reassigning interfaces, now no Internet
-
New install now won't allow internet access suddenly. Initially, the install all went perfect, and allowed immediate access. However an ISP internet reset put me offline. Interfaces came up all blank on the bootup screen, and I got them back only by reassigning them manually and giving them new ip addresses.
Now I can access pfSense via it's new 192.168.10.1 address but initially my laptop complains that it has network access but no internet access. Doing a ping from the laptop to my chosen DNS 8.8.8.8 works slowly at first, and then the laptop removes the little x on the internet connection icon and claims it now has internet access. However no internet sites are available by browser.
I am behind the GFW of China and connected by China Telecom with a CGNAT connection. My modem/router is TEWA-600 acting as a router / not bridged. My current router is a DD-WRT based Netgear AC1450. So until I get pfSense working good and get rid of DD-WRT, I am triple natted. But it worked initially so good....
Did my manual ip address setting mess up the pfSense router somehow? On the Wan Firewall I only have one rule about Bogon nets. Shouldn't there be a second rule there by default?
-
I nuked the pfSense config and got back to the same place. (Lan address has been moved to 192.168.10.1) Can ping 8.8.8.8 from my laptop, but cannot load a web page. Next I nuked the entire pfSense box and recreated from ISO. Still the same result. However, now it will pull a DHCP WAN address. Finally in desperation, I removed the DD-WRT router that was inbetween the pfSense box and the China Telecom modem/router. Still the same result, but now the DHCP WAN address matched the ones given out by that China Telecom router. (192.168.1.1)
This is very puzzling as the only thing that changed fron the initial working pfSense install was the Internet was reset, and I went from a PPOe connection to China Telecom to a DHCP connection with China Telecom. Could this have affected pfSense?
-
out of the box pfsense resolves for dns.. If your in china with all of their blocking I find it hard to believe that they would allow for dns access to any IP on the planet which is really what you need for resolving to work because the resolver talks directly to the authoritative ns for whatever domain your looking for.
You ask roots for NS of the tld your looking for, then that NS tells unbound the NS for the domain.tld your looking for, then it goes and asks NS for domain.tld for A record of say www.domain.tld your looking for.
This is going to be problematic if in a country or ISP that does a lot of filtering - say like china ;)
Change pfsense to forward vs resolve and point it to a china approved DNS.. Does china even allow for access google dns?
-
Thanks, will try that.
FYI, my DD-WRT is presently pointing to 8.8.8.8, 8.8.4.4 for DNS. However this is behind the China Telecom modem/router and DD-WRT is getting a WAN ip address of 192.168.1.7 (turning that China Telecom box into bridge mode would be nice) (Talking to tech support here in China is a waste of time due to my lack of Chinese language. My Chinese friends are not tech savvy enough to help )