=2 ttl=55 time=101.612 ms
64 bytes from 54.241.160.4: icmp_seq=3 ttl=55 time=92.128 msPing from pfSense:
PING root.pnn.obihai.com (54.241.160.4): 56 data bytes
64 bytes from 54.241.160.4: icmp_seq=0 ttl=56 time=94.989 ms
64 bytes from 54.241.160.4: icmp_seq=1 ttl=56 time=92.355 ms
64 bytes from 54.241.160.4: icmp_seq=2 ttl=56 time=115.846 ms
64 bytes from 54.241.160.4: icmp_seq=3 ttl=56 time=90.387 ms -
OK - So, you fixed the DNS settings?
-
I haven't touched the DNS settings - this is my problem. Every computer on my network except the Obihai can see that host. I can't figure out what else to try to get DNS through to the Obi. I think tonight I'm going to try putting the Obihai by itself on the OPT interface and log everything that goes in and out to see if I can figure out what's going on. I'm confused as all get out at this point.
-
Are all the other computers automatically grabbing DNS via DHCP or is their DNS manually configured on each computer?
-
They all get it via DHCP. I've tried setting the Obihai to both DNS via DHCP (which gives out 192.168.1.254, the pfSense box) and setting it explicitly (8.8.8.8 and 8.8.4.4, Google's DNS servers).
-
Hmmmm. No clue. Good luck.
-
Is there a way to simulate the "DMZ" option of Linksys, etc. routers via pfSense? I tried sticking the Obihai on a second LAN interface so I can log the traffic better, but no help. I can see in the states table that there are requests going to and from:
udp 8.8.8.8:53 <- 192.168.2.250:36837 NO_TRAFFIC:SINGLE
udp 192.168.2.250:36837 -> 8.8.8.8:53 SINGLE:NO_TRAFFICand via syslog:
(from Obi202)
8/29/13 11:55:53.000 PM OBI[-1]: BASE:resolving root.pnn.obihai.com(from pfSense)
8/29/13 11:55:53.000 PM 192.168.2.250.36837 > 8.8.8.8.53[-1]: 11189+ A? root.pnn.obihai.com. (37)
8/29/13 11:55:55.000 PM 192.168.2.250.42176 > 192.168.2.254.53[-1]: 11189+ A? root.pnn.obihai.com. (37)Something seems like it's restricting the replies from the DNS servers from getting back to the Obihai, but I'll be darned if I can figure out what it is. I set up a firewall entry allowing any and all network traffic to the second interface I moved the Obi onto, with no change.
-
Are you double NATed?
-
And on another note: are you really using 8.8.8.8 as your DNS? Or is your ISP blocking all DNS server but their own?
-
I shouldn't be double-NATed - my network topology is:
Cable modem –- pfSense box --- unmanaged switch --- Ethernet devices (including Obihai)
I'll check what DNS server the ISP gives out and try that as well, but I've never had a problem using other nameservers on my other computers.
-
Is there a way to assign the Obihai the external IP address via DHCP, similar to how Linksys routers' DMZ function works? (It's a little different than everyone else's concept of DMZ, which makes things a little confusing.) I'm wondering if it's having a problem with NAT, and that's the only way I can think of testing it.
-
My obihai is not on any DMZ is and not getting any special treatment. Matter of fact its getting very un-special treatment. Its just plugged into a switch and NATed same as everything else.
Thats not the problem. Why don't you connect it straight to the modem, upgrade the firmware, then put it behind the pfsense again.
This isn't supposed to be so hard.Which version of pfsense are you running?
-
OK - I updated the firmware yesterday through the web interface.
SoftwareVersion 3.0.1 (Build: 4041)I'm running pfSense 2.1 beta -
2.1-RC1 (i386)
built on Thu Aug 22 23:23:56 EDT 2013
FreeBSD 8.3-RELEASE-p10I was looking for the Ramdisk support that was introduced in 2.1, which is why I'm running the beta instead of 2.0.3.
Can you do me a favor? What does your Obi list in the web interface for the Obitalk status? Specifically, what does it say under the ex-addr?