LAN to WAN forward does not work

doktornotor

Eh, WTF?

Why's your WAN set to None/None? If the IP is provided by DHCP server, then set it to DHCP and not None!  :o :o :o

This works out of the box! Undo all the nonsense you have done and fix your WAN configuration. Done.

Sebbo

I don't know. My provider tested pfSense and told me, that I have to set it to none, instead of DHCP. With DHCP pfSense would not work fine, because the DHCP option 121 is not fully supported by the provider.

I also had to change some configuration files of pfSense, that it works with my provider. Those settings are suggested by my provider:

pkg install isc-dhcp43-client

@viconfig:

• Now after configuration is opened we need to locate our wan interface:

<wan><enable><if>vtnet0</if>
      <ipaddr>dhcp</ipaddr></enable></wan>

• Change the ipaddr field from dhcp to none but do not close the text editor:

<ipaddr>none</ipaddr>

• Locate end of system section and add following on top of it. Your config.xml file should look like this:

<enablesshd>enabled</enablesshd>
        <shellcmd>/usr/local/sbin/dhclient -q vtnet0</shellcmd>

Finally I had to adjust this file too: /usr/local/etc/dhclient.conf

script "/usr/local/sbin/dhclient-script";
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
request subnet-mask, broadcast-address, time-offset,
        routers, host-name, interface-mtu,
        rfc3442-classless-static-routes, ntp-servers;

If I set the WAN NIC to "DHCP", pfSense is always missing the default routing entry… :'(

doktornotor

I would recommend to change your ISP.

Sebbo

This is not possible or can you tell me a hoster for VPS/VMs, where I can create a virtual datacenter with virtual machines? Our current hoster also has a API for it's DC to automate the process to create a new VM.

I've changed "None" to "DHCP" and the network configuration seems to be fine now, but now I'm not able to visit the webinterface anymore. (I'm still not able to reach it via IP, if I disable the firewall with pfctl -d.) :o

doktornotor

After doing such changes, I'd suggest to reboot.

(Regarding your original configuration hacks - sorry, that has no chance of ever working properly. When you set the interface to "None", pfSense has no knowledge of any of those manual shell hacks you used to configure IPs/GWs etc. via shell. Definitely a no go.)

Sebbo

Ah, nice. I had to reboot pfSense twice. Now is the LAN to WAN forward working as it should. Thx!

But apt-get update is for example very slow and hangs. Do I need to set a firewall rule for it or tick some options in pfSense?

...
100% [Waiting for headers]
...
100% [Connecting to de.archive.ubuntu.com (141.30.13.10)]

I'm able to reach everything without problems - via IP and FQDN/DNS. But this still hangs a bit… Sometimes it's fast a few repos and sometimes it's just hanging... :(

doktornotor

Unless you get something blocked in firewall logs, no… (Try a different mirror, perhaps.)

Sebbo

@doktornotor:

Unless you get something blocked in firewall logs, no… (Try a different mirror, perhaps.)

Tried different repositories from different hoster and countries, but it does not work:

root@ubuntu:~# aptitude install samba
The following NEW packages will be installed:
  attr{a} libaio1{a} libavahi-client3{a} libavahi-common-data{a} libavahi-common3{a} libcups2{a} libfile-copy-recursive-perl{a} libgmp10{a} libhdb9-heimdal{a} libkdc2-heimdal{a} libldb1{a} libntdb1{a} libtalloc2{a} libtdb1{a}
  libtevent0{a} libwbclient0{a} python-crypto{a} python-dnspython{a} python-ldb{a} python-ntdb{a} python-samba{a} python-talloc{a} python-tdb{a} samba samba-common{a} samba-common-bin{a} samba-dsdb-modules{a} samba-libs{a}
  samba-vfs-modules{a} tdb-tools{a} update-inetd{a}
0 packages upgraded, 31 newly installed, 0 to remove and 0 not upgraded.
Need to get 8,246 kB of archives. After unpacking 46.6 MB will be used.
Do you want to continue? [Y/n/?]
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libaio1 amd64 0.3.109-4
  Could not connect to ubuntu.mirror.lrz.de:80 (129.187.10.100), connection timed out
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libavahi-common-data amd64 0.6.31-4ubuntu1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libavahi-common3 amd64 0.6.31-4ubuntu1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libavahi-client3 amd64 0.6.31-4ubuntu1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libcups2 amd64 1.7.2-0ubuntu1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libgmp10 amd64 2:5.1.3+dfsg-1ubuntu1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libhdb9-heimdal amd64 1.6~git20131207+dfsg-1ubuntu1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libtalloc2 amd64 2.1.0-1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libtdb1 amd64 1.2.12-1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libtevent0 amd64 0.9.19-1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libldb1 amd64 1:1.1.16-1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libntdb1 amd64 1.0-2ubuntu1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libwbclient0 amd64 2:4.1.6+dfsg-1ubuntu2
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main python-ldb amd64 1:1.1.16-1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main python-talloc amd64 2.1.0-1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main python-dnspython all 1.11.1-1build1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main python-ntdb amd64 1.0-2ubuntu1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main python-tdb amd64 1.2.12-1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main python-crypto amd64 2.6.1-4build1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main samba-libs amd64 2:4.1.6+dfsg-1ubuntu2
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main python-samba amd64 2:4.1.6+dfsg-1ubuntu2
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main samba-common all 2:4.1.6+dfsg-1ubuntu2
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main samba-common-bin amd64 2:4.1.6+dfsg-1ubuntu2
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main samba-dsdb-modules amd64 2:4.1.6+dfsg-1ubuntu2
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main tdb-tools amd64 1.2.12-1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libfile-copy-recursive-perl all 0.38-1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main update-inetd all 4.43
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main libkdc2-heimdal amd64 1.6~git20131207+dfsg-1ubuntu1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main samba amd64 2:4.1.6+dfsg-1ubuntu2
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main attr amd64 1:2.4.47-1ubuntu1
  Unable to connect to ubuntu.mirror.lrz.de:http:
Err http://ubuntu.mirror.lrz.de/ubuntu/ trusty/main samba-vfs-modules amd64 2:4.1.6+dfsg-1ubuntu2
  Unable to connect to ubuntu.mirror.lrz.de:http:
0% [Working]E: Failed to fetch http://ubuntu.mirror.lrz.de/ubuntu/pool/main/liba/libaio/libaio1_0.3.109-4_amd64.deb: Could not connect to ubuntu.mirror.lrz.de:80 (129.187.10.100), connection timed out

root@ubuntu:~#

I really don't know, what the issue could be. I've also disabled all options to block bogon networks for example as well as Snort, because I thought, this is may the issue. :(

Currently it's working fine. Let me check for how long…

Sebbo

Nope, the error still exists.

KOM

I would revert to factory settings, then configure your WAN to the correct IPv4 Type to DHCP and get rid of your MTU settings.  There is nothing magical you have to do here.  It just works unless something is interfering or you have misconfigured it.