Everything works except loading a webpage

kimyeti · Nov 3, 2018, 11:11 PM

"Are you sure you're supposed to set your WAN interface to get an IP address via DHCP?"
According to the ISP guy I spoke with that's how they do it.

" Did you give them the correct MAC address for the pfsense box?"
The guy repeated it back to me, so I'm 99% sure.

"Can they help you with pinging the pfsense box, or verifying that it is even on their network?"
We can ping each other just fine.

"By swapping another router with default configs, if that worked and got you online, your pfsense box would be bad. Get it? :)"
True, but the reason why I got confused is because I would need another router to test with which I don't have at the moment. But it's a good idea and I will buy a cheap pre-configured router and see if that works. If I get the same error then we know for sure It's either the ISP's modem or something else in their end :)

kimyeti · Nov 3, 2018, 10:20 PM

@johnpoz

"Simple test... sniff on pfsense wan... Have a client try and open a website... Do you see the SYN go out? Do you see the syn,ack come back?"

Do you mean sniff with the diagnostic tool "packet capture" in pfsense or maybe Wireshark? I already did a few tests before I reinstalled pfSense where I started the capture tool while trying to load websites on the client machine.

WAN IP = 80.162.60.53
Reddit.com = 151.101.193.140
Google.com = 216.58.207.227

Unfortunately I can't do more tests right now because my brother needs to be able to do work from home. I've reversed it back at the moment to get internet.

"And yes in the cable world you always have to powercycle the modem/gateway to free up the mac binding when you change devices."

I've definitely done that to the full extent in pure frustration ;)

"Where you get access but you can not go anywhere other than the registration page of the ISP"

That is a possibility and if that's correct then my ISP has horrible customer service if they fail to mention such crucial details. I'm gonna go for @akuma1x advice first by purchasing a cheap pre-configured router and see if the same issue occurs. Whatever happens from there will rule out a lot. Even though it's not solved yet I just want to say thank you to everybody in the thread for trying to help me.

If you want I'll keep you posted on this thread :)

kimyeti · Nov 9, 2018, 4:43 PM

@johnpoz @akuma1x @KOM

I found the solution to the issue and I just wanted to share what it was.

Short Story: pfSense rocks - my ISP sucks

Long Story:

After connecting a new cheap router I experinced the same issue. The fault must be at the ISP then, but they repeatedly told me that there were no issues in their end. I found the solution by reading a bunch of forum posts on their forum and someone posted if you had port forwards on their router, then it would block those ports in bridge mode. It's a bug in the system. The solution was to reset the router/modem to factory settings and shutdown all power for 10 min. Boom !

Everything worked after that. I appreciate all the help that I got here, cheers.

johnpoz · Nov 9, 2018, 5:19 PM

So just to clarify.. You had say tcp 80 forwarded to 192.168.1.100 on their device.

Now you put their device in bridge mode, and you get public IP on pfsense 1.2.3.4 wan... But inbound traffic to your public IP so that pfsense would see it is blocked for tcp 80 and pfsense would never get syn to its wan on tcp 80.

How would that be a problem with accessing websites? Unless you for example ALL ports forwarded in say a DMZ host.. So now when you talk outbound from pfsense to 80 from source port lets say 50452, the return syn,ack to 50452 was being blocked?

You could of clearly seen that with packet capture on pfsense.. You would of seen your syn go out, but no syn,ack back.

kimyeti · Nov 9, 2018, 6:42 PM

@johnpoz

You're right that you should be able to see it with a packet capture where the syn acknowledge wouldn't come back.
Multiple people had the same issue and they all had port forwarding. I don't know if that was truly the cause or perhaps people just came to that conclusion. Maybe it just needed a factory reset for some reason - I don't know.

johnpoz · Nov 9, 2018, 6:48 PM

did you have a port forward for all ports, ie many of those shitty routers call it dmz or dmz host? Or did you have specific port forwards only?

Maybe its just if you had "any" port forwards moving to bridge mode is broken and needs a clear or reset before you move it to bridge mode.

Whatever is was - glad you got it sorted.

kimyeti · Nov 9, 2018, 6:56 PM

@johnpoz

All the ports were not open - the ones I had was 80, 443, 22 and 21.

I could very well be that if you just had "any" port forward it would then break the system of their shitty router. I do not want to dig any deeper though - just glad it finally works. Good weekend :)

johnpoz · Nov 9, 2018, 6:57 PM

You too and have fun with your now fully functional pfsense...