Multiple LAN kills internet?
-
I'm very new to networking and pfsense,
The setup is like this: Pfsensebox Wan connected to router/modem, Pfsensebox Lan connected to a 5 port netgear switch which i have two desktops and a ps4 plugged into.
i wanted to build a wireless router for my room since the wifi does not reach from downstairs making it annoying to use phones or my laptop. I was able to set it up somehow so that the wifi works pretty flawless but now when i use two computers on the LAN they both lose internet until one of the two is shut off.
I thought that the router could maybe be assigning the two machines the same IP but they aren't i then read something about gateways on LAN and how there shoulnd't be any and there aren't
so at this point i'm quite stumped
this is the system log for the past couple entries if it helps anyone at all:
Jul 6 16:18:20 php-fpm 42009 /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::8af7:c7ff:fe91:aeee%re1
Jul 6 16:18:20 check_reload_status Reloading filter
Jul 6 16:18:21 xinetd 25702 Starting reconfiguration
Jul 6 16:18:21 xinetd 25702 Swapping defaults
Jul 6 16:18:21 xinetd 25702 readjusting service 6969-udp
Jul 6 16:18:21 xinetd 25702 Reconfigured: new=0 old=1 dropped=0 (services)
Jul 6 16:18:21 php-fpm 86904 /rc.newwanipv6: rc.newwanipv6: Info: starting on re1.
Jul 6 16:18:21 php-fpm 86904 /rc.newwanipv6: rc.newwanipv6: on (IP address: 2601:188:0:95b0:3a60:77ff:febf:2dc6) (interface: wan) (real interface: re1).
Jul 6 16:18:26 php-fpm 86904 /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::8af7:c7ff:fe91:aeee%re1
Jul 6 16:18:26 check_reload_status Reloading filter
Jul 6 16:18:27 xinetd 25702 Starting reconfiguration
Jul 6 16:18:27 xinetd 25702 Swapping defaults
Jul 6 16:18:27 xinetd 25702 readjusting service 6969-udp -
well what is the IP of your machine when it works, and what happens when you turn on another machine what IP does it have. And what is the output of its ipconfig /all I am assuming these are windows machines.
What is the IP of your pfsense lan? What is your wan since you mention your behind a nat.
So for example your pfsense wan it say 192.168.0/24, your lan is 192.168.1/24 and your clients are what 192.168.1.? And they point to say pfsense lan of 192.168.1.1 as their gateway?
You mention you setup a wifi router? Is it natting are these devices you connect wired or wireless? Did you convert your wifi router to AP by connecting it on to your network via a lan port and disable its dhcp server and giving it say an IP of 192.168.1.2?
-
well what is the IP of your machine when it works, and what happens when you turn on another machine what IP does it have. And what is the output of its ipconfig /all I am assuming these are windows machines.
What is the IP of your pfsense lan? What is your wan since you mention your behind a nat.
So for example your pfsense wan it say 192.168.0/24, your lan is 192.168.1/24 and your clients are what 192.168.1.? And they point to say pfsense lan of 192.168.1.1 as their gateway?
You mention you setup a wifi router? Is it natting are these devices you connect wired or wireless? Did you convert your wifi router to AP by connecting it on to your network via a lan port and disable its dhcp server and giving it say an IP of 192.168.1.2?
the ipv4 of my machine when it works in 192.168.1.100, it is hard wired in along with the other computer which when turned on gets an ip of 192.168.1.101
the pfsense lan ip is 192.168.1.1
not sure what you mean by what is my wan, i don't really know much about nat.
but the wan is setup as dhcp if that's what you mean.
i have two phones and a laptop connected wirelessly to the pfsense box and they work flawlessly. I connected the Wan to my modem as i said and the lan goes to the two hardwired computers. The wifi interface is setup as an AP with an ipv4 of 192.168.2.24
i also played with the DHCP server range so it's 192.168.2.18 - 192.168.2.29 which is what finally seemed to make the wireless work properlyand this is the output of ipconfig /all
C:\Users\keith>ipconfig /allWindows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-1T95CK2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : localdomainWireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ct.comcast.net
Description . . . . . . . . . . . : Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC
Physical Address. . . . . . . . . : 4C-BB-58-6F-B0-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesWireless LAN adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 4C-BB-58-6F-B0-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesEthernet adapter Ethernet 3:
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Physical Address. . . . . . . . . : D0-50-99-7B-F6-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3de9:bdb3:46b0:f872%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, July 6, 2016 3:57:01 PM
Lease Expires . . . . . . . . . . : Wednesday, July 6, 2016 7:49:45 PM
Default Gateway . . . . . . . . . : fe80::1:1%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 198201497
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-36-24-93-74-D4-35-18-24-72
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 4C-BB-58-6F-B0-65
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesTunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3025:d08:b645:29a0(Preferred)
Link-local IPv6 Address . . . . . : fe80::3025:d08:b645:29a0%14(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 134217728
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-36-24-93-74-D4-35-18-24-72
NetBIOS over Tcpip. . . . . . . . : DisabledTunnel adapter isatap.localdomain:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes -
So your not using your wifi router as AP your using it as NAT router.. So my guess is those are triple natted to the internet. I personally wouldn't do it that way.. Why not use it as just AP? I would connect it to a different interface on pfsense and then you could firewall your wifi from your lan if you wanted, etc. If you don't care then I would still just use it as AP.. Your double natting for no reason..
On pfsense what is its wan IP? does it start with 192.168, 10.x or 172.16-31?? Or is something like 24.13.x.x
So are you using ipv6?? You don't seem to get a global address but your default route is ipv6 link local. You could have something going on with that. So when you have this issue can your machine ping pfsense IP? Can you do dns, for example from cmd line can you ping www.pfense.org and get an IP back.. Or better yet use your fav dns tool, dig, nslookup, drill, host..
I personally either setup ipv6 and use it correctly, or disable it. You have all 3 of the transition interfaces that MS thought was a good idea enabled - teredo, isatap, 6to4.. As a test if ipv6 related you could disable it on your machines. Simple reg entry
from elevated (admin prompt) run
reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 255Reboot - do that on both your machines.
If you want to put it back the way it was just del the entry
reg delete hklm\system\currentcontrolset\services\tcpip6\parameters\ /v DisabledComponents /f
rebootSo when machine 192.168.1.101 comes online all of your internet fails for your .100 machine - but your wifi works.. If you turn off the .100 .101 works, or if you turn off the .101 then .100 works again?
-
So your not using your wifi router as AP your using it as NAT router.. So my guess is those are triple natted to the internet. I personally wouldn't do it that way.. Why not use it as just AP? I would connect it to a different interface on pfsense and then you could firewall your wifi from your lan if you wanted, etc. If you don't care then I would still just use it as AP.. Your double natting for no reason..
On pfsense what is its wan IP? does it start with 192.168, 10.x or 172.16-31?? Or is something like 24.13.x.x
So are you using ipv6?? You don't seem to get a global address but your default route is ipv6 link local. You could have something going on with that. So when you have this issue can your machine ping pfsense IP? Can you do dns, for example from cmd line can you ping www.pfense.org and get an IP back.. Or better yet use your fav dns tool, dig, nslookup, drill, host..
I personally either setup ipv6 and use it correctly, or disable it. You have all 3 of the transition interfaces that MS thought was a good idea enabled - teredo, isatap, 6to4.. As a test if ipv6 related you could disable it on your machines. Simple reg entry
from elevated (admin prompt) run
reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 255Reboot - do that on both your machines.
If you want to put it back the way it was just del the entry
reg delete hklm\system\currentcontrolset\services\tcpip6\parameters\ /v DisabledComponents /f
rebootSo when machine 192.168.1.101 comes online all of your internet fails for your .100 machine - but your wifi works.. If you turn off the .100 .101 works, or if you turn off the .101 then .100 works again?
i thought i had set it up as an AP, the wifi settings are on "access point" i don't really know anything about nat like i said. the wan ip is 10.0.0.3
i can ping the router from my computer and vice versa no packet loss.
also it appears i was incorrect no matter if the device is on wifi or wired i cannot connect if there are two devices trying to use it at the same time.
if disabling ipv6 on the pfsense machine would help ill try it but i can't seem to find where to do it -
Dude if your wifi are getting IPs 192.168.2 and your pfsense is 192.168.1 then its not an AP..
To use any old wifi router as just AP its very very simple.. Thought I already went over it.. Disable its dhcp server, give it an IP on your network for for example in your case 192.168.1.? and connect it to your network via LAN port on the old wifi router… There you go that is now an AP.. What your doing I have no idea but if your saying wifi clients are on 192.168.2 then its NATTING or routing if not natting and you put in a route on pfsense to this 192.168.2 network either way its for sure not an AP..
Lets forget wifi for a minute and get your 2 wired devices working.. So again going to ask what is the WAN Ip of pfsense?? is it rfc1918 or public??
Lets connect your 2 machines to your switch.. What IPs do they get? Can they ping pfsense lan IP? Can they resolve outside stuff? say ping www.google.com do they return an IP address for that? What is it? Or use nslookup.. so for example here is my machine.
> ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : i5-win Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : local.lan Ethernet adapter Local: Connection-specific DNS Suffix . : local.lan Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet Physical Address. . . . . . . . . : 18-03-73-B1-0D-D3 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, July 7, 2016 6:20:34 AM Lease Expires . . . . . . . . . . : Monday, July 11, 2016 6:20:32 AM Default Gateway . . . . . . . . . : 192.168.9.253 DHCP Server . . . . . . . . . . . : 192.168.9.253 DNS Servers . . . . . . . . . . . : 192.168.9.253 NetBIOS over Tcpip. . . . . . . . : Enabled > ping www.google.com Pinging www.google.com [172.217.4.100] with 32 bytes of data: Reply from 172.217.4.100: bytes=32 time=11ms TTL=54 Reply from 172.217.4.100: bytes=32 time=15ms TTL=54 > nslookup www.google.com Server: pfSense.local.lan Address: 192.168.9.253 Non-authoritative answer: Name: www.google.com Addresses: 2607:f8b0:4009:800::2004 172.217.4.100if they can both ping pfsense lan IP 192.168.1.1 and can resolve.. Then what is not working on the internet? As to disable ipv6 on pfsense.. Set ipv6 to NONE on both your wan and lan.. And then go into setting advanced networking. If your going to do that I would sugget you disable it on the client as well. Notice how mine had no ipv6 on it.. But I can turn it on very quickly if I want it.. But for sure for your troubleshooting lets take it to basics 2 machines using ipv4 wired..
