DNS on OPT1 Responds to Ping But Won't Load Webpages
-
The title says it all! This is a clean pfSense install, newest release, etc. The system is basically laid out like this:
em0: WAN
em1: LAN
opt1: GUEST LANI'm trying to create a subnet using a separate adapter (opt1) which will not allow any traffic to communicate with my internal LAN (em1). I followed this guide and got everything set up, but neither Capitve Portal or any other web page will load.
I am (of course) not able to ping anything because I haven't authenticated with captive portal!
Now, in order to debug this further, I disabled captive portal and cleared almost every rule I had set up. My rules for my interfaces are shown below.
I set up a rule which should allow opt1 to communicate on any protocol and I am now able to ping. When I try to load a webpage, nothing happens! DNS is correctly forwarded to the PC connected to opt1, but I cannot load any webpages using URLs. I am, however, able to ping websites directly!
Neither of these posts really help…
https://forum.pfsense.org/index.php?topic=11965.0
https://forum.pfsense.org/index.php?topic=76465.0
What the heck is going on?!
-
Unless Google's DNS serves at 8.8.8.8 and 8.8.4.4 are on your local network, don't you need to specify the upstream gateway?
-
Hmm not sure where to do that in pfSense.. Would you mind helping me out with it?
-
Sure. If you go to Interfaces - WAN - Static IP4 Configuration, do you have a gateway listed in IPv4 Upstream Gateway? What kind of device is your pfSense box connected to for Internet access, eg cable modem, DSL modem… ? That device is your gateway (to the Internet or another network), and you need to supply its IP address to pfSense so that pfSense knows where to send traffic outside its local networks. If you don't have a gateway then you need to define one. Once done, go back to System - General Setup - DNS Servers and pick your gateway from the list beside your DNS entries. Click Save.
-
It looks like I've already got that set up! They already appear in the drop-down list. Should I remove the Google DNS and select the gateway for each text box?
Thanks again!
-
No, you don't remove the Google DNS from System - General - DNS Servers, you change the Use Gateway picker beside each DNS sever entry to pick your gateway. Right now you have it set to none for both 8.8.8.8 and 8.8.4.4.
-
I'm using a cable modem (bridged) to get online. It assigns a dynamic IP address when starting up.
It looks like that didn't do the trick! I can ping google (using the IP address), the gateway, other PCs on the LAN, but I can't load websites!
-
Just a quick update.. I still can't get the system to forward anything other than ICMP requests, but I think I've found something else. It looks like for some reason pfSense is assigning the same adapter name (em0) to both my LAN and GUEST adapters! This would definitely explain what's going on! I'm going to try and find another adapter with a different chipset and report back!
