Windows update
-
How do i get windows update exceptions to work in the firewall I thought it was working but my wireless side is not allowing update for windows 7 to work and i am not sure what i have to do to get windows update to work on wired and wireless. i have had this thing working for some time now but the windows update to work. My Pandora isn't working on my cell phone wireless side ether. is Instagram can any one tell me what i need to do to get these all working. Thanks for your time
-
You need to share a bit more information about your setup. This should all work by default.
:)
-
what do i need to show you I know its probably something i did wrong setting up this thing i just did a bunch of guessing and it seem to work but none of this stuff is working now
-
Show the firewall rules on LAN.
-
Is this what you need or is there something else i need
 -
do you have a similar rule like the "Default allow …" on your WLANWIFI-interface?
-
This is all that is in the WiFi side
 -
I added a rule just like the lan one but it still not letting me get my windows update i still get the error that it isn't talking to the update server at Microsoft.
-
Did you setup any IPv6 on your pfSense?
I am just thinking that maybe if the WiFi interface has been given an IPv6 address, and the Windows devices learn an IPv6 address that looks global… then they will think that IPv6 is available and try to use the Windows Update server at its IPv6 address.Do```
ipconfigThis is just a stab-in-the-dark from me - I thought of it when I noticed that the default pass all rule for IPv6 is not there on LAN. -
No sir i don't have any of the IPv6 address stuff set up as far as i know all the ipv6 stuff is turned off. I only run ipv4 as far as i know. is there a file or log or something you could look at that might tell you where I am, going wrong with my setup maybe.
-
Not only am I not able to get my windows updates still I cant get the Pandora or instagram to work on this thing all on the wireless side can someone please tell me where to go to fix this and what info you need to help me. I just don't get it build this thing to help protect my systems and now it wont even let me do anything with the windows updates and the Pandora and the instagram on the wireless side of the system.
-
You cannot install Windows updates on Ubuntu ;D
-
i am not trying to install on Ubuntu thats just the system i used to show the screen shots of the firewall rules that is just one of my 10 systems that are on the wired side the netbook and a kodi rig are my only two windows based systems the kodi system is wired and the netbook is on the wireless side along with my two phones.
The wired side seems to work ok its the wireless side that wont download the windows updates. keeps giving me the error that i need to add the Microsoft web address to the firewall exceptions or allow list and i must be stupid cause i don't know where to find such a place in the pf sense firewall stuff i love this thing but i don't understand where i am suppose to put such things. just a little help would be greatly appreciated.
-
I was in the mood for a some unseriousness ::)
Do you have name resolution on your wifi interface, e.g. can you browse or ping update.microsoft.com from those machines not working properly?
With that much problems there seems to be missing something basically.
Which version of pfSense are you running? -
Mr jahonix:
No i can not ping update.Microsoft.com from my netbook But it works on my wired windows system just fine its just my three wireless systems that are not talking to the programs i have listed in the last few post.
i did an Microsoft windows update on my desktop Wired windows system and it went through just fine but i can not get the wireless netbook to update it keeps telling me the same error as reported in the one post so i am at a total loss why the wireless side is goofing up and the wired side is not.
Just not sure what i am missing here
Version 2.3.4-RELEASE (i386)
built on Wed May 03 15:22:11 CDT 2017
FreeBSD 10.3-RELEASE-p19 -
Which error do you get when trying to ping www.google.com or anything not local?
You either have no DNS server configured for that interface or you're missing rules.
-
How about a screenshot of your Outbound NAT entries. Also, try pinging 4.2.2.2 from the WLANWIFI network.
-
This is my out bound Nat settings & for the pinging of 4.2.2.2 worked ok so did ping google.com But ping of update.microsoft.com still not working. This is the ping from the wlanwifi side from my net book it says4 sent and 4 received for the google & 4.2.2.2 but for the microsoft update it says request timed out twice 2 sent 2 lost
The two screen shoots are of the same thing just one is the top of the page and the other is the rest of the page
Thanks for all your help this far i just want to say I thought I knew what i was doing but i guess i am not as smart as i thought i was.
is there any more files or areas you folks may need to look at i can set up my teamviewer so someone can log in and look at the whole setup and maybe be able to fix it them selfs i am more than happy to do that thanks again. Wildmanron
 -
Do a tracert to update.microsoft.com and see the hops it goes along.
tracert update.microsoft.comThat will tell you if it ever leaves the firewall towards the internet, or is spinning around or dropped somehow in pfSense or your own network.
-
Ok i thank you for this command but can you explane to me how to use the command and witch one of the systems do i use to issue the command from.
-
From one of the Windows systems on the WiFi, and do it from a Windows System on the wired LAN also. Then you can compare the output and see what is different about the way the network is routing.
-
Heres what it says for the Wifi side top picture bottom is the wired side
-
Strange, before I posted to ping update.microsoft.com I checked and could ping it. Now it times out here as well.
Your trace routes clearly show that your router is working. The Microsoft Network (msn.com) is having problems getting your packets to its destination. Nothing you can do about that.
-
Ok i Thank you for this info. Ok so what about the wireless side of the cell phone trouble with the Pandora & Instagram also i just did another update on my wired Windows desktop and it went through just fine but the wireless netbook is still not updating.
-
Both of those trace route commands are having trouble getting to update.microsoft.com - so that does not really help us to know what is the difference between your wired LAN and your WiFi.
If you know the places where Pandora and Instagram go on the internet to "do their thing", then try tracert to those places.
The aim is to find some difference between wired and WiFi routing or packet filtering that will then give a clue where to look (pfSense settings, modem to ISP or…?)
-
Ok here is the trace routes to pandora and instagram instagram dose the same as microsoft but pandora goes through
I am sorry for the side ways pictures for some reason they keep turning all different way but the way i want them when i upload them to you folks so i am sorry i don't know what to do to change that on my end
these are all done on the wireless side
-
They are all routing out to the internet. The various "timed out" once it gets ot to the internet are to be expected. Not all router ops along the way are going to respond to ping/tracert. But the fact that you get various responses back from out on the real internet means that the packets are passing through pfSense and the routing and NAT are working.
Have you moved a system from WiFi over to wired and confirmed that it works, just by switching off its WiFi and plugging in a cable?
-
Ok i thought about it but didn't do it till you said that in you post back to me. ok I turned off the wifi on my netbook and plugged in the wired side and went to the windows update and it is working just fine but not on the wireless side makes no since.
What is going on here i am at a total loss now. where am I failing to look for the problem its got to be staring me in the face but i just cant get a grip on it.
Any suggestions for me.
-
Let's bypass WIFI but still use the network configured for wireless. Cable the Netbook directly into the WLANWIFI adapter on the firewall and see what happens with windows updates..
-
Ok so far no go I plugged into the back of my D-link Dir 655 router that i am using as an access point and it gave me the same error now I am plugged into the network card that goes to the Dir 655 i unplugged the cable to it and plugged in the netbook to the card so ok it just returned the same error from both tries so it is got to be a setting or something on the wireless side of my setup right
I posted the error Meaning and the update error down below this is what i have been fighting on the wireless side the wired side works just fine to update windows just the wireless side i am having the problem with
-
Are you plugging the WAN port of the D-Link into the pfSense firewall? If so, I would move the pfSense <–> D-Link WAN port cable to an open LAN port on the D-Link. If you do this, verify that you have the DHCP Server service configured on the pfSense box for the WLANWIFI network interface. Also, if the DHCP server service is running on the D-Link router, you will want to disable that so you don't have two DHCP servers running on the WLANWIFI network.
This will make sure your D-Link router is not providing any firewall services that could be blocking traffic to/from the internet..
-
Yes it is plugged into a Lan port and yes the DHCP SERVER is shut down on The DIR 655 the cable comes from one of the nic cards and goes to the lan port on the back of the Dir 655 the nic card is a intel card and it is the opt 1 card in the setup
So i am going through the setting on the access point and i dont see any problems with any of the setting there so it has to be the pf sense system i am thinking
-
We know that when you tracert out from a WiFi client, it gets out to the public internet fine, and the various router etc hops on the public internet can reply (when they do). So that means that ICMP is being passed by pfSense and NATed out OK.
And you said that you tried bypassing the WiFi device completely by plugging a client in by cable directly to the pfSense WiFi physical ethernet interface. And the problem was still there. So that shows that this problem is not caused (just) by the WiFi device.
So there "must" be something different about rules or outbound NAT for TCP/UDP, but that somehow is just different for some public internet destinations. A difference like that would not be seen in tracert.
You can try Diagnostics->Packet Capture on pfSense to look at the packets coming in on pfSense WiFi interface, and going out on WAN, and compare tat to when the packets come from pfSense LAN interface. That "must" show some different pattern that will help to guess what setting could be the problem.
I say "must" in quotes, because this is very mysterious and difficult to diagnose by back-and-forth in the forum.
-
Thank you for your comment on this issue i will try some of your idea and see what i find but ya this thing is driving me crazy i thought i know more than i did i guess. Just goes to show i am not the smartest guy on the planet even though i though i had this PF Sense thing down to a science LoL.
I also kind of think i may have a bad nick card on one of my ports not sure but i keep getting a signal 11 on one of the cards and from what i have read in the PF Sense forums that is a sign of a bad card or hard ware of some kind i guess i better say. So i may just scrap this thing and build a new one and see if it dose the same thing.
This is an older computer that i am using so maybe have to upgrade the system to help with some of these issue i will just have to try some of the different options and see what happens thank you all for the help it has been really nice to have you folks trying so hard to help me.
I will have to post a update of the new system to let you all know what i find.
-
Another thought, maybe there is some problem with successfully sending big packets through the ethernet card/port that has the WiFi. Then for a lot of internet browsing you might be "kind-of-OK", but when you do something that tries to use the full MTU it gets trouble.
You can find some site that will ping OK, then increase the packet size of the ping up towards 1500:
ping -l 1200 8.8.8.8and see if something breaks at large length ping packets.
Then try the same from LAN side and see if it works.
You can even try swapping the physical device assignments for LAN and WiFi interfaces in Interfaces->Assign and then see if the problem moves to being on LAN (now on the physical ethernet port that WiFi used to be on). That would demonstrate that it is a physical ethernet port issue.
-
See i told ya I am stupid i didn't even think of that till you just suggested it i am kind of been down for the last year had a bad deal happen in my life 2 years ago. I still having trouble with my mind so some times i do real good then theres days i cant do anything right so ya I will try to move it around and see what happens thanks again for telling me something i should have already known. I will let you know what i find may take me a day or two or so but i will give it a shot thanks again.
-
See i told ya I am stupid i didn't even think of that …
Naah, unexperienced at best. Don't worry.
-
Thank you : jahonix
That is some funny stuff right there i am still working on some of the stuff but have been interrupted for a while have to put my step dads bicycle together LOL will get back to my stuff here as soon as i can I want to Thank All you folks who helped me so far I just not sure how you do that every time i hit thank you it says i already did that so anyway thanks folks for all the help i will try to keep you all up to date.
Thanks for the Quote i like it
