Connection trouble after switching ISP
-
Still no luck with resolving this problem. An oddity I encountered:
- If I start a promiscuous capture on WAN, do a ping test to 75.75.75.75 (0% packet loss), and stop the capture, I see the expected ICMP echo request/reply packets.
- If I start a promiscuous capture on WAN, do a ping test to 8.8.8.8 (100% packet loss), and stop the capture, I see no captured packets. I expected to at least capture some ICMP echo requests. I get the same result if I change the capture interface to Localhost or LAN, keeping the test the same, otherwise.
Kind of stuck...not sure what else to try/check.
-
I temporarily swapped out the pfSense gateway with a basic router running DD-WRT. The connection is working fine, LAN devices have good connectivity. Seems something is going on with our pfSense install/config, and I'm considering a clean install. I've been wanting to upgrade our Hyper-V Server (now to v. 2019) anyway, which also means "new" hardware to meet later Hyper-V requirements.
Anyone in Southeast PA with a used i5 or i7 PC (preferably SFF) you're looking to sell? -
@regexaurus said in Connection trouble after switching ISP:
I see no captured packets
If you don't see pfsense sending out the packets - then no shit your not going to get an answer... What is your routing? Pfsense thinks 8.8.8.8 is somewhere else then out your default wan?
Where exactly are you pinging from.. Ping from pfsense.. sniff on pfsense wan.. Do you see it sending the request?
-
@johnpoz said in Connection trouble after switching ISP:
@regexaurus said in Connection trouble after switching ISP:
I see no captured packets
If you don't see pfsense sending out the packets - then no shit your not going to get an answer...
Yikes! I did specify that I expected to at least capture ICMP echo request packets (originating from my network / pfSense) even if there is no reply.
I did ping tests mostly from pfSense, and used pfSense capture diagnostic tool. Nothing really unique about my routes, as far as I know. I tried captures on Localhost and LAN just in case pfSense was sending echo requests out the wrong interface (perhaps due to a bad route).
-
Misread your response the first time. Yes, I understand that I won't see ping replies if requests aren't leaving pfSense (or being routed correctly) in the first place. Ping attempts from other LAN devices to well-known IPs like 8.8.8.8, also resulted in 100% loss. Wondering whether running a pfSense capture during such a test would offer any clues as to what pfSense is doing with those packets...
-
@johnpoz
Yes, I was sniffing from pfSense, mostly on WAN, but also tried sniffing on Localhost and LAN (the only interfaces besides WAN that appear in the capture diag utility on my pfSense install), in case ping requests weren't being routed correctly. For the failed ping tests, I didn't capture any related packets, on any interface. -
Are you using a network/mask on your network that overlaps 8.8.8.8? Unless pfsense thinks that IP is attached locally, or has a route to send it somewhere else.. It would send it to its default gateway...
Would not be surprised, have seen many a user just pull IP ranges out their ass and use them internally..
If you do not see them while sniffing, then they are not being sent.. And it would be impossible for you to get a reply.
Are you using any sort of outbound rules on your floating tab, do you have any IPS running in blocking mode?
-
You say you are running pfSense on a Hyper-V VM, so don't forget to check over the setup within Hyper-V networking. You say it worked before with your previous ISP? I would start by looking for what is different? ADSL is PPPoE while cable modems are DHCP. Make sure something is not leftover in your pfSense setup from the old PPPoE connection. Make sure you did not create some weird network configuration in Hyper-V to make the DSL connection work. Like look around and see if you maybe hard-coded the old default gateway someplace.
pfSense just works, but it needs a solid network environment to make things happen. Sounds like something is out of sorts with your setup. First check that all of the old DSL stuff is truly gone from your network setup and the pfSense WAN interface is set for DHCP and is getting the proper IPv4 address from the cable modem along with a proper gateway and sensible/suitable mask.
-
@johnpoz said in Connection trouble after switching ISP:
Would not be surprised, have seen many a user just pull IP ranges out their ass and use them internally..
Not just users... My ISP (Rogers) does this. They use 7.0.0.0/8 for their internal routing. When I asked them why my gateway IP was in USDoD's range, I got a lot of head scratching responses. I eventually got thru to an engineer, who said they ran out of 10.0.0.0/8 space. WTF.
-
@ljr said in Connection trouble after switching ISP:
I eventually got thru to an engineer, who said they ran out of 10.0.0.0/8 space. WTF.
The same thing happened with Comcast, IIRC. They couldn't manage their network, without segmenting it, even with all the RFC 1918 addresses available. Their solution was to move to IPv6. Rogers provides IPv6, but they still have to support IPv4. I hope you're running IPv6, as it will help you avoid that sort of problem.