XG2758 LAN not getting out to WAN
-
@akuma1x This is a fresh install, I wiped the old config using the console cable. I switched to ASA a few years back so I'm sure all that's wrong is a misconfiguration.
Version 2.4.5 is running and screenshots of rules are attached. I'm using the ping tool to try and ping the next hop from the WAN interface and it doesn't ping.
-
Your WAN rules look a little wonky. I say that, because this is the default:
Block private and bogon networks is selected during setup, but you can reactivate them here:
Interfaces -> WAN, all the way at the bottom.
That single WAN rule you've got in there isn't valid, you can delete it. Also, you didn't answer the DNS question, what have you got setup in there?
System -> General Setup -> DNS Server Settings
Did you setup anything on your Floating firewall rule tab?
Jeff
-
@akuma1x screenshots attached
-
@david-mundt You generally don't need to define gateways for the DNS servers. If you mark those 2 dropdown menus, the ones next to 1.1.1.1 and 8.8.8.8 in your screenshot, as "none" that might fix this problem.
Here's an example screenshot I found on the net:
The boxes to the right of the red-outilned DNS server boxes are the ones I'm talking about. Set yours the same way. Might need to reboot the pfsense box when you're done, but maybe not.
Jeff
-
@akuma1x said in XG2758 LAN not getting out to WAN:
t
I actually just turned those on to try to get a ping out of the WAN but I will turn them back off.
-
@david-mundt Any luck yet?
Jeff
-
@akuma1x no luck... It's not making any sense to me.
-
@david-mundt If it were me, and if it won't disrupt the network it's on too much, I would reset the pfsense box back to factory defaults and start from scratch.
https://docs.netgate.com/pfsense/en/latest/config/factory-defaults.html
When you go thru the setup process, don't put in anything special. These tutorial steps here (see page with setup screenshots) are the most basic, besides manually entering DNS servers, which is ok for this exercise, and should get you up and running very quickly.
https://techexpert.tips/pfsense/pfsense-server-installation/
Again, still a couple of unanswered questions from earlier...
Which port on the pfsense box did you use for WAN - one of the SFP ports, or one of the RJ45 ports? If SFP ports, is the link actually alive and active? Sometimes, if you use a 3rd party SFP adapter, they behave unexpectedly.
Who is your ISP? Sometimes when you install a NEW router between the ISP modem and LAN network, the ISP modem needs to be restarted before traffic will flow to/from the internet. Cable modems are notorious for this type of behavior.
Jeff
-
Yes, at a basic level does the WAN have a link to whatever it's attached to? At the correct link rate?
Check Status > Interfaces.You have a WANGW but it looks like it was configured as static, correct?
Does it show as up in Status > Gateways?Can you ping anything from pfSense itself via Diag > Ping?
The most likely explanation is that the WAN is misconfigured or not connected correctly.
Steve
-
Can you even ping out to anything like 8.8.8.8 using Diagnostics > Ping?
If not, why not?
-
Ok guys I just wiped the appliance and restored it to factory. I added the interface addresses in the terminal, logged into the device and set the external DNS servers. I still cant ping anything out of the WAN interface. The device is so easy to configure I cant imagine what is going wrong.
-
Again, just in case you missed it: https://docs.netgate.com/pfsense/en/latest/routing/connectivity-troubleshooting.html
-Rico
-
Still the same questions, start from the lowest level and work up:
Do you see link LEDs on the WAN?
Do you see the WAN pull and IP address (if it's using dhcp)?
If it's static check the ARP table for anything on the WAN.
Steve
-
This post is deleted! -
This post is deleted! -
@stephenw10 said in XG2758 LAN not getting out to WAN:
Still the same questions, start from the lowest level and work up:
Do you see link LEDs on the WAN?
Do you see the WAN pull and IP address (if it's using dhcp)?
If it's static check the ARP table for anything on the WAN.
Steve
Sorry for the delay guys. I've been swamped and just now able to get back to this.
The LAN and WAN links show link lights
WAN pulls an IPv6 address from DHCP but not IPv4 so I set it to static
ARP table shows a MAC from the upstream first hop router with the ISP
Dashboard shows both interfaces as UP... Still unable to ping outside
WAN IP is not missing its just been redacted on this screenshot
-
Does it pull a real, routable IPv6 address? Can you ping6 out of it?
But you cannot ping the first hop device using whatever IP it appears as?
Are you sure you're using the correct IP and gateway info?
Steve
-
@stephenw10 said in XG2758 LAN not getting out to WAN:
Does it pull a real, routable IPv6 address? Can you ping6 out of it?
But you cannot ping the first hop device using whatever IP it appears as?
Are you sure you're using the correct IP and gateway info?
Steve
config is what ISP provided. Yes it is correct, it's the same IP config loaded on the old internal router.
I am able to ping google.com using IPv6 but it fails for IPv4
-
If it is supposed to be DHCP and you set it to static it will probably not work.
Configure it how the ISP says to configure it based on how it is provisioned.
If it is supposed to be DHCP and you are not getting a lease you need to troubleshoot why - maybe with the ISP - not set it to some random provisioning.
-
@Derelict said in XG2758 LAN not getting out to WAN:
If it is supposed to be DHCP and you set it to static it will probably not work.
Configure it how the ISP says to configure it based on how it is provisioned.
If it is supposed to be DHCP and you are not getting a lease you need to troubleshoot why - maybe with the ISP - not set it to some random provisioning.
ISP is spectrum and I've got other clients using the same ISP and it's always a static IPv4 address. I just tried DHCP on 4 and 6 and IPv4 gets 0.0.0.0 for its IP.
Still able to ping google.com with v6 and unable to ping using v4
