Unable to access WAN or webConfigurator after install
-
After several hours of reading these forms and failed attempts at troubleshooting I have finally given in and accepted I am stuck. I recently installed pfSense 2.1.5 on a Dell Optiplex 755 with a integrated 10/100 Ethernet and Rosewill add-in Ethernet card install on PCI. After initially having trouble with FreeBSD recognizing either NIC to assign interfaces during the install I finally was able to assign both the em0 and r10 interface. I thought it would be smooth sailing to set interface IP addresses but I was wrong. After statically assigning 192.168.1.4 to the LAN interface I am unable to hit the webConfigurator. Additionally, I cannot ping outside my LAN or any host in my LAN. But I can ping my WAN IP and my LAN IP. Any idea's what I did wrong? I have attached a physical network diagram and screenshots of my device configurations.
![Net Diagram.JPG](/public/imported_attachments/1/Net Diagram.JPG)
![Net Diagram.JPG_thumb](/public/imported_attachments/1/Net Diagram.JPG_thumb)
-
what are you doing with the wrt600 - and why are you connecting to its internet port?? That would be natting.. And looks like you have same IP on both sides of its wan and lan connections.. pfsense is on 192.168.1.0/24 and wrt600 lan is on 192.168.1.0/24 – but you disabled dhcp on pfsense so wrt600 doesn't even get a wan IP?
If you want to use the wrt600 as switch, then turn off its dhcp server and connect pfsense to one of its lan ports. Pfsense would provide dhcp services to your network.. Lets call pfsense lan IP 192.168.1.1, and wrt600 lan IP 192.168.1.2, psfsense dhcp server should be enabled. Then from the other wrt600 lan ports you could connect to other switches. Everything would be on the 192.168.1.0/24 network - pfsense would be the gateway.
To validate working connect something to wrt600 lan port or any of of your other switches connected to the wrt600 - you should get an IP from pfsense dhcp server and be able to access its web gui.. Then it will walk you through a wizard to complete the setup.
-
John. The reason why I had a router was that the switches are managed and the cable modem doesn't do DHCP. I tried what you suggested and was able to get in the web config. pfsense is now assigning IP addresses and I am able to ping inside my network. However, I am unable to get out to the internet. I tried modem to router (with DHCP turned off) to WAN port, then LAN port to Laptop and I still cannot get outbound traffic. Any ideas?
-
"John. The reason why I had a router was that the switches are managed and the cable modem doesn't do DHCP"
What??? Not sure what to say to that - its just gibberish.. I understand why you would have a router - but why would you connect pfsense to it?? And if you were going to do a double nat sort of setup - where was your router suppose to get its wan IP since you disabled dhcp on pfsense.. And you were running the same network on both your router and pfsense?
Well from your screenshot pfsense seems to get a public IP from your cable modem - can pfsense resolve and ping stuff on the internet? So your network is default lan network - you didn't mess with the firewall rules still default any any?
If pfsense can not get to the internet - then no clients would ever get to the internet. so from pfsense - example
[2.1.5-RELEASE][root@pfsense.local.lan]/root(1): ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2): 56 data bytes
64 bytes from 4.2.2.2: icmp_seq=0 ttl=60 time=10.438 ms
64 bytes from 4.2.2.2: icmp_seq=1 ttl=60 time=10.255 ms
^C
–- 4.2.2.2 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 10.255/10.347/10.438/0.091 ms
[2.1.5-RELEASE][root@pfsense.local.lan]/root(2): ping www.google.com
PING www.google.com (74.125.201.103): 56 data bytes
64 bytes from 74.125.201.103: icmp_seq=0 ttl=44 time=32.773 ms
64 bytes from 74.125.201.103: icmp_seq=1 ttl=44 time=32.196 ms
^Can you do the same? If not - then no clients never going to go anywhere on the internet since pfsense doesn't have internet access.
-
John… I re-installed pfsense and accepted all the defaults. The only thing I changed was the timezone in the webconfig... and things work. I was able to ping Google from the firewall. I think I am beginning to understand why you said my previous setup was double NAT'd.
Also, I did some more research on the cable modem and was able to log into it via port 80. The cable modem does have a DHCP server (so I completely understand why you said my comment was gibberish). The cable modem webconfig listed a DHCP server and has a statement which stated something like, DCHP will assign IP address only if it is disconnected from the internet. It seems to me like it does not enable DHCP when it is connected to the ISP. Is that correct?
BTW thanks for all your help... now I have to get smart on firewall rules.
-
Cable modems only do dhcp when there is no internet and then have only seen that on Motorola models , they give you an IP on the 192.168.100.0/x segment.. "Modems" by definition do not do dhcp, since they do not Route or NAT traffic what would be the point of dhcp server?
Glad you got it sorted.. If you changed the lan IP its possible something was out of walk, a reload of the firewall prob would of fixed it up..
Smart of firewall rules in what sense - in a home network with one segment I don't see why you would use anything other than any any.. Why would you want to filter outbound traffic from a network that you manage.. I see no point in locking it down.
-
Hmmm, maybe the "cabel modem" is a cable router (some more details would be helpful) set to bridge mode, acting as a cable modem? Otherwise I'm out… :-)
-
Theer are no cable routers – there are cable gateways.. modem and router combo.
What is the model of your device..
-
You're welcome! ;-D