[SOLVED] Cannot Get back into WebGUI - No Network on LAN Port
-
Ok, well that's definitely compatible with pfSense then. ;)
The LAN interface itself should always be set as static, as it is in default config. Setting that to DHCP configures it to get its IP from another DHCP sever in that network like the WAN does. That is almost never the case.
It cannot run a DHCP server on an interface that's itself set to DHCP as there is no subnet defined.By default when you connect a client to the LAN interface it should receive an IP in the 192.168.1.0/24 subnet. Did that happen?
You made some changes to the config, were they in the webgui or from the console?
If you could access the webgui but not anything on the internet that implies a different issue. The next thing to check at that point would be if the firewall itself has internet access. Go to Diagnostics > Ping and try to ping both 8.8.8.8 and google.com. If either of those fail note the failure error.
Steve
Yes, I am receiving a subnet of 192.168.1.0/24 After reading the book and seeing that chart. I made sure that the LAN port was setup for that class. It was defaulted so I left it alone.
The changes I made or make are through the WebGUI. In no way would I be able to make changes in the console. Not at my level, ha ha ha Though I have read that some changes do not work with WebGUI. Not sure if this is true or not.
I went to Diagnostics > Ping and tried to ping Google's DNS server and it worked. All three(3) packs passed (Ping only tried three(3) times). That was one(1) of the things I tried along my travels through Google.
One thing I know is a fact is that the device is getting a network connection just fine. I had to update the firewall of the device and I was able to. Just for some reason somewhere down the line I cannot get a network connection on the LAN port. The lights light up on the port, though I don't know if this makes it a fact that it is indeed working?
EDIT: forgot to mention, I tried Google.com as well with 100% success
-
Ok, so you previously had a connection on LAN but now you do not? Even after resetting it from the console?
When you tried the ping test was it by IP only or were you able to ping by url also? You may have a DNS issue here. If that was the case then trying to ping anything from a client attached would have reported 'unable to resolve host' or similar.
Steve
-
Ok, so you previously had a connection on LAN but now you do not? Even after resetting it from the console?
When you tried the ping test was it by IP only or were you able to ping by url also? You may have a DNS issue here. If that was the case then trying to ping anything from a client attached would have reported 'unable to resolve host' or similar.
Steve
I may have not made myself clear and for that I apologize. I have yet to receive a connection on the LAN port. Not when I configured it and not after I reset it back to its defaults and changed nothing to start with. Just to see if it would work.
Again, sorry for not making myself clear. I was able to ping both IP and URL with a 100% success rate from the Diagnostics > Ping menu from the pfSense firewall's WebGUI
When I try to ping either IP or URL from a client attached I get the "Destination host could not be reached" error
If it is a DNS issue, which is something I thought might be the case. I did try to configure both DNS Forwarder and DNS Resolver respectively as you cannot have both running at the same time as I am sure you're more than well aware of. Again this was something I discovered through my travels through Google and any setting I made that did not work I changed back to its default before trying the next solution I found in regards to this or any other solution I found.
-
You may have a DNS issue here.
I agree. What do you find under System>General Setup "DNS Server Settings"?
And please ping from Diagnostics>Ping the site www.Google.com and report your results.
And to steal more great ideas from Stephen from another post…
Try going to Diag > DNS lookup and check google.com from there.
Check Status > Services and make sure Unbound (the DNS resolver) is running. It should be by default.
-
I have yet to receive a connection on the LAN port. Not when I configured it and not after I reset it back to its defaults and changed nothing to start with.
Ok, we may have some confusion here. You have not been able to get a connection at any time on the LAN port?
In which case how were you reaching the webgui? How are you defining connection?
I expect that you connect your client either directly to the LAN port on the SG-1000 or via a switch and you will see link LEDs on both the client and the SG-1000. Then the client should receive an IP address.
Steve
-
You may have a DNS issue here.
I agree. What do you find under System>General Setup "DNS Server Settings"?
And please ping from Diagnostics>Ping the site www.Google.com and report your results.
And to steal more great ideas from Stephen from another post…
Try going to Diag > DNS lookup and check google.com from there.
Check Status > Services and make sure Unbound (the DNS resolver) is running. It should be by default.
Under System > General Setup for DNS.
1. There is no DNS Server in the DNS Servers field. The drop down box is set to "none"
2. The DNS Server Override boolean is checked
3. The Disable DNS Forwarder boolean is not check
Under Status > Services
1, unbound (DNS Resolver) is running
Again, I reset the device back to it's defaults as these are the defaults. If this is suppose to work out of the box like a router should. Then it's starting to sound like faulty hardware.
Thank you for your time
-
I have yet to receive a connection on the LAN port. Not when I configured it and not after I reset it back to its defaults and changed nothing to start with.
Ok, we may have some confusion here. You have not been able to get a connection at any time on the LAN port?
In which case how were you reaching the webgui? How are you defining connection?
I expect that you connect your client either directly to the LAN port on the SG-1000 or via a switch and you will see link LEDs on both the client and the SG-1000. Then the client should receive an IP address.
Steve
Ah yes, I confused you. My apologies. I am able to get to the WebGUI from the LAN port via 192.168.1.1 from a web browser with a client directly plugged into the SG-1000 LAN port. I just cannot get a network connection from it no matter what I have tried.
-
Ok, it appears that Unbound is not able to provide DNS responses to clients for some reason. That may be shown as errors in the Unbound logs, Status > System Logs, Unbound tab.
If that is the case you should be able to ping 8.8.8.8 from the lan side client still?
It would also show in the output from Diag > DNS Lookup. That should show you the responses from every configured DNS source including Unbound at 127.0.0.1. If it shows a very high latency or no response from Unbound that's the problem. The firewall itself will attempt to use any available source eventually but clients will only use Unbound if it's configured.
If you are seeing that try going to Services > DNS resolver and enabling 'DNS Query Forwarding' and disabling 'DNSSEC'. Client will then get whatever DNS your ISP is supplying.
Steve
-
Ok, it appears that Unbound is not able to provide DNS responses to clients for some reason. That may be shown as errors in the Unbound logs, Status > System Logs, Unbound tab.
If that is the case you should be able to ping 8.8.8.8 from the lan side client still?
It would also show in the output from Diag > DNS Lookup. That should show you the responses from every configured DNS source including Unbound at 127.0.0.1. If it shows a very high latency or no response from Unbound that's the problem. The firewall itself will attempt to use any available source eventually but clients will only use Unbound if it's configured.
If you are seeing that try going to Services > DNS resolver and enabling 'DNS Query Forwarding' and disabling 'DNSSEC'. Client will then get whatever DNS your ISP is supplying.
Steve
I think the version you're running and the version I am running are different. I am running version 2.4.0-RC (there was another update just recently)
I have Status > System Logs but no Outbound tab. I do have a DNS resolver tab that I clicked on. Here is a link with a few screen shots by the way https://imgur.com/a/1HXsL
There is no DNS Resolver option under Diagnostics. Again I think this is due to the different versions.
I did disable DNSSEC and enabled DNS Query Forwarding. It did not work.
I am going to step away for a bit as I am really starting to get upset. I will come back in a few hours and see if anyone else can tell me what's going on. Try their solutions and if it doesn't work I am going to have to find another firewall solution as this is unacceptable and I will leave it at that.
Thank you for your help and time Steve, Presbuteros and everyone else! It is greatly appreciated! You guys are a great community!
-
Sorry that's my fault the tab is named DNS Resolver not Unbound as you saw. I'm using 2.4-RC also. The logs there look normal, no errors shown.
The option under Diagnostics is DNS Lookup not DNS resolver. That will show you what the response time of each configured source is.
The only thing I'd like to see not shown in your screen shots is what error (or not) you see when trying to ping google.com from the client.
Do you still have the default allow all firewall rule on the LAN interface?
Steve
-
Sorry that's my fault the tab is named DNS Resolver not Unbound as you saw. I'm using 2.4-RC also. The logs there look normal, no errors shown.
The option under Diagnostics is DNS Lookup not DNS resolver. That will show you what the response time of each configured source is.
The only thing I'd like to see not shown in your screen shots is what error (or not) you see when trying to ping google.com from the client.
Do you still have the default allow all firewall rule on the LAN interface?
Steve
Hello again,
So I updated the link https://imgur.com/a/1HXsL with the screen shots that include the following:
1. Ping results from client when pinging URL
2. DNS Server List from the System Information Panel from the Dashboard
3. Firewall Rules for the LAN port
4. And last but not least. The DNS Look up results
I am pretty confident that with the results of the DNS Lookup will tell you what's wrong. The Query time has no response.
-
What is default gateway for the client?
Also check that you have set one on
services-dhcp server-lan-other options (gateway 192.168.1.1) GUI page! -
I will be kicking myself in the butt for this one for a long time. I found out what the issue was. Since I run a GNU/Linux OS I never reboot the device. This is the same device I was using as the client that was connected directly to the LAN port of the firewall. After thinking "Windows" I thought to myself. I should restart the network adapter. Low and behold, the moment I did so I was receiving a network connection. So remember kids. Restart that network adapter!
I will also go over a couple other things I discovered for someone else in the future as after I figured out my issue, I began to reconstruct my network. Upon adding my router back into the circle I ran into two other issues. So pay attention kids.
1. If you are going from the Firewall to a router, DO NOT plug it into the WAN port of the router. Plug into one of the existing LAN ports. Follow the flow chart below:
Modem >>> Firewall WAN >>> Firewall LAN >>> Router LAN >>> Switch (Optional) >>> Client
2. Another thing I discovered. If you have your router setup to give out static IPs, disable all of them and reassign your Static IPs in the firewall. If you are not getting a connection, remember! Restart that network adapter!
Again I want to thank you all for your help and time in this matter. Despite my frustration you guys never gave up on me. This truly is a great community! I cannot thank you all enough!
And now, without further ado. Off to configure the device until I either make my network vulnerable or I lock myself out / receive no network connection again! ;D
EDIT: I thought I could click the Thanks button for everyone, but apparently it doesn't work that way. Sorry everyone, especially you Steve. Now I feel bad.
-
Ha, no need to feel bad, I'm glad you got up and running. :)
Steve