SG3100 Single WAN NAT Issues.
-
@mcury lack of my skills.. This is a new world to me ;-)
OK, It appears that the guest WiFi VLAN has stopped working. My LAN WiFi is working. I didn't think that anything I did would have affected the Guest WiFi (using my phone as a test unit).
Not going to last too much tonight. I'm early riser. If you want, you can always email WC2L at YCCC dot ORG. I'm guessing most of this a couple of check marks somewhere. Will
-
@mcury Since we setup the split DNS, is there something I need to do to get the guest WiFi to work again?? I can't seem to get to the Internet, ddns.example.com or pretty much anything.. It is handing out DHCP from the SG3100. I'm guessing it is a routing issue. Just don't know how to address it.
-
Show some screenshots of your config.
And no, split DNS wouldn't cause internet outage.
-
@mcury
Not sure what screens you want to see.
-
@wc2l Can users in this guest WiFi ping 8.8.8.8?
-
@mcury NOPE
-
@wc2l Are these users getting IP address from the DHCP?
-
@mcury Yes.. I just connected a Surface to the Guest WiFi..
It got the expected IP address -
@wc2l Ok, it was working before? Problem started with the host override inside DNS Resolver?
Try to remove the host override and try again. -
@mcury no change
Both ways shows that DNS servers are not responding
DNS_PROBE_FINISHED_NO_INTERNET -
@wc2l Ok, what DNS server are these users using?
Are your firewall rules allowing connections to this DNS server on port 53 UDP/TCP? -
-
@wc2l You need firewall rules inside this last image, WC2LWIFIGUEST
You need to allow the GUEST network to go out to the internet.Do you see the difference between LAN and WC2LWIfIGUEST?
The last two rules in LAN, try to create them inside WC2LWIfIGUEST, this will allow internet access for these guests.
-
@mcury Protocol - Any, Source - Any, Destination Any?
I remember something that I saw online. I will have to see if I can find it -
@wc2l It's easy to create a firewall rule.
Protocol: any
Source: WC2LWIfIGUEST_NET
source port: *
destination: *
port: *Exactly as it is inside LAN, you replicate that but now for WC2LWIfIGUEST
-
@mcury
That was it!! I can get out to the internet.. I can't get to ddns.example.com, but I'm not sure I truly care.. more of a way for me to test some stuff. -
@wc2l Ok, to users in the WC2LWIfIGUEST to be able to access ddns.example.com
You will need the host override in place, and confirm that the users inside WC2LWIfIGUEST are using the pfsense DNS and not other DNS server. -
@mcury I had already placed the Host override in place.
When I check the ipconfig of the device it is 172.30.32.1 -
@wc2l Is 172.30.32.1 the interface WC2LWIfIGUEST IP address?
If so, the host override to ddns.example.com should be working.Ping ddns.example.com from inside the WC2LWIfIGUEST network and confirm if the IP matches the host override configuration.
-
@mcury When I ping the DDNS name it does match the actual IP address