LAN NIC not installing?
-
Yep, those things.
We have been over so much now that I'm confused as to where we are. :-
Perhaps you could detail exactly what you have connected and what IP details you're using, dhcp etc.What is 192.168.0.4?
The fact that the first hop is 192.168.1.180, your wifi router, is bad. Your clients should be sending traffic directly to pfSense not via the wifi router.
Steve
-
Well I can ping everything on the LAN that is wired. The WiFi is down.
I reconnected the Wi-Fi router (192.168.1.180) to the Switch and the Switch to the pfSense LAN (192.168.1.155).
The WiFi router is in AP mode.
I noticed the WiFi router's WAN Connection Type is Automatic Configuration - DHCP. Maybe this WiFi WAN should be set to a static IP of 192.168.1.155 (pfSense's LAN IP)?
I rebooted the WiFi router and the WiFi WAN IP is 192.168.0.4.WiFi router details:
Network Setup DHCP disabled. (Maybe this is the LAN settings). -
The WiFi router is in AP mode.
I noticed the WiFi router's WAN Connection Type is Automatic Configuration - DHCP. Maybe this WiFi WAN should be set to a static IP of 192.168.1.155 (pfSense's LAN IP)?
I rebooted the WiFi router and the WiFi WAN IP is 192.168.0.4.WiFi router details:
Network Setup DHCP disabled. (Maybe this is the LAN settings).Glad that the Router is in AP mode and you have it wired to the switch.
In the WIFI setup, You can ignore the WAN setup as you put it into AP Mode.
–------------
The Cable Modem connects to the pfSense WAN interface (If its DHCP it will give the address to pfSense you dont need to worry about it)
The LAN interface you must set this to a different address than the WAN. So for example use 192.168.1.1, mask 255.255.255.0 (/24 Subnet)
So now you must ensure that all devices on your network share the same 192.168.1.X addressing. (/24 Subnet)
Connect a cable from pfSense LAN and connect it to one of the ports on the Switch
–------------
Now connect a network cable from the switch to one of the LAN ports of the WIFI (Set to AP Mode). DO NOT CONNECT anything to the WAN port of the WIFI unit.
Set the WIFI LAN address to 192.168.1.2, 255.255.255.0.
–------------
Setup DHCP on pfsense and Disable DHCP on the WIFI.
-
I took another look at your previous email and I think you have you cable modem setup to receive a DHCP address from your ISP.
You should log into the cable modem and set it to Bridged mode. This way it will not take the Internet Address and the pfSense WAN interface will take the DHCP Internet address properly.
This will save you from other headaches down the road.
-
How did the wifi router acquire an IP address of 192.168.0.4? That's the subnet being handed out by the cable router. The two should not be able talk directly.
Steve
-
Yes, the cable modem has DHCP server enabled.
The cable modem receives a WAN IP from the ISP.
The cable modem must be used as it's cable and there is no bridge mode.I prefer the Wi-Fi router's LAN IP with 192.168.1.180 rather than your suggested 192.168.1.2.
The Wi-Fi router LAN also asks for a gateway, so I entered 192.168.1.155.My Wi-Fi router acquired the WAN IP address of 192.168.0.4 because I have to connect the cable modem's LAN into the Wi-Fi router's WAN to get Internet.
I then remove the Ethernet cable from the Wi-Fi router's WAN and connect to pfSense's LAN and the Wi-Fi router has a WAN IP of 0.0.0.0.Yes, all networked devices are on the /24 subnet. (Only the modem and pfSense WAN are on a different subnet).
pfSense can ping www.google.com, but the network can only ping the LAN and no Internet still.
Here are the settings:
Cable COAX > Cable Modem WAN > Cable Modem LAN > pfSense WAN > pfSense LAN > Switch > router LAN1 > router LAN2 > network.Modem DHCP server: enabled.
Modem WAN default gateway from ISP: xxx.xxx.xxx.x.
Modem WAN DMZ Address: 192.168.0.4. (not sure on where this address is for?)
Modem WAN DHCP from ISP: xxx.xxx.xx.xx.
Modem WAN DNS from ISP: 61.9.211.33.
Modem WAN DNS from ISP: 61.9.211.1.
Modem WAN subnet mask: 255.255.240.0.
Modem LAN: 192.168.0.50.
Modem LAN subnet mask: 255.255.255.0.
pfSense DHCP server: disabled.
pfSense WAN DHCP from modem LAN: 192.168.0.2/24.
pfSense LAN: 192.168.1.155.
Switch: to LAN networked devices.
Router Wi-Fi DHCP server: disable as mode is AP.
Router Wi-Fi WAN: not needed as mode is AP.
Router Wi-Fi LAN: 192.168.1.180.
Router Wi-Fi LAN subnet mask: 255.255.255.0.
Router Wi-Fi LAN gateway: 192.168.1.155.
Networked LAN devices DHCP server: disabled.
Networked LAN devices: static 255.255.255.0 subnet IPs. -
Ok. You can use 192.168.1.180 for the wifi router that makes no difference.
It's interesting that the wifi router acquires the DMZ address from the cable router. The 'DMZ' is often used as a kind of quasi bridge mode when no real bridge mode is available.
In your current setup you have three layers of NAT. The cable router, the the pfSense box and the wifi router are all NATing. Whilst this will probably work fine for most things you might find some things struggle, VoIP applications, Skype etc. You should try to to have just one layer of NAT but we can work on that after you actually get connected.
So your wifi router is set to use DHCP on it's WAN interface to get an IP and it does that just fine when connected directly to the cable router. When you connect it to the pfSense LAN it defaults to 0.0.0.0 presumably because DHCP is disabled on the pfSense LAN. Why is it disabled? It should be enabled unless you are using all static addresses for your client machines. Why are you connecting the wifi router WAN to the pfSense LAN? When it is in access point mode you would usually connect one of the rouer LAN ports to the pfSense LAN.
As I've said before I think the wifi router is just complicating things here. You should at least initially try to connect to the pfSense LAN using just a client connected to the switch and that connected to the pfSense LAN.The pfSense WAN interface is receiving an IP from the cable router correctly so that side of the connection may be working fine. You can test that from the pfSense console by selecting Shell (option 8 ) and trying some pings.
Steve
-
I connected pfSense LAN to Switch, with no Wi-Fi router connected.
192.168.1.155 pings 192.168.1.120.
192.168.1.155 pings 192.168.1.40.
192.168.1.155 pings 192.168.0.2.
192.168.1.155 pings 192.168.0.50.
192.168.1.155 pings 8.8.8.8.
192.168.1.155 doesn't ping www.google.com.
192.168.1.155 pings google.com.
192.168.1.120 pings 192.168.1.155.
192.168.1.120 pings 192.168.1.40.
192.168.1.120 doesn't ping 192.168.0.2.
192.168.1.120 doesn't ping 192.168.0.50.
192.168.1.120 doesn't ping 8.8.8.8.
192.168.1.120 doesn't ping www.google.com.
192.168.1.120 doesn't ping google.com.
192.168.1.40 pings 192.168.1.155.
192.168.1.40 pings 192.168.1.120.
192.168.1.40 doesn't ping 192.168.0.2.
192.168.1.40 doesn't ping 192.168.0.50.
192.168.1.40 doesn't ping 8.8.8.8.
192.168.1.40 doesn't ping www.google.com.
192.168.1.40 doesn't ping google.com.I'm guessing there's some setting on pfSense's default setup settings that isn't letting the LAN connect to the Internet?
I've tried pfSense > Firewall > NAT > Port Forward > Add > Destination > Type: any > Destination port range > from: HTTP > to: HTTP > Redirect target IP (not sure, do I enter every LAN device's IP?) > Redirect target port ? > Save > Apply Changes. -
So I'm guessing the 1.120 and 1.40 are clients connected to the switch behind pfSense?
I assume when you say '192.168.1.155 pings 192.168.1.120' you mean you can ping 1.120 from the pfSense console?
You don't want to be doing port forwarding, remove any port forwards you've entered.
The pfSense box can't ping google.com so DNS is not working. What do you see listed on the dashboard for DNS servers?
'doesn't ping', while useful, is usually only half the result. It will give you a useful error like 'no route to host' or 'Cannot resolve: unknown host'.The fact that clients behind pfSense cannot ping the cable router at 192.168.0.50 means either NAT's not working or the routing is incorrect. In Firewall: NAT: Outbound: the mode should be set to automatic. That is the default setting though so unless you've altered it it should be working. You can check the routing at Diagnostics: Routes:. Please paste here the IPv4 section. The only other thing it could be is a firewall rule blocking it. The LAN interface has a default rule that allows all traffic from the LAN subnet so that shouldn't be a problem unless you've changed it. Anything that is blocked will appear in the firewall logs so you can check that.
Steve
-
Yes, 192.168.1.120 and 192.168.1.40 are clients connected to the switch behind pfSense.
Yes, I mean 192.168.1.155 (pfSense LAN) can ping 192.168.1.120 (LAN client).
I removed pfSense port forward.
pfSense > Dashboard > System Information > DNS server(s) > 127.0.0.1, 61.9.211.33, 61.9.211.1.
192.168.1.120 ping 192.168.0.2 error: Destination Host Unreachable.
192.168.1.120 ping 192.168.0.50 error: Destination Host Unreachable.
192.168.1.120 ping 8.8.8.8 error: Destination Host Unreachable.
192.168.1.120 ping google.com error: unknown host google.com.
192.168.1.120 ping www.google.com error: unknown host www.google.com.pfSense > Diagnostics > Routes > IPv4 >
Destination Gateway Flags Refs Use Mtu Netif Expire default 192.168.0.50 UGS 0 19565 1500 re0 61.9.211.1 d4:3d:7e:de:aa:48 UHS 0 8 1500 re0 61.9.211.33 d4:3d:7e:de:aa:48 UHS 0 8 1500 re0 127.0.0.1 link#6 UH 0 24 16384 lo0 192.168.0.0/24 link#1 U 0 1345 1500 re0 192.168.0.2 link#1 UHS 0 0 16384 lo0 192.168.1.0/24 link#2 U 0 23947 1500 re1 192.168.1.155 link#2 UHS 0 0 16384 lo0
-
Ok, the pfSense routing table looks OK. It's interesting though that the cable router has handed the ISP external DNS servers to the pfSense box rather than using itself. Can you ping either of those two IPs, 61.9.211.1 or 61.9.211.33, from the pfSense box?
If not then you could try using Googles DNS servers, 8.8.8.8 and 8.8.4.4, in pfSense instead. Enter them in System: General Setup: and uncheck the box 'Allow DNS server list to be overridden'.192.168.1.120 ping 192.168.0.2 error: Destination Host Unreachable.
192.168.1.120 ping 192.168.0.50 error: Destination Host Unreachable.
192.168.1.120 ping 8.8.8.8 error: Destination Host Unreachable.These imply that the clients cannot reach anything beyond the pfSense LAN interface. Even if NAT is broken somehow the WAN interface IP should still be pingable.
Is there anything in the firewall logs to suggest traffic is being blocked when you try to connect from a LAN client?
The other obvious thing would be that the clients have an incorrect gateway set (or no gateway at all). We've been over that before but you should check it again. The lan clients should have their gateway set to 192.168.1.155, the pfSense LAN interface IP.Edit: Hmm, reading back through the thread it looks like no-one mentioned having the LAN clients gateway set correctly so definitely check that if you haven't already. To have worked correctly with the wifi router they would have been set to 192.168.1.180 which is now incorrect.
Steve
-
It's working!
I changed the DNSes 61.9.211.1 or 61.9.211.33 which I had manually entered into pfSense.
I changed the LAN clients' Default Gateway to 192.168.1.155.One final question I have is how to put the wireless on the pfSense.
If I can remove the Wi-Fi router this will save on expensive electricity.
I'll just have to buy a larger switch.Looking to install Snort and Squid now…should be a bit smoother.
Thanks to all who helped advance science and curiosity :-)
-
Wireless hardware support in pfSense is limited, it should be much better in 2.2.
If you are looking for a wifi card to use as an access point in pfSense your best bet is an older Atheros model, one that is 802.11G only. Some Ralink USB adapters can also work well. See:https://doc.pfsense.org/index.php/Supported_Wireless_Cards
Steve