XG2758 LAN not getting out to WAN
-
I installed an XG2758 at a clients office with minimal configuration and LAN traffic is not being passed to the WAN and the WAN gateway address is not pingable from the WAN interface. I need some assistance troubleshooting this and am not sure where to begin
Thanks,
David -
@david-mundt said in XG2758 LAN not getting out to WAN:
with minimal configuration
What does that mean?
Did you do a fresh install of pfsense? If so, what version?
Any firewall rules on the LAN interface? If so, a screenshot of those rules would be helpful.
What did you put in the settings for a DNS server(s) during setup?
How do you connect to the ISP - PPPOE, DHCP, static IP address? Can you plug in a laptop, for example, into the ISP modem and get to the internet that way?
Which port on the pfsense box did you use for WAN - one of the SFP ports, or one of the RJ45 ports? If SFP ports, is the link actually alive and active? Sometimes, if you use a 3rd party SFP adapter, they behave unexpectedly.
Who is your ISP? Sometimes when you install a NEW router between the ISP modem and LAN network, the ISP modem needs to be restarted before traffic will flow to/from the internet. Cable modems are notorious for this type of behavior.
Jeff
-
https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html
-Rico
-
@akuma1x This is a fresh install, I wiped the old config using the console cable. I switched to ASA a few years back so I'm sure all that's wrong is a misconfiguration.
Version 2.4.5 is running and screenshots of rules are attached. I'm using the ping tool to try and ping the next hop from the WAN interface and it doesn't ping.
-
Your WAN rules look a little wonky. I say that, because this is the default:
Block private and bogon networks is selected during setup, but you can reactivate them here:
Interfaces -> WAN, all the way at the bottom.
That single WAN rule you've got in there isn't valid, you can delete it. Also, you didn't answer the DNS question, what have you got setup in there?
System -> General Setup -> DNS Server Settings
Did you setup anything on your Floating firewall rule tab?
Jeff
-
@akuma1x screenshots attached
-
@david-mundt You generally don't need to define gateways for the DNS servers. If you mark those 2 dropdown menus, the ones next to 1.1.1.1 and 8.8.8.8 in your screenshot, as "none" that might fix this problem.
Here's an example screenshot I found on the net:
The boxes to the right of the red-outilned DNS server boxes are the ones I'm talking about. Set yours the same way. Might need to reboot the pfsense box when you're done, but maybe not.
Jeff
-
@akuma1x said in XG2758 LAN not getting out to WAN:
t
I actually just turned those on to try to get a ping out of the WAN but I will turn them back off.
-
@david-mundt Any luck yet?
Jeff
-
@akuma1x no luck... It's not making any sense to me.
-
@david-mundt If it were me, and if it won't disrupt the network it's on too much, I would reset the pfsense box back to factory defaults and start from scratch.
https://docs.netgate.com/pfsense/en/latest/config/factory-defaults.html
When you go thru the setup process, don't put in anything special. These tutorial steps here (see page with setup screenshots) are the most basic, besides manually entering DNS servers, which is ok for this exercise, and should get you up and running very quickly.
https://techexpert.tips/pfsense/pfsense-server-installation/
Again, still a couple of unanswered questions from earlier...
Which port on the pfsense box did you use for WAN - one of the SFP ports, or one of the RJ45 ports? If SFP ports, is the link actually alive and active? Sometimes, if you use a 3rd party SFP adapter, they behave unexpectedly.
Who is your ISP? Sometimes when you install a NEW router between the ISP modem and LAN network, the ISP modem needs to be restarted before traffic will flow to/from the internet. Cable modems are notorious for this type of behavior.
Jeff
-
Yes, at a basic level does the WAN have a link to whatever it's attached to? At the correct link rate?
Check Status > Interfaces.You have a WANGW but it looks like it was configured as static, correct?
Does it show as up in Status > Gateways?Can you ping anything from pfSense itself via Diag > Ping?
The most likely explanation is that the WAN is misconfigured or not connected correctly.
Steve
-
Can you even ping out to anything like 8.8.8.8 using Diagnostics > Ping?
If not, why not?
-
Ok guys I just wiped the appliance and restored it to factory. I added the interface addresses in the terminal, logged into the device and set the external DNS servers. I still cant ping anything out of the WAN interface. The device is so easy to configure I cant imagine what is going wrong.
-
Again, just in case you missed it: https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html
-Rico
-
Still the same questions, start from the lowest level and work up:
Do you see link LEDs on the WAN?
Do you see the WAN pull and IP address (if it's using dhcp)?
If it's static check the ARP table for anything on the WAN.
Steve
-
This post is deleted! -
This post is deleted! -
@stephenw10 said in XG2758 LAN not getting out to WAN:
Still the same questions, start from the lowest level and work up:
Do you see link LEDs on the WAN?
Do you see the WAN pull and IP address (if it's using dhcp)?
If it's static check the ARP table for anything on the WAN.
Steve
Sorry for the delay guys. I've been swamped and just now able to get back to this.
The LAN and WAN links show link lights
WAN pulls an IPv6 address from DHCP but not IPv4 so I set it to static
ARP table shows a MAC from the upstream first hop router with the ISP
Dashboard shows both interfaces as UP... Still unable to ping outside
WAN IP is not missing its just been redacted on this screenshot
-
Does it pull a real, routable IPv6 address? Can you ping6 out of it?
But you cannot ping the first hop device using whatever IP it appears as?
Are you sure you're using the correct IP and gateway info?
Steve
