Pfsense + Thomson ST510
-
At present the only interface that has a GW is WAN, to get internet access I have to set the WAN IP to '192.168.1.253' with a GW of '192.168.1.254' then I get internet access… but I'd rather have pfsense do all of the routing and only have the Thomson as a Modem.
When my Static External address is set via DHCP still no internet access.
Puzzled :S :o
-
Wait your WAN IP is 192.168.1.x? Then you need to uncheck the box on the WAN interface that says, "Block private networks" AND use a different subnet (e.g. 192.168.2.x) on the LAN interface.
-
^^^^ done both of those… using 192.168.2.0/24 on my lan and have unchecked the box ... it works its only when I use DHCP on the WAN and get my EXTERNAL IP when it doesnt.
-
Is it a static address or is it DHCP? If it is static you need to assign a gateway. If it's DHCP verify that it gets a gateway and DNS servers (Status -> Interfaces - Gateway IPv4 and ISP DNS servers).
-
if I ping google I get failed pings.
So it resolves google.com to it's IP? DNS is working?
Steve
-
Hi,
If I ping - It fails. I posted the output in a previous post.
I'm using DHCP when it doesnt work.. My IP (External Static from ISP) gets assigned to WAN interface, My ISP's gateways also appear in Gateways and I also receive the DNS Server IP's.
IF I set a manual address of '192.168.1.253' on my WAN and a GW of '192.168.1.254' I get Internet access.
As setup in the images - my Internet works - As soon as I set my WAN to DHCP I no longer get internet access and no idea why.
Thanks in advance for all of your help - I appreciate it.
-
Hi all,
I have done some screenshots of DHCP on WAN side.
![pf broken.PNG](/public/imported_attachments/1/pf broken.PNG)
![pf broken.PNG_thumb](/public/imported_attachments/1/pf broken.PNG_thumb)
-
For some reason when DHCP is set on WAN, i get IP on interface and receive gateway from ISP but that gateway cannot be reached.
-
Any help most appreciated guys!!
Thanks!!
-
The reason I asked you to ping google.com as well as 8.8.8.8 was to determine if DNS was working. At this point it's probably not relevent since pinging by IP didn't work but the first thing that you see when pinging by URL is:
[2.1.3-RELEASE][root@pfsense.fire.box]/root(1): ping google.com PING google.com (173.194.34.174): 56 data bytes 64 bytes from 173.194.34.174: icmp_seq=0 ttl=56 time=13.773 ms
You can see that it has resolved the url to an IP.
I notice that the IP you're given when set to DHCP on WAN is still a private address in the 10.0.0.0/8 range. Is that the same type of address that the Thompsom router gets if it's connecting without pfSense?
Steve
-
If your ISP really is handing out 10/8 IPs, if it's doing CGN for example, then you may have to disable the firewall in the ST510. You probably want to do that anyway.
http://www.petenetlive.com/KB/Article/0000210.htm
If having selected to assign the public IP to a device in the router you can still access the internet by using the routers lan side subnet details manually then I would suggest it has not correctly assigned the public IP.
Steve
-
Yes, My ISP's gateway is in the 10. range. (Private range) my thomson router has a 10.0.0.138 IP but this cannot be reached at all when I set my WAN to DHCP.
-
What subnet is your ISP handing the WAN?
Some ISPs are now handing out /32 subnets via DHCP which is not a standards compliant configuration. Other OSes allow this configuration (Windows, some Linux distros) but FreeBSD does not. There is a workaround.Steve
-
I believe it's a /30.
Not entirely sure - you've got to realize that the ISP we are dealing with here isn;t your usual ISP, they do things very differently.
I'm within this range.
https://apps.db.ripe.net/search/query.html?searchtext=77.86.33.157&searchSubmit=search#resultsAnchor
I'll be honest I think it's a slash /30 but it COULD be A /32
Anyway I can find out ??
-
Ah, the broadband principality of Hull! ;)
The address in that link is not handed to you then?
Go to Status: Interfaces: in the webgui. All the details handed to you should be there.
Steve
-
Screenies:
-
Any Ideas ?
And thanks by the way I appreciate the help - I'd love to get this working… If I can!!!
I'm lost, I cant think of anything else to try!!
-
Would the following work.
I assign an IP on my WAN for example 77.86.33.156….
And my Gateway set that to... the actual IP that I get from DHCP from my ISP ?
Would/Should that work ?
-
Ah, I just re-read the thread and now it makes more sense. I had assumed that because the gateway being given to you is 10.X.X.X then the IP would similarly be 10.x.x.x. But no.
Ok well the gateway address you are being sent, 10.55.200.44, is outside the subnet of your WAN address which is a real public IP. The subnet mask you're being sent is a /8 which is really weird. Like you say Kcom are not a 'normal' ISP! ::)
The workaround should still apply here but the details you have are very odd. If you connect the router in the normal way, without pfSense, does it too receive these same (or similar) details?
Anyway the workaround for this is to add a route to the gateway address. See:
https://redmine.pfsense.org/issues/972
Specifically at the console enter these two commands:# route add -net 10.55.200.44/32 -iface rl0 # route add default 10.55.200.44
If that works then you can add the commands to Shellcmd so they run at each boot.
We might need some input from a higher source on this though because it looks….wrong! ???
Steve
-
Thanks yes it is an odd setup and yes even usjng the thomson on its own I get alk of the same IP settingd same subnet n everything.
Ok thanks for those commands ill try them when I get chance to get back on my machine.
what exactly will those commands do ???