Requesting help with a laptop build
-
Hi,
I'm new to networking in general, and I thought it would be fun to create a pfsense router with an old laptop that I had sitting around. I watched Mark Furneaux's videos about pfsense on youtube, and thought I had enough knowledge to build my setup, but I'm now stuck.My configuration goes like this:
Verizon GT784WNV (modem/router) -> D-link DGS-1210 managed switch -> laptop with pfsense
The laptop only has one NIC, so I thought I could use VLANs to set everything up.
What I've done so far is create 2 VLANs on the switch with the first containing the modem (untagged) and the laptop (tagged) and the second one containing the laptop (tagged) and all the other ports (untagged).
In pfsense on the laptop, I've assigned vlan1 to WAN and vlan2 to LAN. I'm able to get an IP on WAN through DHCP (192.168.1.6/24). I've set the LAN IP to 192.168.10.1/24.
The problem is that when I connect a computer to this setup, I can't get an IP and I have no internet connectivity.
Can someone please tell me what I'm doing wrong? I've been at this for hours, and I can't seem to figure it out!
-
What you report you have done is all good.
-
When changing/setting the LAN IP, did you then go and also change the DHCP Server range to be in the new LAN subnet?
-
Do Diagnostics->Packet Capture on the pfSense device to see if any DHCP request is received.
-
Try setting a fixed IP on the client, then you can try ping etc from the client and see if it works, and use Packet Capture on pfSense if it does not work, to see if the echo requests are getting through.
-
-
Thank you for replying Phil.
I can't even get into the web configurator at this point. I've tried the following:
- Connecting to the Verizon router and trying to access the web configurator through the laptop's WAN IP and LAN IP
- Connecting to the Verizon router, setting a static IP in the laptop's LAN IP subnet, and trying to access the web configurator
- Connecting to the laptop's LAN VLAN and trying to access the web configurator through the laptop's WAN and LAN IPs.
When I connect to the LAN VLAN, I get a 169.xxx.xxx.xxx IP address. I can't ping the laptop.
If I try to set a static IP of 192.168.10.100 (within the laptop's DHCP range), I still can't ping the laptop.
I'm not really understanding why I can't get to the web configurator when I set up VLANs. When I reset pfsense to only have a WAN IP address, I can access the web configurator just fine. Could it be a problem with my VLAN setup on my switch?
-
Actually, I just figured out why web config wasn't working. I was closing the laptop screen every time I used my other computer thinking that it would just shut off the screen, but I guess it put the whole system on standby?
Anyways, for your first suggestion, when I try to go to Services -> DHCP Server, it tells me that DHCP relay is on so I can't start the server. When I go to Services -> DHCP Relay, it tells me DHCP Server is on so I can't start a relay.
For your third item, I am able to ping the laptop when I set a static IP.
For your second item, this is what I get from packet capture when I try to connect to pfsense with my phone:
14:25:41.724683 IP 192.168.10.100.65135 > 81.161.59.90.80: tcp 95
14:25:41.725193 IP 192.168.10.100.65095 > 52.26.39.129.443: tcp 404
14:25:41.763546 IP 52.26.39.129.443 > 192.168.10.100.65103: tcp 0
14:25:41.764657 IP 192.168.10.100.65103 > 52.26.39.129.443: tcp 72
14:25:41.765945 IP 192.168.10.100.65136 > 192.168.10.1.80: tcp 0
14:25:41.832023 IP 52.26.39.129.443 > 192.168.10.100.65103: tcp 0
14:25:41.835482 IP 52.26.39.129.443 > 192.168.10.100.65095: tcp 0
14:25:41.836031 IP 52.26.39.129.443 > 192.168.10.100.65103: tcp 227
14:25:41.836459 IP 192.168.10.100.65095 > 52.26.39.129.443: tcp 106
14:25:41.883450 IP 192.168.10.100.65103 > 52.26.39.129.443: tcp 0
14:25:41.944775 IP 52.26.39.129.443 > 192.168.10.100.65095: tcp 0
14:25:41.950814 IP 52.26.39.129.443 > 192.168.10.100.65095: tcp 227
14:25:41.956673 IP 81.161.59.90.80 > 192.168.10.100.65135: tcp 0
14:25:41.999268 IP 192.168.10.100.65095 > 52.26.39.129.443: tcp 0
14:25:44.871232 10:a5:d0:54:cb:13 > ff:ff:ff:ff:ff:ff Null Unnumbered, xid, Flags [Response], length 46: 01 00
14:25:45.469185 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 309
14:25:46.953726 IP 173.194.202.189.443 > 192.168.10.100.56961: UDP, length 39
14:25:46.975514 IP 192.168.10.100.56961 > 173.194.202.189.443: UDP, length 41
14:25:47.098670 IP 173.194.202.189.443 > 192.168.10.100.56961: UDP, length 39
14:25:47.110168 IP 192.168.10.100.56961 > 173.194.202.189.443: UDP, length 35
14:25:49.860132 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 309
14:25:57.372983 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 309
14:26:01.963915 IP 192.168.10.100.56961 > 173.194.202.189.443: UDP, length 23
14:26:02.072381 IP 173.194.202.189.443 > 192.168.10.100.56961: UDP, length 33
14:26:06.793302 ARP, Request who-has 192.168.10.1 (00:26:2d:fc:5b:26) tell 192.168.10.100, length 46
14:26:06.793308 ARP, Reply 192.168.10.1 is-at 00:26:2d:fc:5b:26, length 28
14:26:14.235362 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 309
14:26:14.906966 IP 173.194.202.189.443 > 192.168.10.100.56961: UDP, length 39
14:26:14.930729 IP 192.168.10.100.56961 > 173.194.202.189.443: UDP, length 38
14:26:17.277684 10:a5:d0:54:cb:13 > ff:ff:ff:ff:ff:ff Null Unnumbered, xid, Flags [Response], length 46: 01 00
14:26:18.801628 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 309
14:26:20.903165 IP 81.161.59.90.80 > 192.168.10.100.65135: tcp 279
14:26:20.917856 IP 192.168.10.100.65103 > 52.26.39.129.443: tcp 404
14:26:20.918205 IP 192.168.10.100.65135 > 81.161.59.90.80: tcp 95
14:26:21.089845 IP 52.26.39.129.443 > 192.168.10.100.65103: tcp 0
14:26:21.091138 IP 192.168.10.100.65103 > 52.26.39.129.443: tcp 106
14:26:21.169475 IP 81.161.59.90.80 > 192.168.10.100.65135: tcp 0
14:26:21.204224 IP 52.26.39.129.443 > 192.168.10.100.65103: tcp 0
14:26:21.216207 IP 52.26.39.129.443 > 192.168.10.100.65103: tcp 227
14:26:21.275025 IP 192.168.10.100.65103 > 52.26.39.129.443: tcp 0
14:26:23.088365 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 309 -
So… I got everything to work by just resetting pfsense to the default settings and changing all the settings again. I feel dumb. Thanks anyways.
-
Yeh, the default settings have DHCP on LAN with a pass all rule for traffic originating from LAN side. I guess you did something odd when creating the VLANs the first time and re-assigning interfaces to the VLANs.