No internet access, but webgui works

itsignas

@johnpoz:

And your pointing dns to your wifi router IP address 192.168.1.254… So NO dns is never going to work from that client..

And your dhcp server is still listed as your wifi router 192.168.1.254....  Did you not renew your lease??  Once you turned off the dhcp sever in your wifi router?  Reboot the client so it gets dhcp from pfsense.

Alright, nope, same issue, rebooted wifi router, my client pc.

johnpoz

so that hs not dhcp that is STATIC…  Why don't you set it dhcp so you can actually verify dhcp is working off pfsense..

do you nslookup now from this client, this client can access pfsense right webgui...  What are the firewall rules you have on pfsense post them!!!

edit:  And if your going to run the beta, you for sure should be running the current one...  But again who says that maybe the resolver is broken in your version of a BETA version of pfsense..

But lets see the firewall rules.. I recall something in the thread where you only had tcp for 53... Lets see the rules.. And do a to pfsense name..  Even if your outside dns is broken you should be able to query pfsense.yourdomain.tld

example..

C:>nslookup
Default Server:  pfSense.local.lan
Address:  192.168.9.253

pfsense.local.lan
Server:  pfSense.local.lan
Address:  192.168.9.253

Name:    pfsense.local.lan
Addresses:  192.168.9.253

And pfsense name should come back for your server name when you first do nslookup.

The answer you get back from the nslookup will tell us someinfo - did you time out talking to pfsense, did it fail to lookup what you were looking for, etc. etc..

www.sljdflsjfsljflslsfdj.com
Server:  pfSense.local.lan
Address:  192.168.9.253

*** pfSense.local.lan can't find www.sljdflsjfsljflslsfdj.com: Non-existent domain

itsignas

@johnpoz:

so that hs not dhcp that is STATIC…  Why don't you set it dhcp so you can actually verify dhcp is working off pfsense..

do you nslookup now from this client, this client can access pfsense right webgui...  What are the firewall rules you have on pfsense post them!!!

edit:  And if your going to run the beta, you for sure should be running the current one...  But again who says that maybe the resolver is broken in your version of a BETA version of pfsense..

But lets see the firewall rules.. I recall something in the thread where you only had tcp for 53... Lets see the rules.. And do a to pfsense name..  Even if your outside dns is broken you should be able to query pfsense.yourdomain.tld

example..

C:>nslookup
Default Server:  pfSense.local.lan
Address:  192.168.9.253

pfsense.local.lan
Server:  pfSense.local.lan
Address:  192.168.9.253

Name:    pfsense.local.lan
Addresses:  192.168.9.253

And pfsense name should come back for your server name when you first do nslookup.

The answer you get back from the nslookup will tell us someinfo - did you time out talking to pfsense, did it fail to lookup what you were looking for, etc. etc..

www.sljdflsjfsljflslsfdj.com
Server:  pfSense.local.lan
Address:  192.168.9.253

*** pfSense.local.lan can't find www.sljdflsjfsljflslsfdj.com: Non-existent domain

Okay I restarted many times ESXi, pfSense, router, PC, now results are even worse. I can't even access pfSense webgui, seems like my router isn't connecting with pfSense. Only OPT1 works connected to WAN port of my AP router… Only combo that works right now.

Eth4 on photo is pfSense cable.

johnpoz

dude what part is so freaking hard to understand here… your ipconfig shows your gateway as 192.168.1.254... That is your wifi router IP so you can manage the wifi..  That is ALL that router is going to be now, its a Access Point nothing more... It allows your wifi to be connected to your wired network!!

Your rules for lan that now your calling PC only allow TCP... DNS is UDP… So NO shit its not going to work!!

Change that rule to ANY!!!  And why do you have all those port forwards setup on wan when you don't have anything working???

Let me say this AGAIN!!!  Let your clients be dhcp, so your SURE dhcp is working from pfsense.. and it will point to pfsense for gateway and dns...  But its NOT going to ever work until you change that rule to ANY or at min tcp/udp since dns is UDP!!!

Do you have dhcp enabled on pfsense even?

itsignas

@johnpoz:

dude what part is so freaking hard to understand here… your ipconfig shows your gateway as 192.168.1.254... That is your wifi router IP so you can manage the wifi..  That is ALL that router is going to be now, its a Access Point nothing more... It allows your wifi to be connected to your wired network!!

Your rules for lan that now your calling PC only allow TCP... DNS is UDP… So NO shit its not going to work!!

Change that rule to ANY!!!  And why do you have all those port forwards setup on wan when you don't have anything working???

Let me say this AGAIN!!!  Let your clients be dhcp, so your SURE dhcp is working from pfsense.. and it will point to pfsense for gateway and dns...  But its NOT going to ever work until you change that rule to ANY or at min tcp/udp since dns is UDP!!!

Do you have dhcp enabled on pfsense even?

It says 192.168.1.254, cause DHCP server don't work, look at it ipconfig /renew, dhcp server problem, so it came back to default settings.

Okay so I changed that rule.
DHCP on client's don't work. But on pfSense it's enabled.
I was using tablet as wi-fi access, not working, can't even access pfSense says - Connection refused when accessing 192.168.1.1

johnpoz

Dude this is basic stuff here..

Did you change your firewall rule, because with your current rules you can not even ping 192.168.1.1, and not dns not going to work.

As to dhcp not working..  What does the log say, does it see the dhcp discover.  And that was not actually a failure of getting and IP that was a failure on RENEW.. Which yeah renew of that lease could fail since you turned off the dhcp server it got it from.  Pfsense has no lease of giving your mac that IP, so no it would not be able to renew it..

Reboot the dhcp client your playing with, or do a release and then renew.  Then if not working look in the log of pfsense did it see a dhcp discover??

If you can not get to 192.168.1.1, then look in your arp table - if the mac of pfsernse is not there then you have a connectivity issue, etc.  Or many you turned on static arp in pfsense? Have no freaking idea what other stuff you changed..  What I would suggest you do is grab 2.2.6 and deploy that vs 2.3 beta..  Its quite possible the version you have has some issues.

Can tell you for sure that installing 2.2.6 with defaults and you will be up and running in clickity clickity…  If it takes more than 2 minutes I would think your drinking coffee on the job again ;)

itsignas

@johnpoz:

Dude this is basic stuff here..

Did you change your firewall rule, because with your current rules you can not even ping 192.168.1.1, and not dns not going to work.

As to dhcp not working..  What does the log say, does it see the dhcp discover.  And that was not actually a failure of getting and IP that was a failure on RENEW.. Which yeah renew of that lease could fail since you turned off the dhcp server it got it from.  Pfsense has no lease of giving your mac that IP, so no it would not be able to renew it..

Reboot the dhcp client your playing with, or do a release and then renew.  Then if not working look in the log of pfsense did it see a dhcp discover??

If you can not get to 192.168.1.1, then look in your arp table - if the mac of pfsernse is not there then you have a connectivity issue, etc.  Or many you turned on static arp in pfsense? Have no freaking idea what other stuff you changed..  What I would suggest you do is grab 2.2.6 and deploy that vs 2.3 beta..  Its quite possible the version you have has some issues.

Can tell you for sure that installing 2.2.6 with defaults and you will be up and running in clickity clickity…  If it takes more than 2 minutes I would think your drinking coffee on the job again ;)

Okay first photo is connected as it should work. But there isn't pfSense network card mac.
Second photo after repluging to OPT1 to access pfSense.
I don't know why it says 192.168.2.0 subnet if LAN (pc) is at 192.168.1.0

I will try to install 2.2.6 pfSense and i'll see.

itsignas

Oh my god it WORKS!!!!! Thanks..

I plugged my desktop pc (main, not xp) and access point to OPT1, and it works!

But I have to type manually IP, gateway, DNS for access point clients, let's say my android phone, I have to type 192.168.3.x, 192.168.3.1. And only then it works okay, but it won't get ip by dhcp.

johnpoz

Well you got a problem with your AP clients getting dhcp..  Do you show a discover on pfsense?  And sending an offer?

Maybe you have issue with that wifi router..  I have no idea what settings you have on there..  Get yourself an actual AP.. Something like https://www.ubnt.com/unifi/unifi-ap-ac-lite/ for example.

And if you need switch ports, get a REAL switch – smart/managed would be best bet so you have vlan support.

Also what version of ESXI are you running?  Looks like 5.5 - why would you not be running 6??

itsignas

Im using 5.5 with custom drivers for my two realtek gigabit cards, esxi don't officially support them. So I have to use older version.

johnpoz

update2 at min I would hope, since you need that for support of 10.1

So if your wired to your AP switch ports.. Do you get dhcp?  Do you not see mac in your arp table after you try and ping??  Make no sense that setting static would work then.. Nothing is going to work - unless your still NATTING??

Or is only for the wireless that your having problems?

itsignas

@johnpoz:

update2 at min I would hope, since you need that for support of 10.1

So if your wired to your AP switch ports.. Do you get dhcp?  Do you not see mac in your arp table after you try and ping??  Make no sense that setting static would work then.. Nothing is going to work - unless your still NATTING??

Or is only for the wireless that your having problems?

Only on wireless I get these problems. I tried ipconfig /renew, says can't contact server, and there isn't any info on system logs - dhcp.


johnpoz

But wireless works if you setup IP..

And wired works fine to ports on that router work fine.

itsignas

@johnpoz:

But wireless works if you setup IP..

And wired works fine to ports on that router work fine.

If I setup ip yes, it works, if i plug cable to that access point it work's fine with dhcp. Well this is minor complain.

johnpoz

Well since you say it works if you set static and your not seeing discover in log of pfsense clearly its the AP not sending on the discover.  You will have to get with makers of that device on issue.

Or if was me, would get a REAL AP…  And to be honest a real switch that is smart/managed so you can play with vlans.

itsignas

Just wanted to say, that I upgraded to the latest 2.3 version using the upgrade file. Seems everything working, but RRD graphs button is missing.. What is the link for RRD graphs? 192.168.1.1/rrd_graphs.php Or something like that, thanks!

johnpoz

Look in the 2.3 thread..

I really really don't get how someone NEW to networking in general, and pfsense for sure wants to run the lastest beta code that is going to be buggy.. What specific feature in 2.3 is there that you are wanting?  Just wait til it releases would be my suggestion to you.

itsignas

@johnpoz:

Look in the 2.3 thread..

I really really don't get how someone NEW to networking in general, and pfsense for sure wants to run the lastest beta code that is going to be buggy.. What specific feature in 2.3 is there that you are wanting?  Just wait til it releases would be my suggestion to you.

This gonna take long time to be updated to RELEASE, so I'm just going fastest way to have beta version, it's design is pretty sleek.

johnpoz

yeah because eye candy is what matters in a firewall ;)  Its not that far out from release..

Pretty sure it will release before you have a basic grasp of what the difference between tcp and udp is ;)  Since your firewall rule causing you all your problems was set for just tcp..

itsignas

Alright :D

This took long time to fix that problem…
Thank you, anyway. You helped me ;)