New Install, No Internet Issue using Virgin Media (cable) modem
-
I have not tried pinging an internet IP without using DNS yet, i will try that next week too.
This would be your step1 basic troubleshooting. If u can ping address but not a name, then the problem is Name Resolution, isn't it.
To me, networking is actually the simplest of all IT disciplines. For the most part you are asking, why can't I go from point A to point B? Answer, you next ask can I go from point A to point A.1 (next hoop), then A.1 to A.2 etc-etc until you find the "break."
-
However, what i have already tried is resetting all settings back to their defaults, the only alteration is setting the LAN IP to one that is on my subnet (which is 172.16.1.x/23 for servers and appliances, and 172.16.0.x/23 for clients) so i set the pfSense LAN IP to 172.16.1.240/23 and i can access the web interface fine.
OK, I think your issue is with the routing for the rest of your LAN hosts, rather than pfSense. You can reach pfSense GUI because it's a local LAN IP. But without the correct routing, you won't be able to reach "the Internet" through it. Basicially you need to tell the rest of the hosts to use 172.16.1.240 as their default gateway. pfSense assumes that you are using its DHCP server for your LAN and would normally take care of that via DHCP.
Initially you had me thinking two subnets with the "172.16.1.x/23" until I realized that was not a cannonical form, and they both normalize to the same subnet. So I'm going to assume you mean you have one subnet, 172.16.0.0/23 and that you put clients in the lower half and servers in the upper. If you really have two subnets and therefore a LAN router, the answer changes from below and you need to provide more info.
I'm going to assume you have a combination of some static and some DHCP going on. If it's all one or the other, just ignore the other bits. First DHCP: Decide if you want to keep your existing DHCP Server or use pfSense. DISABLE THE OTHER ONE. If you kept your original DHCP server, set it to hand out 172.16.1.240 as the default gateway. In both cases, have each DHCP client renew it's lease to get the new default gateway. Secondly the Statically configured hosts: you will need to update the statically configured default gateway on each host to 172.16.1.240 and reboot (or update the hosts route table manually if you're confident).
If you intend to take advantage of the pfSense DNS caching, you will also need to update the DNS nameserver information to the pfSense LAN IP on all your LAN hosts, the same as you updated the default gateway, above. Likewise if you install one of the pfSense packages that provide proxy services, then you need to update the clients on the LAN to use it.
-
@Jed:
OK, I think your issue is with the routing for the rest of your LAN hosts, rather than pfSense. You can reach pfSense GUI because it's a local LAN IP. But without the correct routing, you won't be able to reach "the Internet" through it. Basicially you need to tell the rest of the hosts to use 172.16.1.240 as their default gateway.
What IP / Gateway ? You got a real "Internet IP" or some RFC 1988 one ?
Login to console, use option 7 or 8 - can you ping the IP - some Google IP ?OK, so the problem I am experiencing is nothing to to with my LAN configuration, changing gateways, DHCP etc. etc.
The pfSense box itself cannot ping any internet addresses or resolve any internet domain names.
What can be the cause of that?
Please go back over the information I have provided above before asking questions.
Thanks.
-
(Careful with those trying to help you!)
how are you splitting that range, as it seems that there is some overlap (172.16.0.0/23 and 172.16.1.0/23) ?
pfsense works fine out of the box with VM, I'm posting from such a setup.
I'd suggest you reset everything to defaults and not change anything, then make incremental changes to see where it breaks. Posting some info from the 'Status-> interfaces' might help. -
(Careful with those trying to help you!)
What does this mean??
As for the problems, I have factory reset the pfSense box, connected it to cable modem only (not to my LAN) and enabled DHCP.
After connecting a laptop to pfSense, which successfully gets an IP, i cannot get to the internet. Accessing the pfSense console and pinging known WAN IP addresses does not return a result for pfSense. It certainly seems that pfSense is not able to access the internet - this has nothing to do with my LAN configuration/subnets
What could be the cause? What else can I try?
-
(Careful with those trying to help you!)
What does this mean??
As for the problems, I have factory reset the pfSense box, connected it to cable modem only (not to my LAN) and enabled DHCP.
After connecting a laptop to pfSense, which successfully gets an IP, i cannot get to the internet. Accessing the pfSense console and pinging known WAN IP addresses does not return a result for pfSense. It certainly seems that pfSense is not able to access the internet - this has nothing to do with my LAN configuration/subnets
What could be the cause? What else can I try?
Can you see that pfSense is getting the lease and setting DHCP properly?
Can you do a traceroute from pfSense to the Internet? Where does it stop?
Have you replaced the cable?
-
Can you see that pfSense is getting the lease and setting DHCP properly?
I don't know what properly means, I can see that it gets an IP address from the modem, and that it can ping the modem on its IP, so it is established on that network segment.
Can you do a traceroute from pfSense to the Internet? Where does it stop?
Can you advise how I run a tracert from the pfSense box itself? I am not familiar with Linux console commands - I presume this is a linux command that is run via the console in pfSense?
Have you replaced the cable?
Cable is not an issue, it works fine with my other router, it's a 0.5m cable and i can see it has no damage and negs at 1 Gbits fine.
-
Can you see that pfSense is getting the lease and setting DHCP properly?
I don't know what properly means, I can see that it gets an IP address from the modem, and that it can ping the modem on its IP, so it is established on that network segment.
In the WebUI, on the Dashboard, enable the Interfaces widget. Does it show that pfSense is connected and has an IP address?
It doesn't matter if your DHCP server thinks it's given a lease out, I want to know that pfSense grabbed that IP address.
Can you do a traceroute from pfSense to the Internet? Where does it stop?
Can you advise how I run a tracert from the pfSense box itself? I am not familiar with Linux console commands - I presume this is a linux command that is run via the console in pfSense?
From the WebUI, go to the Diagnostic Menu and select Traceroute. There, enter the IP address of a server on the Internet. I used Google DNS servers, 8.8.8.8, and pfSense shows the route from pfSense to that IP address. 10 hops in my case. Run that utility and post the results here.
Have you replaced the cable?
Cable is not an issue, it works fine with my other router, it's a 0.5m cable and i can see it has no damage and negs at 1 Gbits fine.
Replace it anyway with another working cable just to eliminate it as a potential issue.
-
Yes, pfSense has an IP on the WAN interface, it also has a gateway address.
Doing a tracert from pfSense to 8.8.8.8 just shows asterisks if i remember correctly.
Tracert from my laptop shows the same failure.C:>tracert 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms pfSense.localdomain [192.168.1.1]
2 * * * Request timed out.From my laptop I can ping the WAN interface IP, but not the gateway address assigned to the WAN.
I've replaced both cables. Not the issue.
It is behaving as though, either due to pfSense or HW that no traffic is permitted between the two interfaces. Is there anything in the default firewall/NAT setup that could do this?
Any other ideas?
-
Yes, pfSense has an IP on the WAN interface, it also has a gateway address.
Doing a tracert from pfSense to 8.8.8.8 just shows asterisks if i remember correctly.
Tracert from my laptop shows the same failure.C:>tracert 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms pfSense.localdomain [192.168.1.1]
2 * * * Request timed out.From my laptop I can ping the WAN interface IP, but not the gateway address assigned to the WAN.
I've replaced both cables. Not the issue.
It is behaving as though, either due to pfSense or HW that no traffic is permitted between the two interfaces. Is there anything in the default firewall/NAT setup that could do this?
Any other ideas?
If pfSense is getting an IP address on the WAN interface, the system is on the network. If it cannot get upstream from there, the issue may be with the next device upstream.
pfSense has an IP address and a traceroute fails from pfSense indicates to me that either the DHCP configuration is wrong, or the upstream device is not allow traffic from pfSense.
-
If pfSense is getting an IP address on the WAN interface, the system is on the network. If it cannot get upstream from there, the issue may be with the next device upstream.
pfSense has an IP address and a traceroute fails from pfSense indicates to me that either the DHCP configuration is wrong, or the upstream device is not allow traffic from pfSense.
If I add a USB network adapter as the WAN device, it all starts working immediately.
I'm thinking it's hardware.