OPT1 can't get Internet
-
Yes I believe - both LAN and OPT1
WAN 127.0.0.0/8 192.168.0.0/24 192.168.1.0/24 * * 500 WAN address * Auto created rule for ISAKMP
WAN 127.0.0.0/8 192.168.0.0/24 192.168.1.0/24 * * * WAN address * Auto created rule -
During my search, looked like this is a very common problem, and no one has a sure way of fix it.
Meanwhile I am trying to find a solution.
If someone has some tip… -
It is not a common problem.
-
pfSense as the hosts' default gateway
-
firewall rules on the inside interface passing the traffic
-
Outbound NAT
-
It just works
-
-
I'm sure it works, since it was designed to be a firewall… :P ...but not smoothly
More information
My physical map
OPT1 (192.168.1.11) <------> SWITCH <-----> (192.168.1.238 STATIC) WINDOWS PC FIREWALL DISABLED
SWITCH <-----> (192.168.1.9 STATIC) ANOTHER HOST
Testing the portPF/DIAGNOSTICS/PING
PING 192.168.1.238 (192.168.1.238): 56 data bytes
64 bytes from 192.168.1.238: icmp_seq=0 ttl=128 time=0.314 ms
64 bytes from 192.168.1.238: icmp_seq=1 ttl=128 time=0.159 ms
64 bytes from 192.168.1.238: icmp_seq=2 ttl=128 time=0.372 ms
--- 192.168.1.238 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.159/0.282/0.372/0.090 ms
Success !!! Physically everythings okayThe rule at OPT1
States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
0 /0 B IPv4 * OPT1 net * * * * none ALLOW OPT1 TO ANYTesting the rule
If I enable it at PF/FIREWALL/RULES/OPT1, I ping to 192.168.1.238, it answers.
If I disable it at PF/FIREWALL/RULES/OPT1, I ping to 192.168.1.238, it times out.
So the rule is surely working, but not allows to pass on, or something in the back is not working as it should.How I know it works ?
I made a batch which run at windows PC and constantly pings realms
PING 192.168.1.9 (another host at same switch) - OK
PING 192.168.1.11 (gateway port at OPT1) - OK
PING 192.168.0.11 (gateway port at LAN) - TIMES OUT
PING 192.168.2.100 (gateway port at WAN) - TIMES OUT
PING 8.8.4.4 (dns server at internet - no name translation) - TIMES OUT
PING www.???????.com.br (my website at intenet - name translation) - TIMES OUTSuggestions ?
-
Might want to start here:
https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
-
What I can tell you is this is clickity clickity.. Add a opt interface, give it an IP, setup rules on that interface = works right out the box!!
That you have realtek interfaces might be the problem - what is common is users using realtek or usb interfaces having issues.
"During my search, looked like this is a very common problem"
What search - please post to articles/forum threads you think is common to your issue.. Where "and no one has a sure way of fix it. " Could almost promise you your problem is either PEBAC.. or hardware issue..
-
It's not a common problem at all. There are just a few people out of literally thousands who can't get this working because either they have some crazy ideas of how networking works or they are in the small minority with broken/badly working/poorly supported hardware.
-
I found the problem…
All of this began when i needed to build a Captive Portal.
I've notice that OPT1 wasn't working.
I've been trying to ping but didn't seem to work.So I found out that Captive Portal was still enabled although not fully configured.
I never thought CP would block ICMP - but I should. :o
I disabled CP and voila !! it worked....I found this following this step-by-step that Derelict showed me, although everything was setup properly.
When I said this is a common problem I mean I found a lot of posts regarding this, people gets stuck trying to found out how stuff work and behave. A bit like "if you are here you can't get things easy - you've got to sweat".
This is a part of getting knowledge to something new.Anyway it's all up and running.
I was a Smoothwall Express user and now I'm a happy PFsense user...Thanks buddies.
PS: Now another hill to climb - captive portal using vouchers.
-
So chalk another one up to PEBKAC ;)
-
Normally that happens when you are at full multitasking with just one core processor (head)… :)
