Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OPT1 can't get Internet

    Scheduled Pinned Locked Moved NAT
    12 Posts 4 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newest_newbie
      last edited by

      Yes I believe - both LAN and OPT1
      WAN 127.0.0.0/8 192.168.0.0/24 192.168.1.0/24 * * 500 WAN address * Auto created rule for ISAKMP
      WAN 127.0.0.0/8 192.168.0.0/24 192.168.1.0/24 * * * WAN address * Auto created rule

      1 Reply Last reply Reply Quote 0
      • N
        newest_newbie
        last edited by

        During my search, looked like this is a very common problem, and no one has a sure way of fix it.
        Meanwhile I am trying to find a solution.
        If someone has some tip…

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          It is not a common problem.

          • pfSense as the hosts' default gateway

          • firewall rules on the inside interface passing the traffic

          • Outbound NAT

          • It just works

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • N
            newest_newbie
            last edited by

            I'm sure it works, since it was designed to be a firewall… :P ...but not smoothly

            More information

            My physical map

            OPT1 (192.168.1.11) <------> SWITCH <-----> (192.168.1.238 STATIC) WINDOWS PC FIREWALL DISABLED
                                                          SWITCH <-----> (192.168.1.9 STATIC) ANOTHER HOST                           
            Testing the port

            PF/DIAGNOSTICS/PING 
            PING 192.168.1.238 (192.168.1.238): 56 data bytes
            64 bytes from 192.168.1.238: icmp_seq=0 ttl=128 time=0.314 ms
            64 bytes from 192.168.1.238: icmp_seq=1 ttl=128 time=0.159 ms
            64 bytes from 192.168.1.238: icmp_seq=2 ttl=128 time=0.372 ms
            --- 192.168.1.238 ping statistics ---
            3 packets transmitted, 3 packets received, 0.0% packet loss
            round-trip min/avg/max/stddev = 0.159/0.282/0.372/0.090 ms
            Success !!! Physically everythings okay

            The rule at OPT1

            States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
            0 /0 B        IPv4 * OPT1 net * * * * none   ALLOW OPT1 TO ANY

            Testing the rule

            If I enable it at PF/FIREWALL/RULES/OPT1, I ping to 192.168.1.238, it answers.
            If I disable it at PF/FIREWALL/RULES/OPT1, I ping to 192.168.1.238, it times out.
            So the rule is surely working, but not allows to pass on, or something in the back is not working as it should.

            How I know it works ?

            I made a batch which run at windows PC and constantly pings realms
            PING 192.168.1.9    (another host at same switch) - OK
            PING 192.168.1.11  (gateway port at OPT1) - OK
            PING 192.168.0.11  (gateway port at LAN) - TIMES OUT
            PING 192.168.2.100 (gateway port at WAN) - TIMES OUT
            PING 8.8.4.4            (dns server at internet - no name translation) - TIMES OUT
            PING www.???????.com.br (my website at intenet - name translation) - TIMES OUT

            Suggestions ?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Might want to start here:

              https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                What I can tell you is this is clickity clickity.. Add a opt interface, give it an IP, setup rules on that interface = works right out the box!!

                That you have realtek interfaces might be the problem - what is common is users using realtek or usb interfaces having issues.

                "During my search, looked like this is a very common problem"

                What search - please post to articles/forum threads you think is common to your issue.. Where "and no one has a sure way of fix it. " Could almost promise you your problem is either PEBAC.. or hardware issue..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • K
                  kpa
                  last edited by

                  It's not a common problem at all. There are just a few people out of literally thousands who can't get this working because either they have some crazy ideas of how networking works or they are in the small minority with broken/badly working/poorly supported hardware.

                  1 Reply Last reply Reply Quote 0
                  • N
                    newest_newbie
                    last edited by

                    I found the problem…

                    All of this began when i needed to build a Captive Portal.

                    I've notice that OPT1 wasn't working.
                    I've been trying to ping but didn't seem to work.

                    So I found out that Captive Portal was still enabled although not fully configured.
                    I never thought CP would block ICMP - but I should. :o
                    I disabled CP and voila !! it worked....

                    I found this following this step-by-step that Derelict showed me, although everything was setup properly.

                    When I said this is a common problem I mean I found a lot of posts regarding this, people gets stuck trying to found out how stuff work and behave. A bit like "if you are here you can't get things easy - you've got to sweat".
                    This is a part of getting knowledge to something new.

                    Anyway it's all up and running.
                    I was a Smoothwall Express user and now I'm a happy PFsense user...

                    Thanks buddies.

                    PS: Now another hill to climb - captive portal using vouchers.

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      So chalk another one up to PEBKAC ;)

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • N
                        newest_newbie
                        last edited by

                        Normally that happens when you are at full multitasking with just one core processor (head)…  :)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.