[SOLVED] Cannot Get back into WebGUI - No Network on LAN Port
-
You may have a DNS issue here.
I agree. What do you find under System>General Setup "DNS Server Settings"?
And please ping from Diagnostics>Ping the site www.Google.com and report your results.
And to steal more great ideas from Stephen from another post…
Try going to Diag > DNS lookup and check google.com from there.
Check Status > Services and make sure Unbound (the DNS resolver) is running. It should be by default.
-
I have yet to receive a connection on the LAN port. Not when I configured it and not after I reset it back to its defaults and changed nothing to start with.
Ok, we may have some confusion here. You have not been able to get a connection at any time on the LAN port?
In which case how were you reaching the webgui? How are you defining connection?
I expect that you connect your client either directly to the LAN port on the SG-1000 or via a switch and you will see link LEDs on both the client and the SG-1000. Then the client should receive an IP address.
Steve
-
You may have a DNS issue here.
I agree. What do you find under System>General Setup "DNS Server Settings"?
And please ping from Diagnostics>Ping the site www.Google.com and report your results.
And to steal more great ideas from Stephen from another post…
Try going to Diag > DNS lookup and check google.com from there.
Check Status > Services and make sure Unbound (the DNS resolver) is running. It should be by default.
Under System > General Setup for DNS.
1. There is no DNS Server in the DNS Servers field. The drop down box is set to "none"
2. The DNS Server Override boolean is checked
3. The Disable DNS Forwarder boolean is not check
Under Status > Services
1, unbound (DNS Resolver) is running
Again, I reset the device back to it's defaults as these are the defaults. If this is suppose to work out of the box like a router should. Then it's starting to sound like faulty hardware.
Thank you for your time
-
I have yet to receive a connection on the LAN port. Not when I configured it and not after I reset it back to its defaults and changed nothing to start with.
Ok, we may have some confusion here. You have not been able to get a connection at any time on the LAN port?
In which case how were you reaching the webgui? How are you defining connection?
I expect that you connect your client either directly to the LAN port on the SG-1000 or via a switch and you will see link LEDs on both the client and the SG-1000. Then the client should receive an IP address.
Steve
Ah yes, I confused you. My apologies. I am able to get to the WebGUI from the LAN port via 192.168.1.1 from a web browser with a client directly plugged into the SG-1000 LAN port. I just cannot get a network connection from it no matter what I have tried.
-
Ok, it appears that Unbound is not able to provide DNS responses to clients for some reason. That may be shown as errors in the Unbound logs, Status > System Logs, Unbound tab.
If that is the case you should be able to ping 8.8.8.8 from the lan side client still?
It would also show in the output from Diag > DNS Lookup. That should show you the responses from every configured DNS source including Unbound at 127.0.0.1. If it shows a very high latency or no response from Unbound that's the problem. The firewall itself will attempt to use any available source eventually but clients will only use Unbound if it's configured.
If you are seeing that try going to Services > DNS resolver and enabling 'DNS Query Forwarding' and disabling 'DNSSEC'. Client will then get whatever DNS your ISP is supplying.
Steve
-
Ok, it appears that Unbound is not able to provide DNS responses to clients for some reason. That may be shown as errors in the Unbound logs, Status > System Logs, Unbound tab.
If that is the case you should be able to ping 8.8.8.8 from the lan side client still?
It would also show in the output from Diag > DNS Lookup. That should show you the responses from every configured DNS source including Unbound at 127.0.0.1. If it shows a very high latency or no response from Unbound that's the problem. The firewall itself will attempt to use any available source eventually but clients will only use Unbound if it's configured.
If you are seeing that try going to Services > DNS resolver and enabling 'DNS Query Forwarding' and disabling 'DNSSEC'. Client will then get whatever DNS your ISP is supplying.
Steve
I think the version you're running and the version I am running are different. I am running version 2.4.0-RC (there was another update just recently)
I have Status > System Logs but no Outbound tab. I do have a DNS resolver tab that I clicked on. Here is a link with a few screen shots by the way https://imgur.com/a/1HXsL
There is no DNS Resolver option under Diagnostics. Again I think this is due to the different versions.
I did disable DNSSEC and enabled DNS Query Forwarding. It did not work.
I am going to step away for a bit as I am really starting to get upset. I will come back in a few hours and see if anyone else can tell me what's going on. Try their solutions and if it doesn't work I am going to have to find another firewall solution as this is unacceptable and I will leave it at that.
Thank you for your help and time Steve, Presbuteros and everyone else! It is greatly appreciated! You guys are a great community!
-
Sorry that's my fault the tab is named DNS Resolver not Unbound as you saw. I'm using 2.4-RC also. The logs there look normal, no errors shown.
The option under Diagnostics is DNS Lookup not DNS resolver. That will show you what the response time of each configured source is.
The only thing I'd like to see not shown in your screen shots is what error (or not) you see when trying to ping google.com from the client.
Do you still have the default allow all firewall rule on the LAN interface?
Steve
-
Sorry that's my fault the tab is named DNS Resolver not Unbound as you saw. I'm using 2.4-RC also. The logs there look normal, no errors shown.
The option under Diagnostics is DNS Lookup not DNS resolver. That will show you what the response time of each configured source is.
The only thing I'd like to see not shown in your screen shots is what error (or not) you see when trying to ping google.com from the client.
Do you still have the default allow all firewall rule on the LAN interface?
Steve
Hello again,
So I updated the link https://imgur.com/a/1HXsL with the screen shots that include the following:
1. Ping results from client when pinging URL
2. DNS Server List from the System Information Panel from the Dashboard
3. Firewall Rules for the LAN port
4. And last but not least. The DNS Look up results
I am pretty confident that with the results of the DNS Lookup will tell you what's wrong. The Query time has no response.
-
What is default gateway for the client?
Also check that you have set one on
services-dhcp server-lan-other options (gateway 192.168.1.1) GUI page! -
I will be kicking myself in the butt for this one for a long time. I found out what the issue was. Since I run a GNU/Linux OS I never reboot the device. This is the same device I was using as the client that was connected directly to the LAN port of the firewall. After thinking "Windows" I thought to myself. I should restart the network adapter. Low and behold, the moment I did so I was receiving a network connection. So remember kids. Restart that network adapter!
I will also go over a couple other things I discovered for someone else in the future as after I figured out my issue, I began to reconstruct my network. Upon adding my router back into the circle I ran into two other issues. So pay attention kids.
1. If you are going from the Firewall to a router, DO NOT plug it into the WAN port of the router. Plug into one of the existing LAN ports. Follow the flow chart below:
Modem >>> Firewall WAN >>> Firewall LAN >>> Router LAN >>> Switch (Optional) >>> Client
2. Another thing I discovered. If you have your router setup to give out static IPs, disable all of them and reassign your Static IPs in the firewall. If you are not getting a connection, remember! Restart that network adapter!
Again I want to thank you all for your help and time in this matter. Despite my frustration you guys never gave up on me. This truly is a great community! I cannot thank you all enough!
And now, without further ado. Off to configure the device until I either make my network vulnerable or I lock myself out / receive no network connection again! ;D
EDIT: I thought I could click the Thanks button for everyone, but apparently it doesn't work that way. Sorry everyone, especially you Steve. Now I feel bad.
-
Ha, no need to feel bad, I'm glad you got up and running. :)
Steve