Just moved from the UK to China - problems
-
Sorry for a very late reply. I have been so busy as my life has turned upside down.
My estate agent who is my first point of contact came to see if I could directly connect my ancient wireless TP link router to my laptop. She successfully did by using a Ethernet cable from the ancient wireless TP link router one of the Ethernet ports to my laptop.
If I plug this into one of the Intel based Ethernet ports, I can still ping as described below even though the led above stays orange and never turns green and orange.
So now I have a working WAN connection that I can use. :) I have attached pictures of my WAN and LAN IP's
OK, I have attached new pictures of my setup. I can ping various websites such as www.sky.com, www.krellonline.com, www.yahoo.com, www.ymail.com & www.bbc.co.uk. Strange thing is that my WAN light stays orange, never green and orange. The yellow Ethernet is from my cable modem
I have a LAN IP as proven in one of my attached pictures which has both green and orange led lights. My problem is that I cannot reach 192.168.1.1 to finalise my pfsense setup. I even tried to temporary disable my internet security software. Still no LAN can be seen.
I forgot to add, the black Ethernet is from back of the ancient TP link wireless router into my pfsense box. White is my LAN cable that goes into the Ethernet port of my Dell xps.
My final setp should be: back of ancient TP link router -> WAN on my pfsense box -> LAN on my pfsense box to my wireless AP a old but stable Asus RTN 66U (with the latest firmware that is still being supported by Asus)
-
Your pictures clearly show your WAN and LAN fighting over the same subnet of addresses.
On the console you will see option 2 "Set interface IP address" pick that one and change your LAN (igb1) to another private IP range.
Try 10.0.0.0/24 or 172.16.0.0/24 anything but what you are using now.
Your firewall will be at 10.0.0.1 or 172.16.0.1 depending on your choice.
" I have been so busy as my life has turned upside down. " Yup, think your machine knows the feeling. o_0 -
Thanks, I am pretty bad at networking. What are the exact steps to change to 172.16.0.0/24?
-
Can somebody help me please?
-
Thanks, I am pretty bad at networking. What are the exact steps to change to 172.16.0.0/24?
:o
yup, figured your new job was not within the IT field. I thought I explained some what of the problem I saw, but hey! Actually all the guys were giving good feedback. I still sense a Dok joke here, but I digress.
I think we did not realize a triple NAT problem. I had a bad night (no sympathy needed) just to put that out there to help explain my wierd post to help out my fellow man. Dude you really need to sit down with a network basic book and make things easier for yourself and me.
But I did prevail and decide to get you your GUI damnit. :o
Triple NAT 8) very cool. How you post here is beyond me. So after last nights lack of sleep I thought I would make my previous post better understood with more pictures. yeah!! ???
SOO.. get to shell options enter "2" comp will bitch an say what interface, you put in "igb1", then comp will ask for an IP or range of IP (not sure it has been a year or more since I had to do this) then you will enter "172.16.0.0/24" and the comp will figure out HEH! you must want 172.16.0.1 for PfSense lan IP and you respond and smash ENTER you bet your ass I do.
I think that should about do it. Pics below cause I am beat and bored.PS - also if you just unplug your WAN at the PfSense then reboot you might/maybe/could possibly trick the firewall off 192.168.1.1 at the WAN and access the GUI from the LAN at 192.168.1.1 but you will have to change your IP setting for the LAN (172.16.0.0/24) before plugging in the WAN again.
Confused? yup, me too! ;D
Brain going to mush as I type.
Hope this helps, if not, screw it, I had fun. Goodnight –hmm-- day.
-
Thanks for your help. Yes, I do not work in IT. I am a researcher from the UK NHS. I fully understand your lack of sleep, just been surviving on about 3-4 hours per night for almost 2 weeks. I have un-plugged the badly made grey Ethernet cable and my internet is un-affected. Will follow through what you have said and get back soon.
-
Just to be sure : the last image above, the "shelll.jpg", something terrible has been shown there :
The WAN and LAN network are the same !! This is a huge no-go situation.
LAN = 192.168.1.1/24
This is the value by default, and you should keep it EXCEPT when, after setting up WAN, the WAN IP becomes the same network - in your case, 192.168.1.100/24 **.
This is the case right now - the image says so, so you should change your LAN IP (network) for - per example :
192.168.2.1/24Your pfSense WAN interface is set, by you , right after installing pfSense, to behave as "DHCP-client" : it will ask a upstream router (with a DHCP server) an IP address. It became 192.168.1.100/24 - and that obliges you to change the LAN network right away. This can be done in the GUI, or the console menu, option 2. As said, 192.168.2.1/24 will be fine.
You can reach pfSense after that from LAN using IP 192.168.2.1 as an address in the navigator to access the GUI. -
Thanks,
I have changed my lan IP as instructed. In option 2, the console requested I choose to enable DHCP on my lan, I chose "no". My lan IP is 192.168.2.1/24.
I initially changed my lan IP to 172.16.0.0 but was still not getting webconfigurator.
I get this message:
The connection has timed outThe server at 192.168.2.1 is taking too long to respond.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. :'(I have changed my lan IP as instructed. In option 2, the console requested I choose to enable DHCP on my lan, I chose "no". My lan IP is 192.168.2.1/24.
I initally changed my lan IP to 172.16.0.0 but was still not getting webconfigurator.
I get this message:
The connection has timed outI initially set my lan IP to 192.168.254 as seen in the attachment. Then I changed it to 192.168.2.1.
It asked for a DHCP enabled, I said no on the lan.
I still cannot reach the web gui.
![IMG_20180315_152803_HDR r.jpg](/public/imported_attachments/1/IMG_20180315_152803_HDR r.jpg)
![IMG_20180315_152803_HDR r.jpg_thumb](/public/imported_attachments/1/IMG_20180315_152803_HDR r.jpg_thumb)
-
Windows says "local area connection" does not have a valid IP configuration..
-
If you disabled DHCP you have to assign a static address to the windows workstation. Just set up a DHCP server.
Renumber the LAN interface again to 192.168.2.1/24 but this time, say yes to the DHCP server.
Set the start of the range to 192.168.2.129 and the end as 192.168.2.254.
Disconnect the windows laptop from the LAN port and reconnect it.
Give it a second and try https://192.168.2.1/ again.
-
So in choice2, in console, when changing IP addresses I enable dhcp?
At "Do you want to enable the DHCP server on LAN? (y/n)" I typed "y"
Now it is asking for:
"Enter the start address of the IPv4 client address range"OK, I typed in at:
"enter the start address at the IPv4 client address range: 192.168.2.129"
""enter the end address at the IPv4 client address range: 192.168.2.254"It then asks for web confi to revert to non HTTPS, I typed "n"
Next:
"reloading filter…"
"reloading routing configuration..."
"DHCPD...""The IPv4 LAN address has been set to 192.168.2.1"
"You can access the webconfigurator by opening the following URL in your web browser: https://192.168.2.1/Now I can access webconfigurator,
but I get this message"An HTTP_REFERER was detected other than what is defined in System -> Advanced (https://forum.pfsense.org/index.php?action=post;msg=790188;topic=137592.60). If not needed, this check can be disabled in System -> Advanced -> Admin."
-
I don't know what you are doing. Just type that into the URL bar in your browser. Don't click on a forum link.
-
Thanks for all your support. I can now access web gui. ;D
But I want to add my Asus RTN 66U wireless AP as to replace my old tp link router. When I plug in my Asus to the LAN port of my pfsense box, I can connect wireless to it via my laptop but have no internet access. I have typed in my correct wpa 2 aes key.
any solutions would be very much appreciated. -
… the console requested I choose to enable DHCP on my lan, I chose "no". My lan IP is 192.168.2.1/24.
Only experts should consider "No".
As far as I know, experts always chose "Yes" (live is just to short).
Yes is the default btw, never ever remove a default option (that's equivalent for "looking for problems").Do option 2 again, and chose "Yes".
Nice side effect : Your LAN will start to work !
edit :
About your : "Asus RTN 66U wireless AP" : when you buy a box like that, it's has probably activated its "router mode".
Which means : it has a DHCP server …. You have to de activate that (how ? See Asus RTN 66U wireless AP support - user manual)
Also, put the "Asus RTN 66U wireless AP" in "bridge mode" or "AP only mode".
Also, give it a static IP like 192.168.2.2
Mask 255.255.255.0
Gateway 192.168.2.1
DNS 192.168.2.1This is what I do with my AP's - because : If you have seen one, you saw them all.
and if this "Asus RTN 66U wireless AP" has Ethernet ports on its back labeled LAN and WAN, do not use the WAN port - use (one of) the LAN labeled ports.
To save more time, consider solving the root of all problems : "just moved from the UK to China - problems " : move back.
-
… the console requested I choose to enable DHCP on my lan, I chose "no". My lan IP is 192.168.2.1/24.
Only experts should consider "No".
As far as I know, experts always chose "Yes" (live is just to short).
Yes is the default btw, never ever remove a default option (that's equivalent for "looking for problems").Do option 2 again, and chose "Yes".
Nice side effect : Your LAN will start to work !
Thanks a lot. Got everything working but, when I check my pfsense logs at: Status System Logs Firewall Normal View
After trying grc shields up, it states "you should expect to see entries from this site's probing IP addresses: 4.79.142.192 -thru- 4.79.142.207".I do not. I think as I have setup my firewall on my Asus AP, that is protecting my connection.
-
Thanks a lot. Got everything working but, when I check my pfsense logs at: Status System Logs Firewall Normal View
What ?
After trying grc shields up, it states "you should expect to see entries from this site's probing IP addresses: 4.79.142.192 -thru- 4.79.142.207".
I do not. I think as I have setup my firewall on my Asus AP, that is protecting my connection.No way.
The firewall tester "grc.com" will hit against you first firewall / NAT device, that is some box, a box in front of your pf Sense box.
If you have set up this box with NAT rules and/or to reply to ping, it could reply.
But normally, everything will be "green" which means : Ok.
Your AP is the third box in a row, and can't be reached from the outside (it could, but would take us another pages on this forum to explain ^^)As I said above : solve most if not all your problems, and move back :) (you better no be Russian, btw)
-
Thanks a lot. Got everything working but, when I check my pfsense logs at: Status System Logs Firewall Normal View
What ?
After trying grc shields up, it states "you should expect to see entries from this site's probing IP addresses: 4.79.142.192 -thru- 4.79.142.207".
I do not. I think as I have setup my firewall on my Asus AP, that is protecting my connection.No way.
The firewall tester "grc.com" will hit against you first firewall / NAT device, that is some box, a box in front of your pf Sense box.
If you have set up this box with NAT rules and/or to reply to ping, it could reply.
But normally, everything will be "green" which means : Ok.
Your AP is the third box in a row, and can't be reached from the outside (it could, but would take us another pages on this forum to explain ^^)As I said above : solve most if not all your problems, and move back :) (you better no be Russian, btw)
I meant Status System-> Logs-> Firewall Normal View
I am a British citizen, with a family history of active service in the UK military. No way Russian.
I understand, the Asus is in the front line.
Also, why I cannot connect my pfsense box to my wan port instead of lan port? -
I understand, the Asus is in the front line.
Also, why I cannot connect my pfsense box to my wan port instead of lan port?Where did you hook up this Asus box (the AP) ?
I understood : on the pfSense LAN - as one of the devices on your LAN - like PC's, printers, etc.
It's an AP, thus that is where it belongs.On the pfSense WAN side you have tour "ISP" box (also a router), that's it.
-
You might consider hiring someone to hook all this up for you.
-
I understand, the Asus is in the front line.
Also, why I cannot connect my pfsense box to my wan port instead of lan port?Where did you hook up this Asus box (the AP) ?
I understood : on the pfSense LAN - as one of the devices on your LAN - like PC's, printers, etc.
It's an AP, thus that is where it belongs.On the pfSense WAN side you have tour "ISP" box (also a router), that's it.
pfsense LAN port to Asus.