Internet inaccessible after updating to 2.5.2
-
I upgraded from 2.4.5 to 2.5.2 today, and after a reboot lost all internet connectivity on my devices and on the whitebox pfsense router itself. I have my pfsense router behind a 5268AC AT&T router in DMZPlus mode. I'm no networking expert, but have validated / tried the following:
-
The public IP address is being assigned correctly to the pfsense router.
-
I tried rebooting both the pfsense and at&t routers.
-
Restoring from a previous config
-
Pinging 8.8.8.8 on the pfsense router (100% loss)
-
Doing a speed test on the AT&T router (success)
-
Switching my PC to the AT&T router to see if there was internet access (there is)
-
Factory reset on pfsense router
-
Clean install on pfsense router
I'm really frustrated at this, but I know I don't have the knowledge to solve this myself. Are there any steps I can take to resolve this? It's been working for at least a year with no hiccups until now. I severely regret updating.
-
-
Hey me too! From 2.4.5p3 to 2.5.2. It was a nightmare, tunnels connected but didn't pass traffic. DNS gone. It blocked all traffic basically — except to the firewall itself — even the #1/ICMP/any
︎any/pass on all interfaces and IPv6 which doesn't need NAT. I thought NAT might be responsible.I reverted just now, the 2.4.5p3 snapshot, it's still checking backups consistency, I increased it to 1000 so it takes a while.
Little tip: if you have the ability to use snapshots (i.e; virtual machine) use them instead of backups. The packages from the pkg manager are updated too when a new base system is out. Although if you're good with the CLI and FreeBSD you might be able tot get them from the FreeBSD repos. :)
-
@skilledinept said in Internet inaccessible after updating to 2.5.2:
Although if you're good with the CLI and FreeBSD you might be able tot get them from the FreeBSD repos. :)
All the 2.4.5 packages still exist you just need to set the update branch to '2.4.X deprecated'.
@Serintysw that sounds like it could be no default route or a bad default route for some reason.
pfSense is able to pull a public IP using DHCP? And can ping the gateway IP? But nothing beyond that?
Steve
-
go to system > routing
make sure default gateway for ip4 is not set to Automatic.. but wan.
if you do not use Ip6 change it to none
good luck!
-
@stephenw10 said in Internet inaccessible after updating to 2.5.2:
All the 2.4.5 packages still exist you just need to set the update branch to '2.4.X deprecated'.
That's cool, I don't remember having that option available back then, it was a while, I think the first 2.4. I can't stop storing VM templates now.
@Serintysw totally sounds like the routes you might get better sense of things it you ping by segments, i.e; instead of going all the way to a public server just check you get echo back from the next gateway, then a client to pfSense, and then to the AT&T firewall and so on for as many hops as you have.
You can add/remove routes from the console if you can't reach remotely. They're temporary so they need to be added on the GUI again so they stick.
It turns out I was on 2.5.0 BTW, my bad. It must've been 2.5.1 when NAT went crazy then.
Good luck!
-
@skilledinept
Check this. I had a problem like this. This item did not exist in version 2.4. LAN is set by default.
-
Sorry about the silence. I installed a fresh 2.5.2 for a backup network and had no issues with it. Then upgraded again the same firewall I had problems in before and this time I just had to reorder a rule or two and changed them back to force them to reload and it's been working OK now.
That WAN interface circled there is for the proxy settings not for the system. The system's in System → Routing.
Furthermore, the proxy bypasses all of your rules making it much harder to diagnose. Avoid setting up the proxy at least in the forced (transparent) or automated (WPAD) ways until you're sure what interfaces are handling your traffic. When the proxy takes in the traffic it disappears from your firewall's view [maybe] until it exits an interface. pfSense filter/logs inbound traffic on each interface, not outbound. The result is that you don't see the traffic or the rule that's allowing it to pass.
When or if you have your network back up already, I recommend you become fully aware of your network by setting split horizon DNS and unchecking all of these in System → Advanced → Firewall & NAT:
It makes your network (and yourself) super reliable.
-
Hi, So you are saying that "reordering you FW rules" then putting them back the way they were fixed you issue with not being able to access the internet after the update to 2.5.2?
MP
