[SOLVED] No access to webGUI on fresh install



  • Hello!

    I'm new to pfsense and am not a system administrator, so I learn as I go.
    So I was messing with pfSense trying to configure WAN, with trials and errors, and at some point found myself locked out of webGUI (no VLANs, no certs, no anything special). I had no idea how that happened, so I've just reinstalled pfSense from scratch. But that didn't help!
    ATM I'm out of ideas.

    I have a fresh pfSense install. Hardware is fine and was working already.
    My HW setup is dead simple for now: pfSenseRouter > LAN > MyPC. WAN disconnected.
    After install I've only assigned interfaces (didn't work, so) then set IP adress manually for LAN to 192.168.1.1, subnet mask 24, DHCP range to 192.168.1.100 - 192.168.1.255, disabled IPv6 DHCP. I guess it was exactly the initial config. pfSense said me I can now open https://192.168.1.1 to access. I also got:

    WAN (wan)  ->  re0  -> 
    LAN (lan)  ->  re1  ->  v4: 192.168.1.1/24

    There is link-up when I connect the cable and LEDs are blinking.
    But I've got no access (no response, just timed out) from LAN. I've already tried another PC, no difference.

    What am I doing wrong? And how can I debug that? TIA.
    **[UPDATE] SOLUTION:

    0. Make sure you don't use same MACs for pfSense and your PC (happened because of spoofing, persistent even after reinstall)
    1. Use hardware MACs instead of arbitrary ones, atleast for some Realtec NICs like mine, otherwise they can go wild…**


  • Netgate

    First, make sure you are actually connecting to re1.

    If you use menu option 8 there and connect the port you can type this:

    ifconfig re1

    You should see something like this:

    re1: flags=8a43 <up,broadcast,running,allmulti,simplex,multicast>metric 0 mtu 1500
            options=bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum>ether 00:08:a2:0c:c7:f7
            hwaddr 00:08:a2:0c:c7:f7
            inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
            inet6 fe80::1:1%re1 prefixlen 64 scopeid 0x2
            media: Ethernet 2500Base-KX <full-duplex>status: active
            nd6 options=21 <performnud,auto_linklocal>If that status says this:

    status: no carrier

    you are not connected to re1, or at least there is no carrier.

    Type exit to get back to the menu.</performnud,auto_linklocal></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum></up,broadcast,running,allmulti,simplex,multicast>



  • @Derelict:

    First, make sure you are actually connecting to re1.

    If you use menu option 8 there and connect the port you can type this:

    ifconfig re1

    You should see something like this:

    re1: flags=8a43 <up,broadcast,running,allmulti,simplex,multicast>metric 0 mtu 1500
            options=bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum>ether 00:08:a2:0c:c7:f7
            hwaddr 00:08:a2:0c:c7:f7
            inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
            inet6 fe80::1:1%re1 prefixlen 64 scopeid 0x2
            media: Ethernet 2500Base-KX <full-duplex>status: active
            nd6 options=21 <performnud,auto_linklocal>If that status says this:

    status: no carrier

    you are not connected to re1, or at least there is no carrier.

    Type exit to get back to the menu.</performnud,auto_linklocal></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum></up,broadcast,running,allmulti,simplex,multicast>

    Yes, I'm actually connected, got very similar output. Everything looks fine: same  "inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255"  and  "status: active". I've tried another port too, there's no attempt to connect.


  • Netgate

    Have to chalk it up to realtek nonsense then. Sorry.

    Unless you want to set something up to do packet captures and see what's really going on. If you know how, great. Not something to talk you through doing here.



  • @Derelict:

    Have to chalk it up to realtek nonsense then. Sorry.

    Unless you want to set something up to do packet captures and see what's really going on. If you know how, great. Not something to talk you through doing here.

    Wow. But it was working. Unbelievable! And yes, it is realtek, 2 NICs on MB. Argh.

    Sure I want to debug that further, I've spent $200 on that thing.
    I'm a little familiar with wireshark, but not much.
    Can you give some insight of what I need to look for?
    Any useful info appreciated.



  • @das_remsem:

    ….
    My HW setup is dead simple for now: pfSenseRouter > LAN > MyPC.

    Make that : pfSense (NIC : re1) <=> switch <=> YourPC.
    And triple check cables like : do they works else where ?

    Also : check the dmesg log. Type dmesg in the console and plug and unplug the network cable and dmesg again. can you see the event ?


  • Rebel Alliance Global Moderator

    Does your pc get its IP from dhcp on pfsense?  If not then you have a basic connectivity problem.

    If your getting dhcp from pfsense but just can not get to the webgui..

    You can sniff on your pc do you see the arp go out for the IP?  Get an answer, and then send Syn to correct IP and mac when you try and connect to the webgui on your browser.  Could be like your browser is trying to use a proxy that it can not get to.



  • @Gertjan:

    @das_remsem:

    ….
    My HW setup is dead simple for now: pfSenseRouter > LAN > MyPC.

    Make that : pfSense (NIC : re1) <=> switch <=> YourPC.
    And triple check cables like : do they works else where ?

    Also : check the dmesg log. Type dmesg in the console and plug and unplug the network cable and dmesg again. can you see the event ?

    Tried that (with switch) - same. Surprisingly, that was going to be my second question, because earlier when webGUI was working and I was trying to make WAN work, that switch was what helped me to atleast get ip from ISP's DHCP… (maybe MDI-MDI-X thing?)

    Checked the cables too. They are new and OK.

    Checked dmesg, and yes, I can see link up / down events every time.

    @johnpoz:

    Does your pc get its IP from dhcp on pfsense?  If not then you have a basic connectivity problem.

    If your getting dhcp from pfsense but just can not get to the webgui..

    You can sniff on your pc do you see the arp go out for the IP?  Get an answer, and then send Syn to correct IP and mac when you try and connect to the webgui on your browser.  Could be like your browser is trying to use a proxy that it can not get to.

    Seems yes, it gets IP 192.168.1.101, according to "ipconfig -all"

    …Will try that. I'm having temporary problems with wireshark - not starting, likely needs MSVC redist, which fails to install too. Will take some more time I guess.
    I was really using proxy (selectively), but disabling it did nothing. Also tested in 2 more browsers. No luck.


  • Rebel Alliance Global Moderator

    "not starting, likely needs MSVC redist, which fails to install too."

    Sounds like your machine the problem if you ask me… Been using wireshark for YEARS... On hundreds of machines have never had an issue getting it to install..

    "I was really using proxy "

    Use a good machine, maybe boot a linux live CD or something ;)



  • @johnpoz:

    "not starting, likely needs MSVC redist, which fails to install too."

    Sounds like your machine the problem if you ask me… Been using wireshark for YEARS... On hundreds of machines have never had an issue getting it to install..

    "I was really using proxy "

    Use a good machine, maybe boot a linux live CD or something ;)

    I actually managed to get wireshark packet capture from my linux machine, but now I don't get it. It looks to me like DHCP is actually doing its job (Discover>Offer>Request>ACK), but then something goes wrong… I keep investigating. Might be my PC, but both, and same on Windows? Too strange,

    Attaching the capture...  Here router was running, then shut down, then booted again. I commented these moments in file.

    wireshark_log_pfsense_on_to_off_to_on.pcapng


  • Rebel Alliance Global Moderator

    So you see 2 times where you see a discover, offer, request and ACK.. Which seems odd..

    But even after your client has gotten a lease and arping for pfsense 192.168.1.1 tell .100, you see no arp response.. So yeah the client is not going to be able to talk to pfsense if he can not arp for the mac of 192.168.1.1

    You need to figure out why pfsense is not answering the ARP.. Is pfsense seeing the ARP?  Sniff on pfsense under diagnostic, packet capture..

    Those arps that ask tell 0.0.0.0 are ODD… But there are arps where says to tell .100

    edit: here I did a release and renew on my client, and then you see it arp and get a response for pfsense IP .253 in my setup.






  • @johnpoz:

    So you see 2 times where you see a discover, offer, request and ACK.. Which seems odd..

    But even after your client has gotten a lease and arping for pfsense 192.168.1.1 tell .100, you see no arp response.. So yeah the client is not going to be able to talk to pfsense if he can not arp for the mac of 192.168.1.1

    You need to figure out why pfsense is not answering the ARP.. Is pfsense seeing the ARP?  Sniff on pfsense under diagnostic, packet capture..

    Those arps that ask tell 0.0.0.0 are ODD… But there are arps where says to tell .100

    edit: here I did a release and renew on my client, and then you see it arp and get a response for pfsense IP .253 in my setup.

    Yeah, I see…

    Do that "tell 0.0.0.0" even have any meaning, I wonder...

    "under diagnostic, packet capture.. " Funny)

    I've had to format my usb to fat32 then use

    
    $ mount_msdosfs /dev/da0s1 /mnt
    $ tcpdump -vv -i re1 >> /mnt/sniff
    

    Attaching… (haven't got a time to dig through yet. Renamed to .pcap so I can upload, but wireshark don't like it somehow)

    sniff.pcap


  • Rebel Alliance Global Moderator

    that is not how you would write a tcpdump to a pcap file.. That is going to be nothing more tha a text file..

    
    20:31:07.211227 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:fff4:349 to_ex { }]
    20:31:07.298230 IP (tos 0x0, ttl 64, id 45485, offset 0, flags [none], proto UDP (17), length 379)
        0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 4c:cc:6a:b7:ee:75 (oui Unknown), length 351, xid 0xc8ab475, Flags [none] (0x0000)
    	  Client-Ethernet-Address 4c:cc:6a:b7:ee:75 (oui Unknown)
    	  Vendor-rfc1048 Extensions
    	    Magic Cookie 0x63825363
    	    DHCP-Message Option 53, length 1: Discover
    	    Client-ID Option 61, length 19: hardware-type 255, 6a:b7:ee:75:00:01:00:01:21:f4:6d:96:4c:cc:6a:b7:ee:75
    	    SLP-NA Option 80, length 0""
    	    MSZ Option 57, length 2: 1472
    	    Vendor-Class Option 60, length 54: "dhcpcd-6.11.5:Linux-4.14.15-1-ARCH:x86_64:GenuineIntel"
    	    Hostname Option 12, length 2: "SU"
    	    T145 Option 145, length 1: 1
    	    Parameter-Request Option 55, length 15: 
    	      Subnet-Mask, Classless-Static-Route, Static-Route, Default-Gateway
    	      Domain-Name-Server, Hostname, Domain-Name, MTU
    	      BR, NTP, Lease-Time, Server-ID
    	      RN, RB, Option 119
    20:31:07.298452 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.100 tell pfSense.localdomain, length 28
    20:31:07.631455 IP (tos 0x0, ttl 64, id 29334, offset 0, flags [none], proto UDP (17), length 379)
        0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 4c:cc:6a:b7:ee:75 (oui Unknown), length 351, xid 0x7b4c61f0, Flags [none] (0x0000)
    	  Client-Ethernet-Address 4c:cc:6a:b7:ee:75 (oui Unknown)
    	  Vendor-rfc1048 Extensions
    	    Magic Cookie 0x63825363
    	    DHCP-Message Option 53, length 1: Discover
    	    Client-ID Option 61, length 19: hardware-type 255, 6a:b7:ee:75:00:01:00:01:21:f4:6d:96:4c:cc:6a:b7:ee:75
    	    SLP-NA Option 80, length 0""
    	    MSZ Option 57, length 2: 1472
    	    Vendor-Class Option 60, length 54: "dhcpcd-6.11.5:Linux-4.14.15-1-ARCH:x86_64:GenuineIntel"
    	    Hostname Option 12, length 2: "SU"
    	    T145 Option 145, length 1: 1
    	    Parameter-Request Option 55, length 15: 
    	      Subnet-Mask, Classless-Static-Route, Static-Route, Default-Gateway
    	      Domain-Name-Server, Hostname, Domain-Name, MTU
    	      BR, NTP, Lease-Time, Server-ID
    
    

    Where did you sniff that.. Well pfsense is not answering the arp..

    20:32:03.034667 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:04.049569 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:05.062824 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:08.051965 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:09.062594 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:10.075960 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:13.056866 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:14.075830 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:15.089126 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:18.061863 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:19.062338 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:20.075565 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:23.066783 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:24.075509 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:25.088866 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:28.409154 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:29.435329 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:30.448618 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46

    Are you doing any vlans are these packets tagged?  You could use -e with tcpdump to see if tagged.



  • @johnpoz:

    that is not how you would write a tcpdump to a pcap file.. That is going to be nothing more tha a text file..

    
    20:31:07.211227 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:fff4:349 to_ex { }]
    20:31:07.298230 IP (tos 0x0, ttl 64, id 45485, offset 0, flags [none], proto UDP (17), length 379)
        0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 4c:cc:6a:b7:ee:75 (oui Unknown), length 351, xid 0xc8ab475, Flags [none] (0x0000)
    	  Client-Ethernet-Address 4c:cc:6a:b7:ee:75 (oui Unknown)
    	  Vendor-rfc1048 Extensions
    	    Magic Cookie 0x63825363
    	    DHCP-Message Option 53, length 1: Discover
    	    Client-ID Option 61, length 19: hardware-type 255, 6a:b7:ee:75:00:01:00:01:21:f4:6d:96:4c:cc:6a:b7:ee:75
    	    SLP-NA Option 80, length 0""
    	    MSZ Option 57, length 2: 1472
    	    Vendor-Class Option 60, length 54: "dhcpcd-6.11.5:Linux-4.14.15-1-ARCH:x86_64:GenuineIntel"
    	    Hostname Option 12, length 2: "SU"
    	    T145 Option 145, length 1: 1
    	    Parameter-Request Option 55, length 15: 
    	      Subnet-Mask, Classless-Static-Route, Static-Route, Default-Gateway
    	      Domain-Name-Server, Hostname, Domain-Name, MTU
    	      BR, NTP, Lease-Time, Server-ID
    	      RN, RB, Option 119
    20:31:07.298452 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.100 tell pfSense.localdomain, length 28
    20:31:07.631455 IP (tos 0x0, ttl 64, id 29334, offset 0, flags [none], proto UDP (17), length 379)
        0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 4c:cc:6a:b7:ee:75 (oui Unknown), length 351, xid 0x7b4c61f0, Flags [none] (0x0000)
    	  Client-Ethernet-Address 4c:cc:6a:b7:ee:75 (oui Unknown)
    	  Vendor-rfc1048 Extensions
    	    Magic Cookie 0x63825363
    	    DHCP-Message Option 53, length 1: Discover
    	    Client-ID Option 61, length 19: hardware-type 255, 6a:b7:ee:75:00:01:00:01:21:f4:6d:96:4c:cc:6a:b7:ee:75
    	    SLP-NA Option 80, length 0""
    	    MSZ Option 57, length 2: 1472
    	    Vendor-Class Option 60, length 54: "dhcpcd-6.11.5:Linux-4.14.15-1-ARCH:x86_64:GenuineIntel"
    	    Hostname Option 12, length 2: "SU"
    	    T145 Option 145, length 1: 1
    	    Parameter-Request Option 55, length 15: 
    	      Subnet-Mask, Classless-Static-Route, Static-Route, Default-Gateway
    	      Domain-Name-Server, Hostname, Domain-Name, MTU
    	      BR, NTP, Lease-Time, Server-ID
    
    

    Where did you sniff that.. Well pfsense is not answering the arp..

    20:32:03.034667 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:04.049569 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:05.062824 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:08.051965 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:09.062594 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:10.075960 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:13.056866 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:14.075830 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:15.089126 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:18.061863 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:19.062338 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:20.075565 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:23.066783 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:24.075509 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:25.088866 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:28.409154 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:29.435329 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46
    20:32:30.448618 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has pfSense.localdomain tell 192.168.1.100, length 46

    Yeah, sure. I meant I just added ".pcap" so I can upload it here, forum limitation.

    Well, I guess You are right… I sniffed on pfsense.

    And...hm... Do you have any suggestions?


  • Rebel Alliance Global Moderator

    Are you tagging traffic.. Only reason I could think that would not answer would be if its tagged so it not going to answer or something.

    What switch do you have between, is your pc directly connected to the interface?  Can you post the output of ifconfig on pfsense.



  • @johnpoz:

    Are you tagging traffic.. Only reason I could think that would not answer would be if its tagged so it not going to answer or something.

    What switch do you have between, is your pc directly connected to the interface?  Can you post the output of ifconfig on pfsense.

    No, it's direct connection. I tried using switch too, no luck… There was one interesting effect before though, not sure if it's related, but when it was working (I used to have access to webGUI from LAN) - WAN was not working, not getting ip from ISP's DHCP, and I managed to "fix" this with switch. I thought it was related either with MDI/MDI-X autodetection feature (most likely) or just power(very unlikely). When I was connecting just directly to WAN there was no light at all. I guess this will be my second problem if I'll fix current, because I need that switch for some more reasonable use)

    Here it goes: (LAN connected to PC directly, WAN disconnected)

    re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether fc:aa:14:2f:18:cf
    	hwaddr fc:aa:14:2f:18:cf
    	inet6 fe80::feaa:14ff:fe2f:18cf%re0 prefixlen 64 scopeid 0x1 
    	nd6 options=23 <performnud,accept_rtadv,auto_linklocal>media: Ethernet autoselect (none)
    	status: no carrier
    re1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=8209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate>ether 4c:cc:6a:b7:ee:75
    	hwaddr 4c:cc:6a:b7:ee:75
    	inet6 fe80::4ecc:6aff:feb7:ee75%re1 prefixlen 64 scopeid 0x2 
    	inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 
    	nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex,master>)
    	status: active
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
    	options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet6 ::1 prefixlen 128 
    	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
    	inet 127.0.0.1 netmask 0xff000000 
    	nd6 options=21 <performnud,auto_linklocal>groups: lo 
    enc0: flags=0<> metric 0 mtu 1536
    	nd6 options=21 <performnud,auto_linklocal>groups: enc 
    pflog0: flags=100 <promisc>metric 0 mtu 33160
    	groups: pflog 
    pfsync0: flags=0<> metric 0 mtu 1500
    	groups: pfsync 
    	syncpeer: 224.0.0.240 maxupd: 128 defer: on
    	syncok: 1</promisc></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></full-duplex,master></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast></performnud,accept_rtadv,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,linkstate></up,broadcast,running,simplex,multicast>
    

  • Netgate

    Just ditch the realteks. They are done.


  • Rebel Alliance Global Moderator

    Dude how does your machine have the same mac address as your pfsense lan interface?

    Never going to work!!!  Should of noticed that in the sniff first, look at your dhcp stuff its all from same mac to what looks like itself.




  • @johnpoz:

    Dude how does your machine have the same mac address as your pfsense lan interface?

    Never going to work!!!  Should of noticed that in the sniff first, look at your dhcp stuff its all from same mac to what looks like itself.

    Holy shell! Thank you!

    It seems that it somehow persisted even after reinstall and I was changing it before to my router's, at least that's what I was thinking…

    Well, need to find how to change it now) My current router is working like nightmare, loading pages for minutes, literally.


  • Rebel Alliance Global Moderator

    I had skimmed over your question for the arps tell 0.0.0.0 I mentioned which you have a lot of in that sniff.

    Since no answers.. Client is resorting to asking anybody out there - hey router/switches do you know this IP… what is its mac??

    So you did a mac spoof on pfsense, or you changed the mac on your machine?  You could reverse your nics as quick fix.. So you put the mac on the other L2, this would allow you to get to your LAN and the web gui from your machine.  And your ISP would most likely give you the IP your machine was getting before if connected to the modem, etc.

    But yeah in the long term I would correct that.. Another quick fix if the original mac was lost - is just change it to something else that you don't have a duplicate of ;)



  • Yes, I changed mac on pfSense. Was thinking that my ISP might want it, because I was not getting to internet… but that's another question)

    Hm, I don't know how to reverse them, lost that mac already. I guess anything but duplicate will be okay)

    Changed it with

    ifconfig re1 ether 00:23:ad:32:71:2b
    

    (made it up)
    Is this proper way?

    And… dhcp seems working finally! But still can't access!
    Will check further and post... disabled proxy already.

    mac_changed_pfsense_boots_then_pc_request_webGui.pcapng



  • @das_remsem:


    Changed it with

    ifconfig re1 ether 00:23:ad:32:71:2b
    

    (made it up)

    As long as it isn't a duplicate of something that lives in the neighborhood.


  • Rebel Alliance Global Moderator

    Well I see arp back in that pcap, and see you send syn to 192.168.1.1 on that mac… But there is no answer.  Do you have pfsense listening on 443 for the gui?  Did you turn off the anti lockout rules?

    Why would you not atleast use the correct vendor part of the mac?  You have it setup for Xmark Corporation?

    Your other nic shows fc:aa:14 which lists GIGA-BYTE TECHNOLOGY CO.,LTD



  • @johnpoz:

    Well I see arp back in that pcap, and see you send syn to 192.168.1.1 on that mac… But there is no answer.  Do you have pfsense listening on 443 for the gui?  Did you turn off the anti lockout rules?

    Why would you not atleast use the correct vendor part of the mac?  You have it setup for Xmark Corporation?

    Your other nic shows fc:aa:14 which lists GIGA-BYTE TECHNOLOGY CO.,LTD

    I reverted it to http now just to try. Attaching sockstat & netstat. No, I didn't turn them off. They must be default. I Tried to explicitly turn off the firewall (forgot that exact command), no luck.

    Should I care about that mac, like at all? I like how Xmark sounds) If only it all worked…

    sockstat_1.txt
    netstat_1.txt


  • Rebel Alliance Global Moderator

    well from your sockstat your listening on 80.. So is it working on 80… Do you see mac in your arp on client... Do you get an arp reply back.. when you send syn to 80 do you get syn ack back?

    Maybe that nic doesn't like other mac... Put it mac back, or get another nic.. You didn't mess with the wan nic right... Well then reverse them and see if you can get the gui..

    But to restate Derelict comments.. Realtek nics do pretty much suck ;)


  • Netgate

    The MAC address on an interface in pfSense is set permanently in Interfaces > INTERFACE_NAME.



  • @johnpoz:

    well from your sockstat your listening on 80.. So is it working on 80… Do you see mac in your arp on client... Do you get an arp reply back.. when you send syn to 80 do you get syn ack back?

    Maybe that nic doesn't like other mac... Put it mac back, or get another nic.. You didn't mess with the wan nic right... Well then reverse them and see if you can get the gui..

    But to restate Derelict comments.. Realtek nics do pretty much suck ;)

    It was indeed that!
    I've just changed to hardware mac and it finally works now!
    Now I'm on my next problem, haha. And it looks very confusing…
    But I'm getting to webGUI and even internet works... kind of.
    Thank you very much!

    @Derelict:

    The MAC address on an interface in pfSense is set permanently in Interfaces > INTERFACE_NAME.

    It was very useful advice when I was not able to get to webGUI, thanks.



  • @das_remsem:

    ….and even internet works... kind of.

    Oh. Let me guess … the quad-8 problem ?

    Anyway, glad things worked out.



  • @Gertjan:

    @das_remsem:

    ….and even internet works... kind of.

    Oh. Let me guess … the quad-8 problem ?

    Anyway, glad things worked out.

    Never heard… this https://forum.pfsense.org/index.php?topic=145038.0

    Thanks, closing this as solved.