Issues with pfsense
-
I started having issues a few days ago, so this has been making me pull out my hair trying to figure out. I have a Qotom J1900 pc with 4 NICs. I can get an IP from my ISP, I can ping Google, but I can't surf anywhere when I open my browser on my various computers. What boggles my mind is, when I replace the pfsense firewall with a Linksys E1200, I can use the internet again.
What am I missing? What do I need to look at?
-
you can ping from pfsense itself or your computer?
can you nslookup from pfsense box? and from your computer?sounds like a DNS issue…
-
open a command line on a computer and check your DNS
Windows or Linux:
nslookup google.com
BSD:
dig google.com
In either case, what does it say for "Server:"?
-
you can ping from pfsense itself or your computer?
can you nslookup from pfsense box? and from your computer?sounds like a DNS issue…
I can ping from pfsense. I don't think I can ping from my computer, but I'll double check when I get home.
-
open a command line on a computer and check your DNS
Windows or Linux:
nslookup google.com
BSD:
dig google.com
In either case, what does it say for "Server:"?
I get
Server: 127.0.0.1 Address : 127.0.0.1#53 Non-authoritative answer: Name: Google.com Address: 172.217.4.110
Unbound is running. I can go to Diagnostics / DNS Lookup and Google resolves there. I can ping google.com.
I do have some Notices (red bell) on the upper right:
There were error(s) loading rules: /tmp/rules.debug:56: multiple binat IP addresses - The line in question reads [56]: binat on email from 192.168.0.0/24 10.10.10.1/32 to any ->
The services I'm running are darkstat, dhcpd, dasbl, dpinger, iperf, named, ntpd, radvd, snort, syslog-ng, and unbound. Now that I'm looking at this, is my issue with named and unbound?
-
It is going to be faster for me to rebuild this firewall than to try and diagnose it. I'm not sure how to go through all the diagnostics on find those error messages that keep coming up.
-
"The services I'm running are darkstat, dhcpd, dasbl, dpinger, iperf, named, ntpd, radvd, snort"
"hen I replace the pfsense firewall with a Linksys E1200, I can use the internet again."Your little linksys E1200 sure and the hell does not run snort ;)
Are you just on the lan interface, or have you created multiple network interfaces? What rules did you put on them, etc.
What exactly is dasbl – do you mean dnsbl from pfblockerng? That could be causing you issues with internet access. Which your linksys sure wouldn't be doing either.
There is way more you can mess up with pfsense vs some really black box soho nat router with only 1 network. And really almost zero control of the outbound firewall rules, etc.
-
"The services I'm running are darkstat, dhcpd, dasbl, dpinger, iperf, named, ntpd, radvd, snort"
"hen I replace the pfsense firewall with a Linksys E1200, I can use the internet again."Your little linksys E1200 sure and the hell does not run snort ;)
Are you just on the lan interface, or have you created multiple network interfaces? What rules did you put on them, etc.
What exactly is dasbl – do you mean dnsbl from pfblockerng? That could be causing you issues with internet access. Which your linksys sure wouldn't be doing either.
There is way more you can mess up with pfsense vs some really black box soho nat router with only 1 network. And really almost zero control of the outbound firewall rules, etc.
I know the Linksys can't run snort, just was pointing out I knew it wasn't my internet connection.
I reinstalled pfsense, reinstalled all my packages and ran into the same issue again. It has something to do with pfblockerng. I just haven't had the time to dig into it. I also don't have the know how either to look into it. Maybe one of these weekends when I'm a little less busy, I'll reenable pfblockerng and see what the error message is and report back…In the mean time, I have it disabled.