• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unable to access Internet from WIFI AP

Scheduled Pinned Locked Moved General pfSense Questions
28 Posts 5 Posters 2.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    NogBadTheBad
    last edited by Feb 2, 2018, 8:21 AM

    @mdahal:

    @NogBadTheBad At work so just vpnd home and checked
    net.link.bridge.pfil_member
    net.link.bridge.pfil_bridge as suggested and it appears to be off.

    Please see attached screenshot.

    Looks like I will have to run packet capture tonight.

    Hmm i'm stumped then.

    Andy

    1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

    1 Reply Last reply Reply Quote 0
    • J
      Jackish
      last edited by Feb 2, 2018, 8:26 AM

      @NogBadTheBad:

      If you use the wan interface on a ADSL or cable Wi-Fi router you'll be routing between its wan interface and the lan & Wi-Fi interface.

      There will be a NAT of your public IP address on the pfSense router then another on your ADSL or cable Wi-Fi router.

      Many here will agree.

      Probably missed the distinction between cable/adsl router and "normal" counsumer router (without modem). I would assume that they would work in a similar fashion. Please disregard my comments if they dont!

      1 Reply Last reply Reply Quote 0
      • M
        mdahal
        last edited by Feb 2, 2018, 12:44 PM Feb 2, 2018, 12:39 PM

        Ok, the DHCP server is definately pfSense we can put that issue to bed. It is not an issue with DHCP.

        $ ipconfig getoption en0 server_identifier
        192.168.3.1

        The packet capture is as below:

        23:37:23.564678 IP 192.168.3.3.5353 > 224.0.0.251.5353: UDP, length 504
        23:37:23.564893 IP 192.168.3.3.55736 > 192.168.3.1.53: UDP, length 57
        23:37:23.564968 IP 192.168.3.3.56214 > 192.168.3.1.53: UDP, length 58
        23:37:23.565379 IP 192.168.3.3.56221 > 192.168.3.1.53: UDP, length 40
        23:37:23.565381 IP 192.168.3.3.53338 > 192.168.3.1.53: UDP, length 58
        23:37:23.566058 IP 192.168.3.3.61273 > 192.168.3.1.53: UDP, length 41
        23:37:23.566376 IP 192.168.3.3.52096 > 192.168.3.1.53: UDP, length 41
        23:37:23.567298 IP 192.168.3.3.50299 > 192.168.3.1.53: UDP, length 42
        23:37:23.619931 IP 192.168.3.3 > 224.0.0.2: igmp
        23:37:23.621867 IP 192.168.3.3 > 224.0.0.2: igmp
        23:37:23.678451 IP 192.168.3.1.5353 > 224.0.0.251.5353: UDP, length 381
        23:37:23.691769 IP 192.168.3.1.5353 > 224.0.0.251.5353: UDP, length 291
        23:37:23.717323 IP 192.168.3.3.5353 > 224.0.0.251.5353: UDP, length 252
        23:37:23.718800 IP 192.168.3.1.5353 > 224.0.0.251.5353: UDP, length 1096
        23:37:23.765310 IP 192.168.3.3.40827 > 192.168.3.1.53: UDP, length 46
        23:37:23.828317 IP 192.168.3.3.16403 > 17.173.254.222.16384: UDP, length 16
        23:37:23.828546 IP 192.168.3.3.16403 > 17.173.254.222.16385: UDP, length 16
        23:37:23.829258 IP 192.168.3.3.16403 > 17.173.254.223.16386: UDP, length 16
        23:37:23.912807 IP 192.168.3.3.53145 > 192.168.3.1.53: UDP, length 27
        23:37:23.912928 IP 192.168.3.3.54839 > 192.168.3.1.53: UDP, length 31
        23:37:23.912988 IP 192.168.3.3.54295 > 192.168.3.1.53: UDP, length 50
        23:37:23.913119 IP 192.168.3.3.61340 > 192.168.3.1.53: UDP, length 42
        23:37:23.913244 IP 192.168.3.3.55505 > 192.168.3.1.53: UDP, length 30
        23:37:23.913475 IP 192.168.3.3.49284 > 192.168.3.1.53: UDP, length 50
        23:37:23.914281 IP 192.168.3.3.63063 > 192.168.3.1.53: UDP, length 43
        23:37:23.949944 IP 192.168.3.3.65212 > 192.168.3.1.53: UDP, length 48
        23:37:23.950247 IP 192.168.3.3.56222 > 192.168.3.1.53: UDP, length 48
        23:37:23.952349 IP 192.168.3.3.50907 > 192.168.3.1.53: UDP, length 35
        23:37:24.050275 IP 192.168.3.3.21751 > 192.168.3.1.53: UDP, length 34
        23:37:24.050803 IP 192.168.3.3.25910 > 192.168.3.1.53: UDP, length 32
        23:37:24.499358 IP 192.168.3.3.59259 > 192.168.3.1.53: UDP, length 42
        23:37:24.522294 IP 192.168.3.3.27118 > 192.168.3.1.53: UDP, length 37
        23:37:24.555107 IP 192.168.3.3.56400 > 192.168.3.1.192: UDP, length 4
        23:37:24.559538 IP 192.168.3.3.55736 > 192.168.3.1.53: UDP, length 57
        23:37:24.559573 IP 192.168.3.3.56214 > 192.168.3.1.53: UDP, length 58
        23:37:24.559616 IP 192.168.3.3.53338 > 192.168.3.1.53: UDP, length 58
        23:37:24.559729 IP 192.168.3.3.56221 > 192.168.3.1.53: UDP, length 40
        23:37:24.559840 IP 192.168.3.3.61273 > 192.168.3.1.53: UDP, length 41
        23:37:24.559960 IP 192.168.3.3.52096 > 192.168.3.1.53: UDP, length 41
        23:37:24.566590 IP 192.168.3.3.5353 > 224.0.0.251.5353: UDP, length 676
        23:37:24.777339 IP 192.168.3.3.61863 > 192.168.3.1.53: UDP, length 46
        23:37:24.894125 IP 192.168.3.3.53145 > 192.168.3.1.53: UDP, length 27
        23:37:24.894372 IP 192.168.3.3.54839 > 192.168.3.1.53: UDP, length 31
        23:37:24.894379 IP 192.168.3.3.54295 > 192.168.3.1.53: UDP, length 50
        23:37:24.895705 IP 192.168.3.3.61340 > 192.168.3.1.53: UDP, length 42
        23:37:24.896116 IP 192.168.3.3.55505 > 192.168.3.1.53: UDP, length 30
        23:37:24.898720 IP 192.168.3.3.49284 > 192.168.3.1.53: UDP, length 50
        23:37:24.908239 IP 192.168.3.3.63063 > 192.168.3.1.53: UDP, length 43
        23:37:24.944160 IP 192.168.3.3.65212 > 192.168.3.1.53: UDP, length 48
        23:37:24.946450 IP 192.168.3.3.56222 > 192.168.3.1.53: UDP, length 48
        23:37:24.955006 IP 192.168.3.3.50907 > 192.168.3.1.53: UDP, length 35
        23:37:25.050644 IP 192.168.3.3.64095 > 192.168.3.1.53: UDP, length 39
        23:37:25.051365 IP 192.168.3.3.26479 > 192.168.3.1.53: UDP, length 35
        23:37:25.057382 IP 192.168.3.3.56400 > 192.168.3.1.192: UDP, length 4
        23:37:25.062321 IP 192.168.3.3.65264 > 192.168.3.1.53: UDP, length 34
        23:37:25.063264 IP 192.168.3.3.30159 > 192.168.3.1.53: UDP, length 32
        23:37:25.457114 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
        23:37:25.457435 IP 192.168.3.1.67 > 192.168.3.3.68: UDP, length 300
        23:37:25.502920 IP 192.168.3.3.59259 > 192.168.3.1.53: UDP, length 42
        23:37:25.533404 IP 192.168.3.3.47607 > 192.168.3.1.53: UDP, length 37
        23:37:25.918699 IP 192.168.3.3.16403 > 17.173.254.222.16384: UDP, length 16
        23:37:25.919224 IP 192.168.3.3.16403 > 17.173.254.222.16385: UDP, length 16
        23:37:25.919245 IP 192.168.3.3.16403 > 17.173.254.223.16386: UDP, length 16
        23:37:26.061372 IP 192.168.3.3.44341 > 192.168.3.1.53: UDP, length 39
        23:37:26.062385 IP 192.168.3.3.27684 > 192.168.3.1.53: UDP, length 35
        23:37:26.563862 IP 192.168.3.3.55736 > 192.168.3.1.53: UDP, length 57
        23:37:26.563955 IP 192.168.3.3.56214 > 192.168.3.1.53: UDP, length 58
        23:37:26.564059 IP 192.168.3.3.53338 > 192.168.3.1.53: UDP, length 58
        23:37:26.564180 IP 192.168.3.3.56221 > 192.168.3.1.53: UDP, length 40
        23:37:26.564286 IP 192.168.3.3.61273 > 192.168.3.1.53: UDP, length 41
        23:37:26.564403 IP 192.168.3.3.52096 > 192.168.3.1.53: UDP, length 41
        23:37:26.564678 IP 192.168.3.3.56400 > 192.168.3.1.192: UDP, length 4
        23:37:26.796549 IP 192.168.3.3.50352 > 192.168.3.1.53: UDP, length 46
        23:37:26.895081 IP 192.168.3.3.53145 > 192.168.3.1.53: UDP, length 27
        23:37:26.895316 IP 192.168.3.3.54839 > 192.168.3.1.53: UDP, length 31
        23:37:26.895988 IP 192.168.3.3.54295 > 192.168.3.1.53: UDP, length 50
        23:37:26.896813 IP 192.168.3.3.61340 > 192.168.3.1.53: UDP, length 42
        23:37:26.896988 IP 192.168.3.3.55505 > 192.168.3.1.53: UDP, length 30
        23:37:26.899847 IP 192.168.3.3.49284 > 192.168.3.1.53: UDP, length 50
        23:37:26.909471 IP 192.168.3.3.63063 > 192.168.3.1.53: UDP, length 43
        23:37:26.945472 IP 192.168.3.3.65212 > 192.168.3.1.53: UDP, length 48
        23:37:26.948210 IP 192.168.3.3.56222 > 192.168.3.1.53: UDP, length 48
        23:37:26.953529 IP 192.168.3.3.50907 > 192.168.3.1.53: UDP, length 35
        23:37:27.064980 IP 192.168.3.3.56400 > 192.168.3.1.192: UDP, length 4
        23:37:27.083498 IP 192.168.3.3.63089 > 192.168.3.1.53: UDP, length 34
        23:37:27.084380 IP 192.168.3.3.49699 > 192.168.3.1.53: UDP, length 32
        23:37:27.129341 IP 192.168.3.3.52371 > 192.168.3.1.53: UDP, length 42
        23:37:27.555757 IP 192.168.3.3.53540 > 192.168.3.1.53: UDP, length 37
        23:37:27.573832 IP 192.168.3.3.5353 > 224.0.0.251.5353: UDP, length 676
        23:37:27.775351 IP 192.168.3.3.55105 > 192.168.3.1.53: UDP, length 39
        23:37:27.799915 IP 192.168.3.3.50352 > 192.168.3.1.53: UDP, length 46
        23:37:28.084606 IP 192.168.3.3.63089 > 192.168.3.1.53: UDP, length 34
        23:37:28.084660 IP 192.168.3.3.49699 > 192.168.3.1.53: UDP, length 32
        23:37:28.084937 IP 192.168.3.3.57463 > 192.168.3.1.53: UDP, length 39
        23:37:28.085387 IP 192.168.3.3.62478 > 192.168.3.1.53: UDP, length 35
        23:37:28.133873 IP 192.168.3.3.52371 > 192.168.3.1.53: UDP, length 42
        23:37:28.559770 IP 192.168.3.3.53540 > 192.168.3.1.53: UDP, length 37
        23:37:28.779774 IP 192.168.3.3.55105 > 192.168.3.1.53: UDP, length 39
        23:37:29.088963 IP 192.168.3.3.57463 > 192.168.3.1.53: UDP, length 39
        23:37:29.089067 IP 192.168.3.3.62478 > 192.168.3.1.53: UDP, length 35

        In this I have tried to go to a website and tried pinging the server. Somehow the DNS request is getting to the server but not the ICMP. And there is no TCP traffic just DNS.

        I am perplexed why pfsense is not answering. Please note the packet capture file is in cap format.

        packetcapture.pcap

        1 Reply Last reply Reply Quote 0
        • N
          NogBadTheBad
          last edited by Feb 2, 2018, 1:20 PM

          How about doing the same test but packet capture on the wan interface, is traffic exiting?

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • M
            mdahal
            last edited by Feb 2, 2018, 1:23 PM

            @NogBadTheBad:

            How about doing the same test but packet capture on the wan interface, is traffic exiting?

            You mean for traffic originating in WIFI Interface going out of WAN ? As LAN interface is working there are around 30 odd devices using internet via LAN interface. So, traffic is definately exiting WAN.

            1 Reply Last reply Reply Quote 0
            • M
              mdahal
              last edited by Feb 2, 2018, 1:32 PM

              Not sure if the interface is busted. This pfsense is running in Supermicro SYS-E200-9B box with 4 intel NIC.

              I have just moved the AP over to IPMI interface which was sitting there unused and voila it is working. I can connect to internet. Ping pfsense and do everything!!

              I will now have to perform further testing to see if this interface is playing up.

              Really appreciate all your help. Specially, NogBadTheBad you have been extremely helpful.

              Cheers!!

              1 Reply Last reply Reply Quote 0
              • M
                mdahal
                last edited by Feb 2, 2018, 2:01 PM

                The good news is interface is not busted. I deleted the interface and recreated it. Swapped the name around and created this interface as IPMI added rule in the interface to allow any to any. And now it works.

                Must have been some config in there from my previous days of bridging the interface. Really happy to have this resolved now.

                Cheers.

                1 Reply Last reply Reply Quote 0
                • J
                  johnpoz LAYER 8 Global Moderator
                  last edited by Feb 2, 2018, 5:41 PM

                  192.168.3.1.53: UDP, length 39

                  So that is your client at 192.168.3.3 asking for dns.. Pfsense does not answer - so no how would the client go to any website? if can not look it up.  So looks you do not have unbound running or forwarder working at all.

                  Or you don't have any firewall rules on this interface to allow access?  The lan interface would have a default any any rule on it.  Some new interface you created would not have any rules you would have to put either an any any or the rules you would like to allow.

                  Pfsense will create behind the scene firewall rules to allow for dhcp to work.. But I only see this
                  23:37:25.457114 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
                  23:37:25.457435 IP 192.168.3.1.67 > 192.168.3.3.68: UDP, length 300

                  there should be more.. from what have to assume is the discover there to FF:67, the answer would be a offer - but you should then see a request and ack..

                  But clearly from this whatever .3 is sending traffic to .1 (pfsense)..  I take it .3 is a wifi client?  So where are the rules on this interface on pfsense?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  28 out of 28
                  • First post
                    28/28
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received