Confused behind pfsense.
-
I installed version 2.4.4 onto a pc that I have as I have recently found pfsense. My confusion is that my understanding is that by default, pfsense is wide open. I have a Netgear C7000 router and it is connected directly to my main workstation and I can hit speedtest and here is my result. https://www.speedtest.net/result/8599121714.png
However when I take that same network cable and connect it into the WAN port of my fresh install, with no firewall rules, I get "Could not connect to the test server. A firewall could be blocking the connection or the server might be having some issues. Please try again later.", and most sites will not load. I have 3 dns servers setup, and I can ping www.speedtest.net
PING zd.map.fastly.net (151.101.186.219): 56 data bytes
64 bytes from 151.101.186.219: icmp_seq=0 ttl=55 time=23.744 ms
64 bytes from 151.101.186.219: icmp_seq=1 ttl=55 time=25.727 ms
64 bytes from 151.101.186.219: icmp_seq=2 ttl=55 time=26.849 ms--- zd.map.fastly.net ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 23.744/25.440/26.849/1.284 ms
What am I doing wrong?I tried searching and did not seem to see any similar issues. Thank you in advance.
-
it is open only from the lan network side to the internet
for speednet test to check your latency you need to permit icmp to your wan
but that is not mandatory to surf the web -
Looks like pfSense itself is able to connect, it claims to be on the latest update, but you should make sure it can see and download packages.
You should be able to connect from a LAN side client by default. The most common reason you cannot is if the subnets conflict. They look OK here unless the WAN is actually a /23 or larger.
Also check for a default route in Diag > Routes.
Steve
-
Your graphs show your moving quite a bit of data.. You running p2p on that connection? 300-500kbps looks like.. 5ms to your local router seems pretty high..
-
@kiokoman said in Confused behind pfsense.:
permit icmp to your wan
Thank you @kiokoman, I added a rule to WAN and it allowed speed test to run. Is there a reason that I should not have this rule setup?
https://www.speedtest.net/result/8601630880.png
-
@johnpoz I am not running any p2p. The pc I have connected to this firewall currently for testing is my main desktop, that has all of my IP security cameras streaming to it for DVR. I am looking to test this for a bit first, and then once I am happy with it it will run as an appliance between my main inbound feed, and the rest of the house. Currently I have it connected to a switch with a few odd and end devices.
-
You would not need a rule on your WAN to allow speedtest to run? You mean it was pinging your IP? And that was stopping the test from running.. I find that hard to believe to be honest.. For starters your behind a double nat.. So you would of never pinging your pfsense actual IP anyway.
I disabled my wan ping, and speedtest.net still works.
You mean you created a rule on your lan side to allow ping outbound?
Are those graphs in kb or kB?
-
@johnpoz I followed what the other user had mentioned and it worked correctly. When I said I could ping speedtest.net I went into diagnostics, ping, and used the host name, and could ping speedtest.net. However when I would open it I could click Go, and it would never initialize, it would go into the latency error. I have added the rule I created below, and now the speedtest.net works fine. Thank you for your help.
-
That did not fix your problem, the speedtest site does not ping your IP.. And your behind a double nat anyway.. So it couldn't actually ping pfsense anyway..
Notice that rules has ZERO hits.. notice the 0/0
Here is ping on wan that shows a hit on the rule.
Not sure why it started working for you, but that rule has ZERO to do with it.
-
@johnpoz Sir, you are correct. I disabled the rule and tried speedtest, and it worked. I then deleted the rule, and it still works. I am not sure why it took over 24 hours to start working, but it is working correctly now. Thank you again for your assistance. I am a noob when it comes to pfSence.
Thanks again.
-
So internet in general was working, you had no issues resolving anything.. Just speed test was failing? And you had tried just changing the servers you were doing the test too?
That latency error you were getting seems to just point to one of there servers being down
https://support.speedtest.net/hc/en-us/articles/203845540-What-does-Latency-Test-Error-mean-
"Latency Test Error" typically occurs when the server has gone temporarily down. We have a server watchdog that will periodically contact servers to verify they're working properly, but there may be a slight delay before we automatically recognize the server is down. Please let us know by filing a support ticket specifically identifying which server caused the error, and try testing to a different server.
