Just moved from the UK to China - problems
-
The Blue thing is Fiber.
That Huawei box is a fiber modem/router. Most likely a EchoLife model of some kind.
Some simlar models:
https://www.alibaba.com/product-detail/huawei-fiber-optic-router_60667383784.html?s=pIf it is like other Chinese Fiber routers, it will be serving up 192.168.1.x local IP addresses, and handles all the PPPOE login credentials to your ISP (China Telecom/China Unicom)
Your issue may be that you've assigned the 192.168.1.x subnet to your pfSense LAN and the Huawei box is trying to assign that address to your WAN connection.
Try setting another subnet to LAN1 and see if that allows you WAN to get assigned from the Huawei box.The model might be listed underneath and that might help finding the specs on that and a user manual - which could help further in troubleshooting this.
But more than likely, you'll be double-nat'd, which sucks, but it should still ultimately work.
-
@LianYu4:
The Blue thing is Fiber.
That Huawei box is a fiber modem/router. Most likely a PowerLink model of some kind.
Some simlar models:
https://www.alibaba.com/product-detail/huawei-fiber-optic-router_60667383784.html?s=pIf it is like other Chinese Fiber routers, it will be serving up 192.168.1.x local IP addresses, and handles all the PPPOE login credentials to your ISP (China Telecom/China Unicom)
And if that is the case, getting to the login credentials is probably very unlikely. :)
Good advice you have given and a double NAT is probably the only solution.
-
I looked at the model: echo hg8120f made by huwei.
-
Just had a quick look at the web site, authentication is carried out inside that fibre gateway. You can always try taking the cable that goes to the TP-Link from the fibre gateway and plugging that into the WAN port of the pfSense box. You should at least get a solid ethernet connection LED indicator.
Try that and see what you get.
-
Yeah, ditching the craptastic TP-Link would be a good start.
-
@marjohn56:
Just had a quick look at the web site, authentication is carried out inside that fibre gateway. You can always try taking the cable that goes to the TP-Link from the fibre gateway and plugging that into the WAN port of the pfSense box. You should at least get a solid ethernet connection LED indicator.
Try that and see what you get.
I have tried that, no luck. Just in case the Ethernet cable could be faulty (I checked before leaving the UK), I tried at least three other cables. No WAN lights (green and orange). I only get orange.
-
Did you try setting your LAN to a different subnet?
The Huawei router is probably using 192.168.1.x -
@LianYu4:
Did you try setting your LAN to a different subnet?
The Huawei router is probably using 192.168.1.xHow do I do that please?
-
:o
-
@LianYu4:
Did you try setting your LAN to a different subnet?
The Huawei router is probably using 192.168.1.xHow do I do that please?
It's in the interface settings.
Change "192.168.1.1" to "192.168.22.1" You can replace 22 with any number between 2 and 254.
-
Sorry for a very late reply. I have been so busy as my life has turned upside down.
My estate agent who is my first point of contact came to see if I could directly connect my ancient wireless TP link router to my laptop. She successfully did by using a Ethernet cable from the ancient wireless TP link router one of the Ethernet ports to my laptop.
If I plug this into one of the Intel based Ethernet ports, I can still ping as described below even though the led above stays orange and never turns green and orange.
So now I have a working WAN connection that I can use. :) I have attached pictures of my WAN and LAN IP's
OK, I have attached new pictures of my setup. I can ping various websites such as www.sky.com, www.krellonline.com, www.yahoo.com, www.ymail.com & www.bbc.co.uk. Strange thing is that my WAN light stays orange, never green and orange. The yellow Ethernet is from my cable modem
I have a LAN IP as proven in one of my attached pictures which has both green and orange led lights. My problem is that I cannot reach 192.168.1.1 to finalise my pfsense setup. I even tried to temporary disable my internet security software. Still no LAN can be seen.
I forgot to add, the black Ethernet is from back of the ancient TP link wireless router into my pfsense box. White is my LAN cable that goes into the Ethernet port of my Dell xps.
My final setp should be: back of ancient TP link router -> WAN on my pfsense box -> LAN on my pfsense box to my wireless AP a old but stable Asus RTN 66U (with the latest firmware that is still being supported by Asus)
-
Your pictures clearly show your WAN and LAN fighting over the same subnet of addresses.
On the console you will see option 2 "Set interface IP address" pick that one and change your LAN (igb1) to another private IP range.
Try 10.0.0.0/24 or 172.16.0.0/24 anything but what you are using now.
Your firewall will be at 10.0.0.1 or 172.16.0.1 depending on your choice.
" I have been so busy as my life has turned upside down. " Yup, think your machine knows the feeling. o_0 -
Thanks, I am pretty bad at networking. What are the exact steps to change to 172.16.0.0/24?
-
Can somebody help me please?
-
Thanks, I am pretty bad at networking. What are the exact steps to change to 172.16.0.0/24?
:o
yup, figured your new job was not within the IT field. I thought I explained some what of the problem I saw, but hey! Actually all the guys were giving good feedback. I still sense a Dok joke here, but I digress.
I think we did not realize a triple NAT problem. I had a bad night (no sympathy needed) just to put that out there to help explain my wierd post to help out my fellow man. Dude you really need to sit down with a network basic book and make things easier for yourself and me.
But I did prevail and decide to get you your GUI damnit. :o
Triple NAT 8) very cool. How you post here is beyond me. So after last nights lack of sleep I thought I would make my previous post better understood with more pictures. yeah!! ???
SOO.. get to shell options enter "2" comp will bitch an say what interface, you put in "igb1", then comp will ask for an IP or range of IP (not sure it has been a year or more since I had to do this) then you will enter "172.16.0.0/24" and the comp will figure out HEH! you must want 172.16.0.1 for PfSense lan IP and you respond and smash ENTER you bet your ass I do.
I think that should about do it. Pics below cause I am beat and bored.PS - also if you just unplug your WAN at the PfSense then reboot you might/maybe/could possibly trick the firewall off 192.168.1.1 at the WAN and access the GUI from the LAN at 192.168.1.1 but you will have to change your IP setting for the LAN (172.16.0.0/24) before plugging in the WAN again.
Confused? yup, me too! ;D
Brain going to mush as I type.
Hope this helps, if not, screw it, I had fun. Goodnight –hmm-- day.
-
Thanks for your help. Yes, I do not work in IT. I am a researcher from the UK NHS. I fully understand your lack of sleep, just been surviving on about 3-4 hours per night for almost 2 weeks. I have un-plugged the badly made grey Ethernet cable and my internet is un-affected. Will follow through what you have said and get back soon.
-
Just to be sure : the last image above, the "shelll.jpg", something terrible has been shown there :
The WAN and LAN network are the same !! This is a huge no-go situation.
LAN = 192.168.1.1/24
This is the value by default, and you should keep it EXCEPT when, after setting up WAN, the WAN IP becomes the same network - in your case, 192.168.1.100/24 **.
This is the case right now - the image says so, so you should change your LAN IP (network) for - per example :
192.168.2.1/24Your pfSense WAN interface is set, by you , right after installing pfSense, to behave as "DHCP-client" : it will ask a upstream router (with a DHCP server) an IP address. It became 192.168.1.100/24 - and that obliges you to change the LAN network right away. This can be done in the GUI, or the console menu, option 2. As said, 192.168.2.1/24 will be fine.
You can reach pfSense after that from LAN using IP 192.168.2.1 as an address in the navigator to access the GUI. -
Thanks,
I have changed my lan IP as instructed. In option 2, the console requested I choose to enable DHCP on my lan, I chose "no". My lan IP is 192.168.2.1/24.
I initially changed my lan IP to 172.16.0.0 but was still not getting webconfigurator.
I get this message:
The connection has timed outThe server at 192.168.2.1 is taking too long to respond.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. :'(I have changed my lan IP as instructed. In option 2, the console requested I choose to enable DHCP on my lan, I chose "no". My lan IP is 192.168.2.1/24.
I initally changed my lan IP to 172.16.0.0 but was still not getting webconfigurator.
I get this message:
The connection has timed outI initially set my lan IP to 192.168.254 as seen in the attachment. Then I changed it to 192.168.2.1.
It asked for a DHCP enabled, I said no on the lan.
I still cannot reach the web gui.
-
Windows says "local area connection" does not have a valid IP configuration..
-
If you disabled DHCP you have to assign a static address to the windows workstation. Just set up a DHCP server.
Renumber the LAN interface again to 192.168.2.1/24 but this time, say yes to the DHCP server.
Set the start of the range to 192.168.2.129 and the end as 192.168.2.254.
Disconnect the windows laptop from the LAN port and reconnect it.
Give it a second and try https://192.168.2.1/ again.
