No internet on fresh install

almabes

@KOM:

Time for a beer.

That's the best idea I've seen all day.

Soonie

@KOM:

LAN PF sense static IP 192.168.1.1 [DHCP on] (pool 192.168.10 / 192.168.2.100

If your LAN is on the 192.168.1.0 network, your DHCP pool should be in the same range.  I have no idea what pool 192.168.10 / 192.168.2.100 means unless you made a typo or something.  Your DHCP range should be 192.168.1.10 - 192.168.1.x where x is your upper limit depending on how many IP addresses you need to give out.

im sorry for confusion , agian:

PF box WAN DHCP

PF box LAN 192.168.2.1 static  DHCP on pool is [192.168.2.10 / 192.168.2.100

(a jet changed the LAN from 192.168.1.1 tot 192.168.2.1 now the are in the same subnet)

i send some pictures (sreenshots ;-)

KOM

OK, many things are wrong here.

1. You cannot have WAN and LAN on the same subnet.  If WAN is on 192.168.2.0, LAN must be something other than 192.168.2.x.
2. You are supplying an incorrect gateway to your users via DHCP.  The gateway for them is your pfSense LAN IP address.

So…

If WAN is 192.168.2.x, configure your LAN for 192.168.3.1.  Make your DHCP range 192.168.3.10-.100 with a gateway of 192.168.3.1.

Soonie

@KOM:

OK, many things are wrong here.

1. You cannot have WAN and LAN on the same subnet.  If WAN is on 192.168.2.0, LAN must be something other than 192.168.2.x.
2. You are supplying an incorrect gateway to your users via DHCP.  The gateway for them is your pfSense LAN IP address.

So…

If WAN is 192.168.2.x, configure your LAN for 192.168.3.1.  Make your DHCP range 192.168.3.10-.100 with a gateway of 192.168.3.1.

Thx , i changed it like this

• Ping is working [but no internet]

PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=59 time=29.493 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=59 time=30.070 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=30.417 ms

–- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 29.493/29.993/30.417/0.381 ms

• DNS lookup is working [stil no internet] see sreenshot

• Did the next test and everyting was ok

est if the client can ping the LAN IP of the firewall

- If this fails, check the LAN rules, client IP/subnet mask, LAN IP/subnet mask, etc.

Test if the client can ping the WAN IP of the firewall

- If this fails, check the client's subnet mask and gateway

Test if the client can ping the WAN Gateway IP of the firewall

- If this fails, check the client's subnet mask and gateway, and double check Outbound NAT on the firewall

Test if the client can ping an Internet host by IP address (e.g. 8.8.8.8)

- If this fails, check the client's subnet mask and gateway, and triple check Outbound NAT on the firewall

Test if the client can ping an Internet host by Host name (e.g. www.google.com)

- If this fails, check the client's DNS settings, and/or the DNS Forwarder on the firewall (Services > DNS Forwarder, Diagnostics > DNS Lookup)

KOM

In your DHCP definition you need to specify the DNS servers for your DHCP clients to use.  Give it the LAN IP address.  Notice in your 4th screencap that your DNS Servers list is empty?

Soonie

@KOM:

In your DHCP definition you need to specify the DNS servers for your DHCP clients to use.  Give it the LAN IP address.  Notice in your 4th screencap that your DNS Servers list is empty?

i fill in LAN ip and DNS servers

The PC say's i have internet , but my browser is not working

Soonie

@KOM:

In your DHCP definition you need to specify the DNS servers for your DHCP clients to use.  Give it the LAN IP address.  Notice in your 4th screencap that your DNS Servers list is empty?

Wow , internet is working and i can see pages !!  ;D

I think the DNS was the last bottleneck.

Now i have opend al my ports on the firewall , i think thats no good idea.

What are the normal setting for firewall ?

killmasta93

What are the normal setting for firewall ?

what do you want to do with the firewall?

If you want to block websites or social https sites use http://www.tcpiputils.com/ and block it though the LAN tab

If you want to block blacklisted IP use the package pfblockerNG

If you want to open ports to port forward use NAT section

Derelict

If you have any rules on WAN delete them all.

You need rules on LAN to be able to get out to the internet.

Soonie

THX very much everybody !!

Internet is working

nice weekend

Soonie

@Soonie:

THX very much everybody !!

Internet is working

nice weekend

Ok internet works perfect now !

Now i see in the firewall logfile WAN block a UDP rule , what can i do ? make a rule ? or ignore this ?

almabes

That's SSDP/UPnP from your ZTE router.
http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol

Just ignore it.