Everything works except loading a webpage
-
First off, get rid of that WAN rule that allows everything. You really don't want that. Second, are you using any packages and if so, which ones? Lastly, what is the actual error you get when trying to use your web browser? Have you tried a different browser?
-
Hi @kom Thanks for your input.
- I will get rid of the WAN rule when it works of course.
- I'm not using extra packages.
- When I try to load a page I get the standard: "this page cannot be displayed, check your internet connection". I've tried three different machines with three different OS installed with three different browsers.
-
- No, get rid of it now as there is no good reason for you to have it there and it's doing nothing for you. pfSense is a stateful firewall. That means it automatically allows return traffic back into your network. The only reason to have an Allow All rule on WAN is if you're doing some NATs like a port-forward to a web server or game server on your LAN, and even then you should only expose the ports required.
Btw TCP is definitely not being blocked.
I seem to remember some weird cases where web traffic wasn't coming in properly, and the problem was traced back to IPv6. I would try disabling it in pfSense via System - Advanced - Networking - IPv6 Options - Allow IPv6. Uncheck it and save. Try your tests again.
-
I've deleted the allow all firewall rule on the WAN side and unchecked Allow IPv6. Nothing has changed unfortunatly.
I've also added some more screenshots with the error and captured the packages.
-
You can add images directly here without having to link to an Imgur url, btw.
Everything looks like it should be working. This is a Hail Mary last resort, but I've seen cases of really weird behaviour that simply goes away with a reinstall. For you that should be easy since there is no extra configuration required. Reinstall from scratch, configure your interfaces and then try again. Do NOT add any extra or funny rules until you have learned a bit more about how they work. What you're trying to accomplish should work right out of the box with only NIC configuration required.
-
Okay I'll try that. Can I reformat the drive with the pfsense installer? Or should I just install it on top of the old installation? (sorry for the stupid question).
-
I haven't played with the new installer that much so I can't answer that definitively. You might try the Reset to factory defaults option #4 from the console first.
-
I've already tried the "Reset to factory defaults" and that does not solve the issue unfortunately. I guess I'll try installing it again and hope it will reformat the drive or something.
-
I can't see what else it could be at this point. You have connectivity and DNS. It should work.
-
did you mess with your outbound nat?
Post your outbound nat tab
-
Hi @johnpoz
I've done a complete reinstall of the pfsense system. I haven't touched anything at all.
I have the same issue. Here are the nat settings:
I can ping and nslookup just fine again except load a webpage.
-
I didn't see it in your troubleshooting steps, but did you reboot your ISP modem? And by that I mean, unplug it for at least 10 minutes.
Sometimes ISP modems lock onto an internal MAC address and won't send traffic to anything but that address until you reboot it.
Jeff
-
Hi John.
I've unplugged the modem for 15 min with no power. The issue still persists.
I'm starting to believe me and pfsense are just not meant to be. -
@kimyeti said in Everything works except loading a webpage:
I'm starting to believe me and pfsense are just not meant to be.
Do you have another router/firewall you could try?
Jeff
-
Unfortunately I do not. I have no problem buying a new router, but I'm afraid that I would get home and get the exact same issue. Then I would have two perfectly fine routers and still a broken network :(
-
@kimyeti said in Everything works except loading a webpage:
Unfortunately I do not. I have no problem buying a new router, but I'm afraid that I would get home and get the exact same issue. Then I would have two perfectly fine routers and still a broken network :(
How about your ISP modem? Does it have LAN ethernet ports on the back? If it does, there's a router you could try...
Jeff
-
I do not understand. Do you want to disable bridged mode on the ISP Router/modem? I know that would work because I've used that for 2 years.
But I would have to call my ISP again to switch the MAC address from the WAN interface on the pfsense to the ISP router.
I cannot install pfsense on their equipment.
-
@kimyeti said in Everything works except loading a webpage:
Do you want to disable bridged mode on the ISP Router/modem?
No, you don't have to do that.
Are you sure you're supposed to set your WAN interface to get an IP address via DHCP? On most (and I could count the number of times on one hand) of the bridged WAN connections I've had, they were always static IP addresses, with an upstream gateway manually typed in.
You mention calling the ISP to switch MAC addresses. Did you do that to get the pfsense box online? Did you give them the correct MAC address for the pfsense box? Can they help you with pinging the pfsense box, or verifying that it is even on their network?
I know you can't install pfsense on the ISP equipment. My point in asking about switching back to it was that would tell you if your pfsense box was truly malfunctioning, or if the problem lies somewhere with your ISP. By swapping another router with default configs, if that worked and got you online, your pfsense box would be bad. Get it? :)
Jeff
-
Simple test... sniff on pfsense wan... Have a client try and open a website... Do you see the SYN go out? Do you see the syn,ack come back?
The traffic outbound should be changed to your public IP via the outbound nat, and the source port changed... What does your state table show for the website you tried to access.
In the cable world - when you have place the ISP gateway device in bridge mode wan of pfsense would always be dhcp... And yes in the cable world you always have to powercycle the modem/gateway to free up the mac binding when you change devices.
It could be the isp is preventing access to the mac that is pfsense wan... The can happen when you get a new cable modem... Where you get access but you can not go anywhere other than the registration page of the ISP.. Possible if your resolving vs using the isp dns that your not getting some sort of dns redirect that your ISP does to say hey new device do you want to register it or call 1234, etc. etc..
But if you see the syn go out of pfsense with the correct public IP and you get no answer then the problem is UPSTREAM...
-
"Are you sure you're supposed to set your WAN interface to get an IP address via DHCP?"
According to the ISP guy I spoke with that's how they do it." Did you give them the correct MAC address for the pfsense box?"
The guy repeated it back to me, so I'm 99% sure."Can they help you with pinging the pfsense box, or verifying that it is even on their network?"
We can ping each other just fine."By swapping another router with default configs, if that worked and got you online, your pfsense box would be bad. Get it? :)"
True, but the reason why I got confused is because I would need another router to test with which I don't have at the moment. But it's a good idea and I will buy a cheap pre-configured router and see if that works. If I get the same error then we know for sure It's either the ISP's modem or something else in their end :)
