Adding a LAN post install is not working…..



  • I've installed 2.3.3. and updated to the latest on an HP Box with compatible hardware. Everything goes fine with the install until it's time to add the LAN. I'm running dual NIC cards and here's what happens:

    Install > configure em0 for DHCP (192.168.1.119/24) for WAN

    Add re0 for LAN with static IP 192.168.0.15/24

    As soon as I add the LAN, I lose WebGUI functionality. If I change the adapter assignment in console, it seems to help at times but more often than not, I'm locked out.

    I've went to shell and issued pfctl -d to disable temporarily to get into the GUI but that doesn't work anymore.

    Unplugged the LAN from the switch, no avail.

    Created LAN rules in firewall prior to adding LAN and still locked out.

    The goal here is to use the DUAL NICS, 1 WAN and 1 LAN (DHCP Server) to connect to a Netgear Prosafe 24-Port PoE switch and distribute IP's on anything but 192.168.1.* addresses.

    Can someone shed some light on this for me, I'm losing my mind.

    TIA!



  • If you install pfSense with 1 active nic the anti-lockout rules will be on the WAN once you activate a second interface that will be the LAN and the anti-lockout rules will move there.. As such make sure to add appropriate pass-rules when using the webgui from WAN side. Also make sure the block-private-subnets option on the wan interface is disabled.

    The pfctl -d should be able to work around this temporarily.. Sometimes you will need to issue it several times. Also it could be the webgui gets into some 'broken' state, then using 11 and 16 options from console menu should be able to get it running again.. And dont forget to run pfctl -d again if webgui still aint available..



  • Thank you for your reply. I was pulled off this project to start another one and now I'm back to this one, again.

    It seems there is something that gets broken somewhere. I've set up 1 pFsense box with VirtualPC and 1 just full install. Both have the same problem. At this point, it is preventing me from trying to attempt to activate both NICs and utilize this as the firewall. At this point, I just need one configured (preferably the full install) so I can install and implement this.

    Do you happen to have any other ideas? I'm going to be working on this for the rest of the day here.

    Thank you very much!


  • LAYER 8 Global Moderator

    if this a vm why are you installing pfsense with just 1 nic to start.  Give it 2, make sure you know which nic is which wan and lan.  you need to make sure you setup virtualPC to treat these nics correct to how its tied to your physical world.

    They should be bridged in your virtual software the real physical networks that make up the wan and lan of pfsense.  And you will then access pfsense from the LAN network.



  • Right now, I'm focusing on the full install box and not the VM. I figure I'd rather have the regular box so as to avoid the bridging and VM potential issues.

    For now, 2 NICs in the box that has a full install on pFsense 2.3.3-1


  • LAYER 8 Global Moderator

    ok so if your on a full box and not vm there should be no issues.  Just make sure you know which nic is which so when you setup your setting up wan and lan correctly.



  • I agree, there shouldn't be any issues. But that hasn't been the case…..until yesterday!

    I did a factory reset and started over with both NIC's plugged in. Once it reconfigured, I enabled the LAN and the blockout rule switched from WAN to LAN. I'm able to get into the WAN side with 192.168.1.124 and the WAN is 192.168.1.116.

    It configured the WAN as DHCP and the LAN static and assigned a DHCP Server to the LAN. So I think I'm close. I don't have Internet access to on my laptop that I plugged into the switch yet but this is much more promising.

    TOmorrow morning, I'm going to drop the network, hook up the pFsense box to the switch and see what happens just with that. I may need to configure some rules to allow outbound traffic but out of at least 15 attempts with auto-configure, this is the farthest I've been able to get.


  • LAYER 8 Global Moderator

    "with 192.168.1.124 and the WAN is 192.168.1.116."

    Well that is broken.. you can not have same network on both lan and wan and expect it to route/nat between them.

    Why and the F are you doing this??
    "I enabled the LAN and the blockout rule switched from WAN to LAN"

    I have setup pfsense hundreds of times since version 1.. And never have I ever set up just wan first.  This really is like 3-5 minutes tops to get a pfsense box up and running unless you have hardware issues.

    Make sure you know what interface is which when you run in setup.  Make sure you are connected to the LAN side interface when you set it up.  Then if your wan is 192.168.1, when you go through the web gui portion of the setup change your lan to be different say 192.168.0 or 192.168.2



  • So I meant I have a legit WAN IP (Comcast IP)  from the modem to NIC em0 and the LAN IP 192.168.1.1 on re0. I have Internet access but its very sporadic and our VOIP phones can dial out or in but there is no voice. I assume that's rules but the internet access being intermittent I can't figure out.

    Here's the setup:

    Comcast modem -> NIC 1 (em0) on pfsense box -> NIC 2 (re0) on pfsense box to -> Netgear 24 port PoE switch

    I understand this should be simple and I think I'm complicating it. I appreciate the help and patience. Any ideas about the internet issue?


  • LAYER 8 Global Moderator

    Well for voip to work inbound you would have to create forwards to your pbx, as to outbound the default rules on pfsense would of been any any on the lan.

    There should be no reason for the internet to be sporadic - are you seeing your gateway drop.. Look at the pfsense monitor of your gateway.



  • I didn't see anything drop in the status. I'm wondering if the NIC is the issue. It's 5pm here, my birthday so I'm done for the day. Tomorrow morning, I'm going to assign the WAN to the second NIC and the second NIC to the LAN and see what happens. Process of elimination I suppose.

    You've been helpful and hope you can assist tomorrow. I'm so close I can smell it. :)

    Regards,

    Rob


  • LAYER 8 Global Moderator

    Well look at the monitor if your not seeing any spikes in response time.

    It could be just issues with dns resolution?  When you say the internet goes out?  Is it out for how long?  There have been known issues where unbound restarts all the time, etc. look in your log are you seeing unbound restart when you are having issues with internet not working?



  • Okay the monitor spit out tons of errors. On a hunch and a whim, I did a factory reset on the pfsense box, added the re0 as WAN and em0 as LAN and BOOM, worked right out of the gate. I'm on it now, VOIP is working perfectly, my Wireless AP is active and I'm able to set rules through the logs.

    Any idea why that would be working or is it just a fluke?

    I ask because if it's the adapter (Intel Pro100/1000 or the Realtek) I'm hoping to not have issues in the future.

    Thanks again for all your help!!


  • LAYER 8 Global Moderator

    realtek and freebsd/pfsense not normally a good happy fit..



  • I'd just like to thank you guys for your input. I've managed to get it working near perfect and I've been learning the ins and outs. I have a small issue with putting it behind a Server 2012 with Active Directory as the DNS doesn't want to play nice. I made a root hints only and that wasn't working so I just made a forward only zone and I'm able to see it but can't connect a client PC at the moment. I'll keep chugging away.

    Thank you again, I truly appreciate it.


Log in to reply