Windows update
-
Which error do you get when trying to ping www.google.com or anything not local?
You either have no DNS server configured for that interface or you're missing rules.
-
How about a screenshot of your Outbound NAT entries. Also, try pinging 4.2.2.2 from the WLANWIFI network.
-
This is my out bound Nat settings & for the pinging of 4.2.2.2 worked ok so did ping google.com But ping of update.microsoft.com still not working. This is the ping from the wlanwifi side from my net book it says4 sent and 4 received for the google & 4.2.2.2 but for the microsoft update it says request timed out twice 2 sent 2 lost
The two screen shoots are of the same thing just one is the top of the page and the other is the rest of the page
Thanks for all your help this far i just want to say I thought I knew what i was doing but i guess i am not as smart as i thought i was.
is there any more files or areas you folks may need to look at i can set up my teamviewer so someone can log in and look at the whole setup and maybe be able to fix it them selfs i am more than happy to do that thanks again. Wildmanron
 -
Do a tracert to update.microsoft.com and see the hops it goes along.
tracert update.microsoft.comThat will tell you if it ever leaves the firewall towards the internet, or is spinning around or dropped somehow in pfSense or your own network.
-
Ok i thank you for this command but can you explane to me how to use the command and witch one of the systems do i use to issue the command from.
-
From one of the Windows systems on the WiFi, and do it from a Windows System on the wired LAN also. Then you can compare the output and see what is different about the way the network is routing.
-
Heres what it says for the Wifi side top picture bottom is the wired side
-
Strange, before I posted to ping update.microsoft.com I checked and could ping it. Now it times out here as well.
Your trace routes clearly show that your router is working. The Microsoft Network (msn.com) is having problems getting your packets to its destination. Nothing you can do about that.
-
Ok i Thank you for this info. Ok so what about the wireless side of the cell phone trouble with the Pandora & Instagram also i just did another update on my wired Windows desktop and it went through just fine but the wireless netbook is still not updating.
-
Both of those trace route commands are having trouble getting to update.microsoft.com - so that does not really help us to know what is the difference between your wired LAN and your WiFi.
If you know the places where Pandora and Instagram go on the internet to "do their thing", then try tracert to those places.
The aim is to find some difference between wired and WiFi routing or packet filtering that will then give a clue where to look (pfSense settings, modem to ISP or…?)
-
Ok here is the trace routes to pandora and instagram instagram dose the same as microsoft but pandora goes through
I am sorry for the side ways pictures for some reason they keep turning all different way but the way i want them when i upload them to you folks so i am sorry i don't know what to do to change that on my end
these are all done on the wireless side
-
They are all routing out to the internet. The various "timed out" once it gets ot to the internet are to be expected. Not all router ops along the way are going to respond to ping/tracert. But the fact that you get various responses back from out on the real internet means that the packets are passing through pfSense and the routing and NAT are working.
Have you moved a system from WiFi over to wired and confirmed that it works, just by switching off its WiFi and plugging in a cable?
-
Ok i thought about it but didn't do it till you said that in you post back to me. ok I turned off the wifi on my netbook and plugged in the wired side and went to the windows update and it is working just fine but not on the wireless side makes no since.
What is going on here i am at a total loss now. where am I failing to look for the problem its got to be staring me in the face but i just cant get a grip on it.
Any suggestions for me.
-
Let's bypass WIFI but still use the network configured for wireless. Cable the Netbook directly into the WLANWIFI adapter on the firewall and see what happens with windows updates..
-
Ok so far no go I plugged into the back of my D-link Dir 655 router that i am using as an access point and it gave me the same error now I am plugged into the network card that goes to the Dir 655 i unplugged the cable to it and plugged in the netbook to the card so ok it just returned the same error from both tries so it is got to be a setting or something on the wireless side of my setup right
I posted the error Meaning and the update error down below this is what i have been fighting on the wireless side the wired side works just fine to update windows just the wireless side i am having the problem with
-
Are you plugging the WAN port of the D-Link into the pfSense firewall? If so, I would move the pfSense <–> D-Link WAN port cable to an open LAN port on the D-Link. If you do this, verify that you have the DHCP Server service configured on the pfSense box for the WLANWIFI network interface. Also, if the DHCP server service is running on the D-Link router, you will want to disable that so you don't have two DHCP servers running on the WLANWIFI network.
This will make sure your D-Link router is not providing any firewall services that could be blocking traffic to/from the internet..
-
Yes it is plugged into a Lan port and yes the DHCP SERVER is shut down on The DIR 655 the cable comes from one of the nic cards and goes to the lan port on the back of the Dir 655 the nic card is a intel card and it is the opt 1 card in the setup
So i am going through the setting on the access point and i dont see any problems with any of the setting there so it has to be the pf sense system i am thinking
-
We know that when you tracert out from a WiFi client, it gets out to the public internet fine, and the various router etc hops on the public internet can reply (when they do). So that means that ICMP is being passed by pfSense and NATed out OK.
And you said that you tried bypassing the WiFi device completely by plugging a client in by cable directly to the pfSense WiFi physical ethernet interface. And the problem was still there. So that shows that this problem is not caused (just) by the WiFi device.
So there "must" be something different about rules or outbound NAT for TCP/UDP, but that somehow is just different for some public internet destinations. A difference like that would not be seen in tracert.
You can try Diagnostics->Packet Capture on pfSense to look at the packets coming in on pfSense WiFi interface, and going out on WAN, and compare tat to when the packets come from pfSense LAN interface. That "must" show some different pattern that will help to guess what setting could be the problem.
I say "must" in quotes, because this is very mysterious and difficult to diagnose by back-and-forth in the forum.
-
Thank you for your comment on this issue i will try some of your idea and see what i find but ya this thing is driving me crazy i thought i know more than i did i guess. Just goes to show i am not the smartest guy on the planet even though i though i had this PF Sense thing down to a science LoL.
I also kind of think i may have a bad nick card on one of my ports not sure but i keep getting a signal 11 on one of the cards and from what i have read in the PF Sense forums that is a sign of a bad card or hard ware of some kind i guess i better say. So i may just scrap this thing and build a new one and see if it dose the same thing.
This is an older computer that i am using so maybe have to upgrade the system to help with some of these issue i will just have to try some of the different options and see what happens thank you all for the help it has been really nice to have you folks trying so hard to help me.
I will have to post a update of the new system to let you all know what i find.
-
Another thought, maybe there is some problem with successfully sending big packets through the ethernet card/port that has the WiFi. Then for a lot of internet browsing you might be "kind-of-OK", but when you do something that tries to use the full MTU it gets trouble.
You can find some site that will ping OK, then increase the packet size of the ping up towards 1500:
ping -l 1200 8.8.8.8and see if something breaks at large length ping packets.
Then try the same from LAN side and see if it works.
You can even try swapping the physical device assignments for LAN and WiFi interfaces in Interfaces->Assign and then see if the problem moves to being on LAN (now on the physical ethernet port that WiFi used to be on). That would demonstrate that it is a physical ethernet port issue.
