New to pfSense: DNS seems not to be working

doktornotor

I have nothing against debugging, but your superbroken setup would be best flushed down the drain. Just restart from scratch.

johnpoz

what??

How do you have your devices connected?  Dude clearly your router 192.168.2.1 is not answering dns queries.. You can not query google.com from it.. So yeah that is broken..  Have you reastarted that device.  When you add 8.8.8.8 to your forwarders does that answer?

Here is how you should be setup

internet –- isp device --- 192.168.2.110 wan pfsense lan 192.168.1.1 --- 192.168.1.100 PC

With pfsense wan being directly connected to a port on your isp device and lan from pfsense going into a switch that your other devices are connected into.. Or you PC directly connected to the nic that is pfsense lan if you have no other devices..

itchy

Hi,

I am really really sorry that I was not able to respond earlier. I had to go on a business trip last week monday (unplanned) and when I got home a excavator has destroyed the cable with my Internet Connection - great weekend.

But now, back to our topic:

I tried the following scenarios:

1. WAN connected to USB LAN Adapter; LAN connected to onboard interface.
2. WAN connected to onboard interface; LAN connected to USB LAN Adapter.
3. Scenario 2 and in addition a W-LAN devices as OPT1.

My ISP Router has the IP-Adress 192.168.2.1. and the interfaces are connected in the right way.

In scenario 1 my router is not answering dns querier. I cannot query google.com. I have added 8.8.8.8 to my forwarder but nothing has changed. No response. In Scenario 2 (connected to pfSense from "WAN" site) and scenario 3, all problems (mentioned before) are sorted out. Only the LAN interface is not working.

My setup looks like this:

INTERNET –> ISP Router --> 192.168.2.110 WAN pfSense    --> 192.168.1.100 PC behind PfSense
                                      --> 192.168.2.125 Computer WAN

johnpoz

So when you use your onboard interface connected to your router.. It works from pfsense diag screen.  using 192.168.2.1 as your dns..  Post this screenshot.

Now on your lan side using usb.. Your clients get dhcp from pfsense 192.168.1.x and they point to what for dns??  Pfsense 192.168.1.??

What are you using in pfsense, the resolver or the forwarder?  By default resolver is used and pfsense try to directly query root servers.  So what are you using in pfsense for dns when your setup wan onboard, lan usb?

itchy

Hi,

yes, when i use my onboard interface as WAN on PfSense i am able to ping 192.168.2.1.

When i use my USB LAN interface on PfSense the clients recieve an IP-Adresse and the DNS entry points to pfsense (192.168.1.1).

I tried both on pfsense. Resolver and Forwarder, but it did not make any differences.

In the meantime i have an additional information: my USB LAN device has a AX88772C chipset, which is not supported by FREEBSD. The last AX88772 version, which is support is AX88772B.

KR
Itchy2

doktornotor

Awecome. Perhaps use non-shitty supported HW.

johnpoz

I really don't get why anyone would use a usb nic for anything than maybe an OLD school laptop that had no nic, or the lan onboard died, etc..

Why anyone would attempt to use a usb nic for any sort of router/firewall just make no sense to me..  You have multiple pieces of hardware and you want to run special distro as your router/firewall - so cleary your beyond the $20 soho router users.  But you can not afford a $10 nic to put in your machine or for that matter some $100 hardware to run your pfsense on?

itchy

Hi,

i have a system with only one LAN interface. The system has a very low power consumption and is working very well. I decided to use it as a test platform for PfSense before I decide to buy a "bigger solution". Just wanted to check out if it fullfills my requiremets.

KR
Itchy2

itchy

Hi,

I am still trying to get a usb lan dongle working - somehow. I bought a new one, which is definitly supported by FreeBSD (ASIX AX 88772). I am expieriencing the same problem, but in the console i have a new message: arprequest: cannot find matching adress.

Somebody an idea?

KOM

Start a new thread since your current problem has nothing to do with your last one.

itchy

I'm not sure if there is a connection between those two topics or not.

johnpoz

"arprequest: cannot find matching adress."

For what address?  Why don't you just get a REAL nic??

doktornotor

@johnpoz:

Why don't you just get a REAL nic??

And skip REALtek there. :P

Exxess

I can confirm that there are some serious issues with USB ethernet adapters.
I also tested the above mentioned ASIX AX 88772 and had the same problems as the thread opener: pings to IPs do always work, DNS lookups do never work and standard TCP transfers do work sometimes.
If, with the same config, I replace the USB by a PCI card, everything works fine.

The reason why i did this: USB card is 9€, low profile PCI card + 90° riser card for this case is 55€, but the time I spent working on this problem is worth way more…

If you want to see some serious shit, look at the attached Wireshark capture. This was captured on my home router (192.168.66.2), with 192.168.66.21 being a windows machine making a reference lookup and 192.168.66.199 being the USB-WAN interface of the pfSense machine in question. Don't ask me why I don't get any query responses (but two) to the pfSense machine's requests...

[dns problem.pcap](/public/imported_attachments/1/dns problem.pcap)