Cannot access web configurator, let alone the internet



  • My setup looks like this.

    Cable Modem –>  PFsense  --> gigabit switch --> computer

    It's a pretty standard setup, I think, however nothing has gone right with the setup.  I cannot access the web configurator to save my life.  I figure that it has something to do with the orange status light that I am getting from the ethernet port attatched to my switch.  I can't figure out what could possibly be wrong with the setup I am using.  Any help would be greatly appreciated as I have been fightin with this goddamn thing for a week now.



  • Sorry about the double post, but I would like to point out that in the week that I have been having problems, I have been constantly surfing the forums, so if the only "help" you can give me is "search the forums" or direct me to the general information thread, I would rather not have it.



  • OK, lets start at the bottom.

    To access the WEB GUI you need to have a link from the switch to the computer and from the switch to pfSense. Its common that each of these two links will have indicators on each end to show link status. So for these two links there should be 4 link status indicators "on". Its common (but not universal) that each end of a link will have a link status indicator which should be on and a link activity indicator which will blink to indicate traffic. In some cases the link status indicator will have different colours to indicate link speed (.e.g. orange for 10/100 or green for 1 gigabit). You could consult your computer manual or motherboard manual to discover the particular meaning of the orange indicator.

    If any of the relevant 4 status indicators are off then you won't be able to communicate between pfSense and the computer and its likely because you have a wrong type of cable (cross over instead of straight through or vice versa) or broken cable or broken connector or broken NIC or the pfSense box isn't running or had a problem booting or hasn't been configured.



  • I am aware that they need to be connected together.  This is the first MTU that I've had a problem (used untangle, endian, ipcop, etc) with.  There are nothing wrong functionally with either of the NICs, using IF config they are both shown as active.  The switch is a brand spakin new gigabit switch, I've used several different cables, so I'm certain it is not the cable that I am using.  The status indicator for the NIC on the PFsense box that connects to the modem is green and shows activity.  The status indicator for the NIC that connects to the switch is orange and shows activity.  It's not a problem with the NIC, as I have switched the interfaces around and the one that is connected to the switch is always orange (limited connectivity, from what I can tell).  The gigabit switch shows connectivity (gigabit in fact, as the NIC from pfsense to the switch , and for my main computer is gigabit), and the switch works wih other hardware, so I doubt that it's the switch.  I can't even ping 192.168.1.1.  The only thing I can ping is 192.168.1.199, which, oddly enough is the IP address of my main computer.

    This is giving me waaaay to much trouble.  I had chosen it because it was supposed to be relatively easy for the initial setup, but for me it has been anything but easy.  It doesn't matter if it's installed or running from the livecd, problem is still the same.



  • What do you get when you look at the pfsense console screen? (Just the top lines)

    Mine=

    *** Welcome to pfSense 2.0 ALPHA-ALPHA pfSense on firebox ***

    LAN*                        ->    re0  ->    192.168.1.1
    WAN*                        ->    xl0  ->    12.34.56.78(DHCP)



  • You apparently have connectivity between 'computer' and pfsense box. The indicators suggest activity. I suggest you login on the console, go to shell command mode and type the shell command

    tcpdump -i zz3

    where you replace zz3 by the name of your LAN interface. Then startup the ping on the other computer, specifying the address of the LAN interface. Limit the pings to a small number (say 2 or 3) Then on the pfsense console you should see a decoded trace of the traffic on the interface. If you can't make sense of the trace post an extract here.

    When you start the ping the computer will likely send an ARP 'who has' request to find the MAC address of the interface with the IP address of the ping target. The pfSense box should send a response to say 'me' then the pings should appear.



  • This is kinda strange, but good.  This morning, I started up my pfsense box, my laptop (connected to a different WAN) and my main computer without the monitor.  I ran tcp dump and started watching the output of it, saw that it saw my mac address and it looked like it started pinging websites like crazy. I couldn't get it to stop pinging, so I turned on the monitor, and saw that my main rg was connected to the internet and my TOR proxy network was up and running.  I really can't explain why this works all of a sudden other than I ran tcpdump and everything works now.



  • I recall another thread in which some was also having DHCP problems which mysteriously went away when they ran tcpdump. Normally the LAN interfaces run in non-promiscuous mode, that is they receive only frames destined for their MAC address, the broadcast MAC address and (possibly) a small number of multicast MAC addresses. tcpdump, when invoked without the -p option, turns on promiscuous mode which means the LAN interfaces receive frames destined for MAC address.

    It you power down the pfSense system, power it up again, does it behave as expected? If not, does it come good if you start tcpdump with the -p option ( # tcpdump -p -i zz3)? If not, does it then come good if you run tcpdump without the -p option?



  • I'll test again tonight, as I'm away from home and I'm not going to subject my wife to that  ;D

    As far a I know, it's still runnng tcp dump.  I haven't powered it down since I got it to work (I'm afraid that It wouldn't work again).  I ran it without -p and it worked fine.

    At any rate, my next task, after I get this working correctly, is figuring out how to use it as an HTTP proxy so I can browse the internet through my home connection and ssh tunnel through the firewall at work.



  • I can only get pfsense to work by using tcpdump (I just type tcpdump into shell and it works).

    Is there any way that I can either get it to work without using tcpdump OR force tcpdump at startup so I don;t have to worry about it.

    Another thing, after running fro about 4 hours, the speaker starts going haywire and beeps rapidly, any idea what that could be?



  • Another thing, after running fro about 4 hours, the speaker starts going haywire and beeps rapidly, any idea what that could be?

    Might be worth starting a separate topic for that issue.

    I can only get pfsense to work by using tcpdump (I just type tcpdump into shell and it works).

    Is there any way that I can either get it to work without using tcpdump OR force tcpdump at startup so I don;t have to worry about it.

    Something strange is happening. It shouldn't be necessary to run tcpdump to make it work.

    Have you been changing the switch ports you have been using? I'll be interested to hear how things go when you power cycle it.



  • I haven't changed anything at all.  I power cycled the unit earlier, and it would not function without running tcpdump.  As soon as I began tcpdump, I had internet access, and if I stopped tcpdump, I lost it.  Very very strange.  I really don't care that it has to run tcpdump to function at this point, now I need to determine if there is a way that i can script pfsense to run tcpdump at startup.



  • That's strange, I just lost connectivity through my pfsense box, but I reran tcpdump and my connection magically returned.  I'm really baffled by this problem.



  • That's strange, I just lost connectivity through my pfsense box, but I reran tcpdump and my connection magically returned.  I'm really baffled by this problem.

    Try with the command 
    ifconfig the name of your network card -tso



  • I just put my LAN adaptor on promiscuous mode.  That seems to have fixed it, but is there a way to make it persistantly promiscuous?



  • By my reckoning something is broken here. You said you have a switch so the only traffic coming out of the switch port to the pfSense box should have the destination MAC address of the pfSense nic or the broadcast MAC address and both those addresses should be claimed by the NIC in non-promiscuous mode.

    What NICs do you have in the pfSense box?



  • They are both onboard, and I believe they are both realtek.  I don;t have any documentation on this motherboard, and I can't find documentation on it anywhere.  I bought 3 of these boxes on ebay for $100 a pop.  They used to be POS systems, and I know that the motherboard that is in there retails for $250 by itself.  I know the name of the manufacturer, the motherboard name, but NOWHERE is the documentation for the equipment.



  • Realtek seems to be commonly used in this sort of embedded application.

    Could you post the output from the dmesg shell command? (In web GUI, Diagnostics->Command). That should help identify the NIC and associated PHY.



  • $ dmesg
    Copyright © 1992-2008 The FreeBSD Project.
    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    The Regents of the University of California. All rights reserved.
    FreeBSD is a registered trademark of The FreeBSD Foundation.
    FreeBSD 7.0-RELEASE-p8 #0: Thu Jan  8 22:07:30 EST 2009
        sullrich@freebsd7-releng_1_2_1.pfsense.org:/usr/obj.pfSense/usr/src/sys/pfSense.7
    Timecounter "i8254" frequency 1193182 Hz quality 0
    CPU: Intel(R) Pentium(R) M processor 1.80GHz (1800.08-MHz 686-class CPU)
      Origin = "GenuineIntel"  Id = 0x6d6  Stepping = 6
      Features=0xafe9fbbf <fpu,vme,de,pse,tsc,msr,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,tm,pbe>Features2=0x180 <est,tm2>real memory  = 1039007744 (990 MB)
    avail memory = 1002946560 (956 MB)
    ACPI APIC Table: <intelr awrdacpi="">ioapic0 <version 2.0="">irqs 0-23 on motherboard
    wlan: mac acl policy registered
    kbd1 at kbdmux0
    ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
    hptrr: HPT RocketRAID controller driver v1.1 (Jan  8 2009 22:07:11)
    cryptosoft0: <software crypto="">on motherboard
    acpi0: <intelr awrdacpi="">on motherboard
    acpi0: [ITHREAD]
    acpi0: Power Button (fixed)
    acpi0: reservation of 0, a0000 (3) failed
    acpi0: reservation of 100000, 3dde0000 (3) failed
    Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
    acpi_timer0: <24-bit timer at 3.579545MHz> port 0x4008-0x400b on acpi0
    cpu0: <acpi cpu="">on acpi0
    est0: <enhanced speedstep="" frequency="" control="">on cpu0
    p4tcc0: <cpu frequency="" thermal="" control="">on cpu0
    acpi_button0: <power button="">on acpi0
    pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
    pci0: <acpi pci="" bus="">on pcib0
    pci0: <base peripheral=""> at device 0.1 (no driver attached)
    pci0: <base peripheral=""> at device 0.3 (no driver attached)
    vgapci0: <vga-compatible display="">port 0xe900-0xe907 mem 0xe0000000-0xe7ffffff,0xe8100000-0xe817ffff irq 16 at device 2.0 on pci0
    agp0: <intel 8285xm="" (85xgm="" gmch)="" svga="" controller="">on vgapci0
    agp0: detected 32636k stolen memory
    agp0: aperture size is 128M
    vgapci1: <vga-compatible display="">at device 2.1 on pci0
    uhci0: <intel 82801db="" (ich4)="" usb="" controller="" usb-a="">port 0xeb00-0xeb1f irq 16 at device 29.0 on pci0
    uhci0: [GIANT-LOCKED]
    uhci0: [ITHREAD]
    usb0: <intel 82801db="" (ich4)="" usb="" controller="" usb-a="">on uhci0
    usb0: USB revision 1.0
    uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb0
    uhub0: 2 ports with 2 removable, self powered
    uhci1: <intel 82801db="" (ich4)="" usb="" controller="" usb-b="">port 0xed00-0xed1f irq 19 at device 29.1 on pci0
    uhci1: [GIANT-LOCKED]
    uhci1: [ITHREAD]
    usb1: <intel 82801db="" (ich4)="" usb="" controller="" usb-b="">on uhci1
    usb1: USB revision 1.0
    uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb1
    uhub1: 2 ports with 2 removable, self powered
    uhci2: <intel 82801db="" (ich4)="" usb="" controller="" usb-c="">port 0xe800-0xe81f irq 18 at device 29.2 on pci0
    uhci2: [GIANT-LOCKED]
    uhci2: [ITHREAD]
    usb2: <intel 82801db="" (ich4)="" usb="" controller="" usb-c="">on uhci2
    usb2: USB revision 1.0
    uhub2: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb2
    uhub2: 2 ports with 2 removable, self powered
    ehci0: <intel 82801db="" l="" m="" (ich4)="" usb="" 2.0="" controller="">mem 0xe8180000-0xe81803ff irq 23 at device 29.7 on pci0
    ehci0: [GIANT-LOCKED]
    ehci0: [ITHREAD]
    usb3: EHCI version 1.0
    usb3: companion controllers, 2 ports each: usb0 usb1 usb2
    usb3: <intel 82801db="" l="" m="" (ich4)="" usb="" 2.0="" controller="">on ehci0
    usb3: USB revision 2.0
    uhub3: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usb3
    uhub3: 6 ports with 6 removable, self powered
    pcib1: <acpi pci-pci="" bridge="">at device 30.0 on pci0
    pci1: <acpi pci="" bus="">on pcib1
    re0: <realtek 8169sc="" 8110sc="" single-chip="" gigabit="" ethernet="">port 0xd000-0xd0ff mem 0xe8030000-0xe80300ff irq 18 at device 4.0 on pci1
    re0: Chip rev. 0x18000000
    re0: MAC rev. 0x00000000
    miibus0: <mii bus="">on re0
    rgephy0: <rtl8169s 8110s="" 8211b="" media="" interface="">PHY 1 on miibus0
    rgephy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
    re0: Ethernet address: 00:1b:b9:90:86:59
    re0: [FILTER]
    rl0: <realtek 10="" 8139="" 100basetx="">port 0xd400-0xd4ff mem 0xe8031000-0xe80310ff irq 19 at device 5.0 on pci1
    miibus1: <mii bus="">on rl0
    rlphy0: <realtek internal="" media="" interface="">PHY 0 on miibus1
    rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
    rl0: Ethernet address: 00:1b:b9:91:75:9b
    rl0: [ITHREAD]
    ath0: <atheros 5212="">mem 0xe8020000-0xe802ffff irq 20 at device 7.0 on pci1
    ath0: [ITHREAD]
    ath0: using obsoleted if_watchdog interface
    ath0: Ethernet address: 00:0f:b5:fa:9a:63
    ath0: mac 7.9 phy 4.5 radio 5.6
    isab0: <pci-isa bridge="">at device 31.0 on pci0
    isa0: <isa bus="">on isab0
    atapci0: <intel ich4="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 31.1 on pci0
    ata0: <ata 0="" channel="">on atapci0
    ata0: [ITHREAD]
    ata1: <ata 1="" channel="">on atapci0
    ata1: [ITHREAD]
    pci0: <serial bus,="" smbus="">at device 31.3 (no driver attached)
    pci0: <multimedia, audio="">at device 31.5 (no driver attached)
    acpi_tz0: <thermal zone="">on acpi0
    speaker0: <pc speaker="">port 0x61 on acpi0
    fdc0: <floppy drive="" controller="">port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on acpi0
    fdc0: [FILTER]
    sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
    sio0: type 16550A
    sio0: [FILTER]
    sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
    sio1: type 16550A
    sio1: [FILTER]
    sio2: <16550A-compatible COM port> port 0x3e8-0x3ef irq 10 on acpi0
    sio2: type 16550A
    sio2: [FILTER]
    sio3: <16550A-compatible COM port> port 0x2e8-0x2ef irq 11 on acpi0
    sio3: type 16550A
    sio3: [FILTER]
    pmtimer0 on isa0
    atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 on isa0
    atkbd0: <at keyboard="">irq 1 on atkbdc0
    kbd0 at atkbd0
    atkbd0: [GIANT-LOCKED]
    atkbd0: [ITHREAD]
    ppc0: <parallel port="">at port 0x378-0x37f irq 7 on isa0
    ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
    ppbus0: <parallel port="" bus="">on ppc0
    ppbus0: [ITHREAD]
    plip0: <plip network="" interface="">on ppbus0
    lpt0: <printer>on ppbus0
    lpt0: Interrupt-driven port
    ppi0: <parallel i="" o="">on ppbus0
    ppc0: [GIANT-LOCKED]
    ppc0: [ITHREAD]
    sc0: <system console="">at flags 0x100 on isa0
    sc0: VGA <16 virtual consoles, flags=0x300>
    vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    Timecounter "TSC" frequency 1800076919 Hz quality 800
    Timecounters tick every 1.000 msec
    Fast IPsec: Initialized Security Association Processing.
    hptrr: no controller detected.
    ad2: 4112MB <wdc ac24300l="" 20.03w20="">at ata1-master UDMA33
    Trying to mount root from ufs:/dev/ad2s1a
    re0: link state changed to UP
    re0: link state changed to DOWN
    rl0: link state changed to UP
    rl0: link state changed to DOWN
    re0: link state changed to UP
    rl0: link state changed to UP
    pflog0: promiscuous mode enabled
    re0: promiscuous mode enabled
    re0: promiscuous mode disabled
    re0: promiscuous mode enabled
    re0: link state changed to DOWN
    re0: link state changed to UP
    re0: promiscuous mode disabled
    re0: promiscuous mode enabled
    re0: promiscuous mode disabled
    re0: promiscuous mode enabled
    re0: promiscuous mode disabled
    re0: promiscuous mode enabled
    re0: promiscuous mode disabled
    re0: permanently promiscuous mode enabled</wdc></generic></system></parallel></printer></plip></parallel></parallel></at></keyboard></floppy></pc></thermal></multimedia,></serial></ata></ata></intel></isa></pci-isa></atheros></realtek></mii></realtek></rtl8169s></mii></realtek></acpi></acpi></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></vga-compatible></intel></vga-compatible></acpi></acpi></power></cpu></enhanced></acpi></intelr></software></version></intelr></est,tm2></fpu,vme,de,pse,tsc,msr,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,tm,pbe>


Locked