No LAN Internet Access
-
If your using forwarder then it should be forwarding… It should forward to your isp dns or what it gets via its wan.. Or what you put in the settings.
You sure its running.. Validate that pfsense can resolve using the dns lookup...
-
DNS Lookup - see attached
ipconfig /all run on Client PC
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : This Qualcomm Atheros network Controller connects you to the network.
Physical Address. . . . . . . . . : MACv4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::940d:1541:4e1a:fb26%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.7.13.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Lease Obtained. . . . . . . . . . : Monday, May 7, 2018 2:31:05 PM
Lease Expires . . . . . . . . . . : Monday, May 7, 2018 4:31:05 PM
Default Gateway . . . . . . . . . : 10.7.13.1
DHCP Server . . . . . . . . . . . : 10.7.13.1
DHCPv6 IAID . . . . . . . . . . . : 62676980
DHCPv6 Client DUID. . . . . . . . : MACv6
DNS Servers . . . . . . . . . . . : 10.7.13.1
NetBIOS over Tcpip. . . . . . . . : Enabled
 -
Ok dude loopback didn't respond… So yeah that is PROBLEM..
Also 600+ms for google to answer? Yeah that is a problem..
Are you on some sort of sat connection or something? I would not think it possible for 8.8.8.8 to take that long to respond from anywhere on the planet with it being a anycast address and located in regions all over the planet.
Here I just did a query to google... 11ms
;; ANSWER SECTION:
www.google.com. 213 IN A 172.217.1.36;; Query time: 11 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon May 07 15:00:48 Central Daylight Time 2018
;; MSG SIZE rcvd: 59If you are seeing over 100ms to 8.8.8.8 I would say something is wrong. You are seeing 600+ms..
I can ping China from Chicago and get less than 300ms.. ;)
-
Yes, I was forced to use a satellite internet so I know response times suck. First post in this thread has details on my ISP modem.
Where to next?
-
Oh wow, not sure how I missed that ;)
If your on SAT… your going to have to use their DNS... You are not going to be able to resolve or use other public dns... Use of the SAT isp dns is going to be your really only viable option.. Anything else is going to be horrible.
And you sure can not resolve on such a high latency connection.
-
That would explain why my old pfSense configs wouldn't work, didn't have Sat internet for them.
So what do I need to config on pfSense to get it working for Sat internet?
-
So this is what I have done and internet appears to be working right now on the Client PC.
on pfSense
Under System/General Setup - I removed the DNS Servers and checked DNS Server Override.Under Services/DNS Forwarder - checked enabled and saved/applied
Under Services/DNS Resolver - unchecked enabled and saved/applied
on Dashboard the DNS Servers listed are the 127.0.0.1, and the pair of 99's that come from the ISP modem.
Client PC is also getting everything sent to it, nothing is hard-set.
-
yeah pfsense will ask it self, which will get forwarded to those 99.x.x
Now do a dns lookup for google… on pfsense dns lookup What is the response time now.
Clients will ask pfsense..
-
127.0.0.1 is 589ms
99's are 6 & 4msIs there anything else I need to do other than setup pfSense how I want it? Any settings I should look at avoiding. All I really plan on do is to setup some firewall rules for some local servers and games and setup DHCP static mapping so all my systems have a specific IP every time.
-
127.0.0.1 should not be that long… It should just be the say 1ms longer than what the forwards answer in.
Your clients are talking to pfsense IP for dns. What are the response times for lookups.
-
I think I may have typed www.google.com in wrong the last time. Just noticed it and the 127.0.0.1 was still 600+ms, changed it and got responses below.
the DNS Lookup on pfSense for www.google.com comes back with…
127.0.0.1 - 4ms
99's are 6ms -
ok that makes more sense..
-
Here is another question, related but not exactly the same. I can open another thread if need be.
I have a old wireless router setup as a wireless AP with DD-WRT connected to the same switch as the Client PC. If I connect to the wifi coming out of it, I cannot access the internet. Any thoughts?
-
Can you ping the pfsense IP, are you getting dhcp from pfsense?
Common issue have seen when users try and use old routers as AP, is they forget to shut down the dhcpd on the old router and client gets info from that that points to AP IP as gateway and dns. Which no would not work.
To use any old router as AP you connect it to your network using one its lan ports, you put its LAN ip on network you connecting it too and TURN OFF its dhcpd..
If you have done all that make sure you can ping the pfsense IP and getting dhcp from it.. If so dns resolving on the client?
-
I'm doing some configuration on the pfSense router and changed the subnet. I noticed that I hadn't changed it on the DD-WRT AP. Made the change, just waiting for the old lease to close out.
Used this to setup the DD-WRT AP.
https://www.dd-wrt.com/wiki/index.php/Wireless_Access_PointI'll put up a post later today or tomorrow regarding the status.
-
What subnet you use on pfsense would really have ZERO to do with your AP.. Other than IP you set on its lan to access it..
Not sure what your waiting for lease for? the IP address on the AP should not be dhcp.. It should be static set on the LAN IP…
-
The laptop I was testing the wireless with was showing a /25 subnet, not the /24 it should be.
-
Another issue that is happening. I can no longer navigate to www.google.com. I can get to the internet.
-
I've moved the pfSense box into my network. It is my router now. Working on setting up the wireless AP which didn't have any other issues.
The outstanding issuing I'm coming across now is I cannot get to www.google.com, any ideas?
-
Still configuring the pfSense router a bit. Have the wireless AP working.
My last hold out now is I cannot access www.google.com. No idea why.
