No route to host

rsloan

Hi,

This is my first post and first installation of pfSense although I have used other firewalls.

The issue I have is the following:

My Wan IP is 192.168.16.2 - Set via DHCP (Connecting to an VDSL router)
Lan is 10.1.1.1

I have two PC's connected to the VDSL router while I'm working on setting up psSense and 2 behind the pfSense firewall.

Selecting Option 7 (Ping Host) I am able to ping either of the IP addresses at 10.1.1.10, 10.1.1.11 or the 192.168.16.100, 192.168.16.103

I have no internet on the Lan side of pfSense.

If I try to ping any external IP address suck as 8.8.8.8 or google.com I get the message "No route to host"

I haven't touched any of the default rules or added any new ones as yet.

Can anyone offer any guidance?

Best regards,

Robert.

Gertjan

@rsloan:

Can anyone offer any guidance?

I use pfSense, LAN 192.168.1.0/24 (default setting - pfSense has 192.168.1.1) and a VDSL router as my WAN (vdsl) device.
My VDSL router had the same LAN settings, so I switched it to 192.168.10.0/24 on its LAN side FIRST - the Router LAN IP is 192.168.10.1

My WAN interface is set to "DHCP" - my wan IPv4 is 192.168.10.11 right know.

So, what I have (and why didn't you show it ??) :

[2.3.4-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root:  netstat -r
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
default            192.168.10.1       UGS         rl0
localhost          link#7             UH          lo0
192.168.1.0        link#3             U          fxp0
pfsense            link#3             UHS         lo0
.....
192.168.10.0       link#1             U           rl0
192.168.10.11      link#1             UHS         lo0

193.253.160.3      192.168.10.1       UGHS        rl0

.......
(we forget the IPv6 lines here)

The first line tells us that my gateway (called here "default") is 192.168.10.1, or : my VDSL router.
And that's it. It works.
My own words are : " everything that is addressed and isn't local will be send trough the 'rl0' interface (the hardware name of my WAN) to IP 192.168.10.1 and "he" will take care from there ".

When you hook up pfSense to a router (and put the WAN interface in DHCP mode) then pfSense will pick up an IP, a gateway (DNS, etc) just like any other device (PC, whatever). This router should have a DHCP server on it's LAN, of course.
If that doesn't work, something has been set to something non-standard (that's ok) and often this boils down to "doesn't work" (less ok, you have an issue then).

rsloan

Hi,

Many thanks for your reply and sorry for the delay in replying.

I re-installed pfSense from scratch, only changing IP addresses, so now have the following:

VDSL router set to LAN IP 192.168.16.1
IP address given to pfSense WAN port  192.168.16.35
IP addresses given on LAN interface 192.168.10.0/24

From the pfSense console I can now ping some external ip address but not all, for example I can ping google.com but not Microsoft.com.

Netstat gives the following:

[2.3.4-RELEASE][root@pfSense.sloan.local]/root: netstat -r
Routing tables

Internet:
Destination      Gateway            Flags      Netif Expire
default            192.168.16.1      UGS      re0
localhost          link#5              UH          lo0
192.168.10.0  link#7              U            ue0
pfSense          link#7              UHS        lo0
192.168.16.0  link#1              U            re0
192.168.16.1  f4:4d:30:6e:55:0e  UHS  re0
192.168.16.35 link#1            UHS          lo0

I have no internet access on the LAN side but I don't believe this is related to DNS being resolved on my VDSL router as any machines connected directly to that router can access the internet OK.

Any further pointers you can offer would be greatly appreciated.

Regards,

Robert.

Gertjan

@rsloan:

… but not all, for example I can ping google.com but not Microsoft.com.

Remember that not all hosts on the Internet actually reply to a ping request.
That's an administrators choice.
Consider the ping issue resolved.

@rsloan:

Netstat gives the following:

[2.3.4-RELEASE][root@pfSense.sloan.local]/root: netstat -r
Routing tables
….

Your routeing table seems fine to me.

@rsloan:

I have no internet access on the LAN side but I don't believe this is related to DNS being resolved on my VDSL router as any machines connected directly to that router can access the internet

On a freshly installed pfSense you don't need to touch any DNS settings - the resolver will work.
Because your WAN uses a 'local' adress ( 192.168.16.35 ) the " Block private networks and loopback addresses " should NOT be checked.

Furthermore, check that DHCP on LAN is working and that your PC obtained an IP from pfSEnse (and with the IP, the DNS and Gateway, both should be the IP-Lan-PfSense ( 192.168.10.1 ?! ). Check with

ipconfig /all

rsloan

Hi,

I've tried setting up on a VM (Virtualbox) instead as a process of elimination and that worked OK. I'm now thinking the issue might be one of my Ethernet adapters which is USB (Forgot to mention that fact) I'll now order an Intel mini-PCI card and try again.
Regards,

Robert.

Gertjan

@rsloan:

(Forgot to mention that fact)

Oh.
That changes all. These kind of "devices" need a big knowledge about device recognition and other technical knowledge.
I would have advised you right away : "remove it right away and you'll be fine"  ;)