Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    reassigning interfaces, now no Internet

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 551 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tr0910
      last edited by

      New install now won't allow internet access suddenly. Initially, the install all went perfect, and allowed immediate access. However an ISP internet reset put me offline. Interfaces came up all blank on the bootup screen, and I got them back only by reassigning them manually and giving them new ip addresses.

      Now I can access pfSense via it's new 192.168.10.1 address but initially my laptop complains that it has network access but no internet access. Doing a ping from the laptop to my chosen DNS 8.8.8.8 works slowly at first, and then the laptop removes the little x on the internet connection icon and claims it now has internet access. However no internet sites are available by browser.

      I am behind the GFW of China and connected by China Telecom with a CGNAT connection. My modem/router is TEWA-600 acting as a router / not bridged. My current router is a DD-WRT based Netgear AC1450. So until I get pfSense working good and get rid of DD-WRT, I am triple natted. But it worked initially so good....

      Did my manual ip address setting mess up the pfSense router somehow? On the Wan Firewall I only have one rule about Bogon nets. Shouldn't there be a second rule there by default?

      1 Reply Last reply Reply Quote 0
      • T
        tr0910
        last edited by

        I nuked the pfSense config and got back to the same place. (Lan address has been moved to 192.168.10.1) Can ping 8.8.8.8 from my laptop, but cannot load a web page. Next I nuked the entire pfSense box and recreated from ISO. Still the same result. However, now it will pull a DHCP WAN address. Finally in desperation, I removed the DD-WRT router that was inbetween the pfSense box and the China Telecom modem/router. Still the same result, but now the DHCP WAN address matched the ones given out by that China Telecom router. (192.168.1.1)

        This is very puzzling as the only thing that changed fron the initial working pfSense install was the Internet was reset, and I went from a PPOe connection to China Telecom to a DHCP connection with China Telecom. Could this have affected pfSense?

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          out of the box pfsense resolves for dns.. If your in china with all of their blocking I find it hard to believe that they would allow for dns access to any IP on the planet which is really what you need for resolving to work because the resolver talks directly to the authoritative ns for whatever domain your looking for.

          You ask roots for NS of the tld your looking for, then that NS tells unbound the NS for the domain.tld your looking for, then it goes and asks NS for domain.tld for A record of say www.domain.tld your looking for.

          This is going to be problematic if in a country or ISP that does a lot of filtering - say like china ;)

          Change pfsense to forward vs resolve and point it to a china approved DNS.. Does china even allow for access google dns?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • T
            tr0910
            last edited by

            Thanks, will try that.

            FYI, my DD-WRT is presently pointing to 8.8.8.8, 8.8.4.4 for DNS. However this is behind the China Telecom modem/router and DD-WRT is getting a WAN ip address of 192.168.1.7 (turning that China Telecom box into bridge mode would be nice) (Talking to tech support here in China is a waste of time due to my lack of Chinese language. My Chinese friends are not tech savvy enough to help )

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.