Cannot access web configurator, let alone the internet
-
My setup looks like this.
Cable Modem –> PFsense --> gigabit switch --> computer
It's a pretty standard setup, I think, however nothing has gone right with the setup. I cannot access the web configurator to save my life. I figure that it has something to do with the orange status light that I am getting from the ethernet port attatched to my switch. I can't figure out what could possibly be wrong with the setup I am using. Any help would be greatly appreciated as I have been fightin with this goddamn thing for a week now.
-
Sorry about the double post, but I would like to point out that in the week that I have been having problems, I have been constantly surfing the forums, so if the only "help" you can give me is "search the forums" or direct me to the general information thread, I would rather not have it.
-
OK, lets start at the bottom.
To access the WEB GUI you need to have a link from the switch to the computer and from the switch to pfSense. Its common that each of these two links will have indicators on each end to show link status. So for these two links there should be 4 link status indicators "on". Its common (but not universal) that each end of a link will have a link status indicator which should be on and a link activity indicator which will blink to indicate traffic. In some cases the link status indicator will have different colours to indicate link speed (.e.g. orange for 10/100 or green for 1 gigabit). You could consult your computer manual or motherboard manual to discover the particular meaning of the orange indicator.
If any of the relevant 4 status indicators are off then you won't be able to communicate between pfSense and the computer and its likely because you have a wrong type of cable (cross over instead of straight through or vice versa) or broken cable or broken connector or broken NIC or the pfSense box isn't running or had a problem booting or hasn't been configured.
-
I am aware that they need to be connected together. This is the first MTU that I've had a problem (used untangle, endian, ipcop, etc) with. There are nothing wrong functionally with either of the NICs, using IF config they are both shown as active. The switch is a brand spakin new gigabit switch, I've used several different cables, so I'm certain it is not the cable that I am using. The status indicator for the NIC on the PFsense box that connects to the modem is green and shows activity. The status indicator for the NIC that connects to the switch is orange and shows activity. It's not a problem with the NIC, as I have switched the interfaces around and the one that is connected to the switch is always orange (limited connectivity, from what I can tell). The gigabit switch shows connectivity (gigabit in fact, as the NIC from pfsense to the switch , and for my main computer is gigabit), and the switch works wih other hardware, so I doubt that it's the switch. I can't even ping 192.168.1.1. The only thing I can ping is 192.168.1.199, which, oddly enough is the IP address of my main computer.
This is giving me waaaay to much trouble. I had chosen it because it was supposed to be relatively easy for the initial setup, but for me it has been anything but easy. It doesn't matter if it's installed or running from the livecd, problem is still the same.
-
What do you get when you look at the pfsense console screen? (Just the top lines)
Mine=
*** Welcome to pfSense 2.0 ALPHA-ALPHA pfSense on firebox ***
LAN* -> re0 -> 192.168.1.1
WAN* -> xl0 -> 12.34.56.78(DHCP) -
You apparently have connectivity between 'computer' and pfsense box. The indicators suggest activity. I suggest you login on the console, go to shell command mode and type the shell command
tcpdump -i zz3
where you replace zz3 by the name of your LAN interface. Then startup the ping on the other computer, specifying the address of the LAN interface. Limit the pings to a small number (say 2 or 3) Then on the pfsense console you should see a decoded trace of the traffic on the interface. If you can't make sense of the trace post an extract here.
When you start the ping the computer will likely send an ARP 'who has' request to find the MAC address of the interface with the IP address of the ping target. The pfSense box should send a response to say 'me' then the pings should appear.
-
This is kinda strange, but good. This morning, I started up my pfsense box, my laptop (connected to a different WAN) and my main computer without the monitor. I ran tcp dump and started watching the output of it, saw that it saw my mac address and it looked like it started pinging websites like crazy. I couldn't get it to stop pinging, so I turned on the monitor, and saw that my main rg was connected to the internet and my TOR proxy network was up and running. I really can't explain why this works all of a sudden other than I ran tcpdump and everything works now.
-
I recall another thread in which some was also having DHCP problems which mysteriously went away when they ran tcpdump. Normally the LAN interfaces run in non-promiscuous mode, that is they receive only frames destined for their MAC address, the broadcast MAC address and (possibly) a small number of multicast MAC addresses. tcpdump, when invoked without the -p option, turns on promiscuous mode which means the LAN interfaces receive frames destined for MAC address.
It you power down the pfSense system, power it up again, does it behave as expected? If not, does it come good if you start tcpdump with the -p option ( # tcpdump -p -i zz3)? If not, does it then come good if you run tcpdump without the -p option?
-
I'll test again tonight, as I'm away from home and I'm not going to subject my wife to that ;D
As far a I know, it's still runnng tcp dump. I haven't powered it down since I got it to work (I'm afraid that It wouldn't work again). I ran it without -p and it worked fine.
At any rate, my next task, after I get this working correctly, is figuring out how to use it as an HTTP proxy so I can browse the internet through my home connection and ssh tunnel through the firewall at work.
-
I can only get pfsense to work by using tcpdump (I just type tcpdump into shell and it works).
Is there any way that I can either get it to work without using tcpdump OR force tcpdump at startup so I don;t have to worry about it.
Another thing, after running fro about 4 hours, the speaker starts going haywire and beeps rapidly, any idea what that could be?
-
Another thing, after running fro about 4 hours, the speaker starts going haywire and beeps rapidly, any idea what that could be?
Might be worth starting a separate topic for that issue.
I can only get pfsense to work by using tcpdump (I just type tcpdump into shell and it works).
Is there any way that I can either get it to work without using tcpdump OR force tcpdump at startup so I don;t have to worry about it.
Something strange is happening. It shouldn't be necessary to run tcpdump to make it work.
Have you been changing the switch ports you have been using? I'll be interested to hear how things go when you power cycle it.
-
I haven't changed anything at all. I power cycled the unit earlier, and it would not function without running tcpdump. As soon as I began tcpdump, I had internet access, and if I stopped tcpdump, I lost it. Very very strange. I really don't care that it has to run tcpdump to function at this point, now I need to determine if there is a way that i can script pfsense to run tcpdump at startup.
-
That's strange, I just lost connectivity through my pfsense box, but I reran tcpdump and my connection magically returned. I'm really baffled by this problem.
-
That's strange, I just lost connectivity through my pfsense box, but I reran tcpdump and my connection magically returned. I'm really baffled by this problem.
Try with the command
ifconfig the name of your network card -tso -
I just put my LAN adaptor on promiscuous mode. That seems to have fixed it, but is there a way to make it persistantly promiscuous?
-
By my reckoning something is broken here. You said you have a switch so the only traffic coming out of the switch port to the pfSense box should have the destination MAC address of the pfSense nic or the broadcast MAC address and both those addresses should be claimed by the NIC in non-promiscuous mode.
What NICs do you have in the pfSense box?
-
They are both onboard, and I believe they are both realtek. I don;t have any documentation on this motherboard, and I can't find documentation on it anywhere. I bought 3 of these boxes on ebay for $100 a pop. They used to be POS systems, and I know that the motherboard that is in there retails for $250 by itself. I know the name of the manufacturer, the motherboard name, but NOWHERE is the documentation for the equipment.
-
Realtek seems to be commonly used in this sort of embedded application.
Could you post the output from the dmesg shell command? (In web GUI, Diagnostics->Command). That should help identify the NIC and associated PHY.
-
$ dmesg
Copyright
1992-2008 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.0-RELEASE-p8 #0: Thu Jan 8 22:07:30 EST 2009
sullrich@freebsd7-releng_1_2_1.pfsense.org:/usr/obj.pfSense/usr/src/sys/pfSense.7
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) M processor 1.80GHz (1800.08-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x6d6 Stepping = 6
Features=0xafe9fbbf <fpu,vme,de,pse,tsc,msr,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,tm,pbe>Features2=0x180 <est,tm2>real memory = 1039007744 (990 MB)
avail memory = 1002946560 (956 MB)
ACPI APIC Table: <intelr awrdacpi="">ioapic0 <version 2.0="">irqs 0-23 on motherboard
wlan: mac acl policy registered
kbd1 at kbdmux0
ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
hptrr: HPT RocketRAID controller driver v1.1 (Jan 8 2009 22:07:11)
cryptosoft0: <software crypto="">on motherboard
acpi0: <intelr awrdacpi="">on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
acpi0: reservation of 0, a0000 (3) failed
acpi0: reservation of 100000, 3dde0000 (3) failed
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
cpu0: <acpi cpu="">on acpi0
est0: <enhanced speedstep="" frequency="" control="">on cpu0
p4tcc0: <cpu frequency="" thermal="" control="">on cpu0
acpi_button0: <power button="">on acpi0
pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
pci0: <acpi pci="" bus="">on pcib0
pci0: <base peripheral=""> at device 0.1 (no driver attached)
pci0: <base peripheral=""> at device 0.3 (no driver attached)
vgapci0: <vga-compatible display="">port 0xe900-0xe907 mem 0xe0000000-0xe7ffffff,0xe8100000-0xe817ffff irq 16 at device 2.0 on pci0
agp0: <intel 8285xm="" (85xgm="" gmch)="" svga="" controller="">on vgapci0
agp0: detected 32636k stolen memory
agp0: aperture size is 128M
vgapci1: <vga-compatible display="">at device 2.1 on pci0
uhci0: <intel 82801db="" (ich4)="" usb="" controller="" usb-a="">port 0xeb00-0xeb1f irq 16 at device 29.0 on pci0
uhci0: [GIANT-LOCKED]
uhci0: [ITHREAD]
usb0: <intel 82801db="" (ich4)="" usb="" controller="" usb-a="">on uhci0
usb0: USB revision 1.0
uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb0
uhub0: 2 ports with 2 removable, self powered
uhci1: <intel 82801db="" (ich4)="" usb="" controller="" usb-b="">port 0xed00-0xed1f irq 19 at device 29.1 on pci0
uhci1: [GIANT-LOCKED]
uhci1: [ITHREAD]
usb1: <intel 82801db="" (ich4)="" usb="" controller="" usb-b="">on uhci1
usb1: USB revision 1.0
uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb1
uhub1: 2 ports with 2 removable, self powered
uhci2: <intel 82801db="" (ich4)="" usb="" controller="" usb-c="">port 0xe800-0xe81f irq 18 at device 29.2 on pci0
uhci2: [GIANT-LOCKED]
uhci2: [ITHREAD]
usb2: <intel 82801db="" (ich4)="" usb="" controller="" usb-c="">on uhci2
usb2: USB revision 1.0
uhub2: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb2
uhub2: 2 ports with 2 removable, self powered
ehci0: <intel 82801db="" l="" m="" (ich4)="" usb="" 2.0="" controller="">mem 0xe8180000-0xe81803ff irq 23 at device 29.7 on pci0
ehci0: [GIANT-LOCKED]
ehci0: [ITHREAD]
usb3: EHCI version 1.0
usb3: companion controllers, 2 ports each: usb0 usb1 usb2
usb3: <intel 82801db="" l="" m="" (ich4)="" usb="" 2.0="" controller="">on ehci0
usb3: USB revision 2.0
uhub3: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usb3
uhub3: 6 ports with 6 removable, self powered
pcib1: <acpi pci-pci="" bridge="">at device 30.0 on pci0
pci1: <acpi pci="" bus="">on pcib1
re0: <realtek 8169sc="" 8110sc="" single-chip="" gigabit="" ethernet="">port 0xd000-0xd0ff mem 0xe8030000-0xe80300ff irq 18 at device 4.0 on pci1
re0: Chip rev. 0x18000000
re0: MAC rev. 0x00000000
miibus0: <mii bus="">on re0
rgephy0: <rtl8169s 8110s="" 8211b="" media="" interface="">PHY 1 on miibus0
rgephy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
re0: Ethernet address: 00:1b:b9:90:86:59
re0: [FILTER]
rl0: <realtek 10="" 8139="" 100basetx="">port 0xd400-0xd4ff mem 0xe8031000-0xe80310ff irq 19 at device 5.0 on pci1
miibus1: <mii bus="">on rl0
rlphy0: <realtek internal="" media="" interface="">PHY 0 on miibus1
rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl0: Ethernet address: 00:1b:b9:91:75:9b
rl0: [ITHREAD]
ath0: <atheros 5212="">mem 0xe8020000-0xe802ffff irq 20 at device 7.0 on pci1
ath0: [ITHREAD]
ath0: using obsoleted if_watchdog interface
ath0: Ethernet address: 00:0f:b5:fa:9a:63
ath0: mac 7.9 phy 4.5 radio 5.6
isab0: <pci-isa bridge="">at device 31.0 on pci0
isa0: <isa bus="">on isab0
atapci0: <intel ich4="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 31.1 on pci0
ata0: <ata 0="" channel="">on atapci0
ata0: [ITHREAD]
ata1: <ata 1="" channel="">on atapci0
ata1: [ITHREAD]
pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
pci0: <multimedia, audio="">at device 31.5 (no driver attached)
acpi_tz0: <thermal zone="">on acpi0
speaker0: <pc speaker="">port 0x61 on acpi0
fdc0: <floppy drive="" controller="">port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
fdc0: [FILTER]
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
sio0: type 16550A
sio0: [FILTER]
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
sio1: [FILTER]
sio2: <16550A-compatible COM port> port 0x3e8-0x3ef irq 10 on acpi0
sio2: type 16550A
sio2: [FILTER]
sio3: <16550A-compatible COM port> port 0x2e8-0x2ef irq 11 on acpi0
sio3: type 16550A
sio3: [FILTER]
pmtimer0 on isa0
atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 on isa0
atkbd0: <at keyboard="">irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
ppc0: <parallel port="">at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
ppbus0: <parallel port="" bus="">on ppc0
ppbus0: [ITHREAD]
plip0: <plip network="" interface="">on ppbus0
lpt0: <printer>on ppbus0
lpt0: Interrupt-driven port
ppi0: <parallel i="" o="">on ppbus0
ppc0: [GIANT-LOCKED]
ppc0: [ITHREAD]
sc0: <system console="">at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounter "TSC" frequency 1800076919 Hz quality 800
Timecounters tick every 1.000 msec
Fast IPsec: Initialized Security Association Processing.
hptrr: no controller detected.
ad2: 4112MB <wdc ac24300l="" 20.03w20="">at ata1-master UDMA33
Trying to mount root from ufs:/dev/ad2s1a
re0: link state changed to UP
re0: link state changed to DOWN
rl0: link state changed to UP
rl0: link state changed to DOWN
re0: link state changed to UP
rl0: link state changed to UP
pflog0: promiscuous mode enabled
re0: promiscuous mode enabled
re0: promiscuous mode disabled
re0: promiscuous mode enabled
re0: link state changed to DOWN
re0: link state changed to UP
re0: promiscuous mode disabled
re0: promiscuous mode enabled
re0: promiscuous mode disabled
re0: promiscuous mode enabled
re0: promiscuous mode disabled
re0: promiscuous mode enabled
re0: promiscuous mode disabled
re0: permanently promiscuous mode enabled</wdc></generic></system></parallel></printer></plip></parallel></parallel></at></keyboard></floppy></pc></thermal></multimedia,></serial></ata></ata></intel></isa></pci-isa></atheros></realtek></mii></realtek></rtl8169s></mii></realtek></acpi></acpi></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></vga-compatible></intel></vga-compatible></acpi></acpi></power></cpu></enhanced></acpi></intelr></software></version></intelr></est,tm2></fpu,vme,de,pse,tsc,msr,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,tm,pbe>