Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Everything works except loading a webpage

    Scheduled Pinned Locked Moved
    Firewalling
    4
    28
    4.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kimyeti @akuma1x
      last edited by kimyeti

      @akuma1x

      "Are you sure you're supposed to set your WAN interface to get an IP address via DHCP?"
      According to the ISP guy I spoke with that's how they do it.

      " Did you give them the correct MAC address for the pfsense box?"
      The guy repeated it back to me, so I'm 99% sure.

      "Can they help you with pinging the pfsense box, or verifying that it is even on their network?"
      We can ping each other just fine.

      "By swapping another router with default configs, if that worked and got you online, your pfsense box would be bad. Get it? :)"
      True, but the reason why I got confused is because I would need another router to test with which I don't have at the moment. But it's a good idea and I will buy a cheap pre-configured router and see if that works. If I get the same error then we know for sure It's either the ISP's modem or something else in their end :)

      1 Reply Last reply Reply Quote 0
      • K
        kimyeti @johnpoz
        last edited by kimyeti

        @johnpoz

        "Simple test... sniff on pfsense wan... Have a client try and open a website... Do you see the SYN go out? Do you see the syn,ack come back?"

        Do you mean sniff with the diagnostic tool "packet capture" in pfsense or maybe Wireshark? I already did a few tests before I reinstalled pfSense where I started the capture tool while trying to load websites on the client machine.

        WAN IP = 80.162.60.53
        Reddit.com = 151.101.193.140
        Google.com = 216.58.207.227

        Unfortunately I can't do more tests right now because my brother needs to be able to do work from home. I've reversed it back at the moment to get internet.

        alt text

        "And yes in the cable world you always have to powercycle the modem/gateway to free up the mac binding when you change devices."

        I've definitely done that to the full extent in pure frustration ;)

        "Where you get access but you can not go anywhere other than the registration page of the ISP"

        That is a possibility and if that's correct then my ISP has horrible customer service if they fail to mention such crucial details. I'm gonna go for @akuma1x advice first by purchasing a cheap pre-configured router and see if the same issue occurs. Whatever happens from there will rule out a lot. Even though it's not solved yet I just want to say thank you to everybody in the thread for trying to help me.

        If you want I'll keep you posted on this thread :)

        1 Reply Last reply Reply Quote 0
        • K
          kimyeti @johnpoz
          last edited by

          @johnpoz @akuma1x @KOM

          I found the solution to the issue and I just wanted to share what it was.

          Short Story: pfSense rocks - my ISP sucks

          Long Story:

          After connecting a new cheap router I experinced the same issue. The fault must be at the ISP then, but they repeatedly told me that there were no issues in their end. I found the solution by reading a bunch of forum posts on their forum and someone posted if you had port forwards on their router, then it would block those ports in bridge mode. It's a bug in the system. The solution was to reset the router/modem to factory settings and shutdown all power for 10 min. Boom !

          Everything worked after that. I appreciate all the help that I got here, cheers.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            So just to clarify.. You had say tcp 80 forwarded to 192.168.1.100 on their device.

            Now you put their device in bridge mode, and you get public IP on pfsense 1.2.3.4 wan... But inbound traffic to your public IP so that pfsense would see it is blocked for tcp 80 and pfsense would never get syn to its wan on tcp 80.

            How would that be a problem with accessing websites? Unless you for example ALL ports forwarded in say a DMZ host.. So now when you talk outbound from pfsense to 80 from source port lets say 50452, the return syn,ack to 50452 was being blocked?

            You could of clearly seen that with packet capture on pfsense.. You would of seen your syn go out, but no syn,ack back.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            K 1 Reply Last reply Reply Quote 0
            • K
              kimyeti @johnpoz
              last edited by

              @johnpoz

              You're right that you should be able to see it with a packet capture where the syn acknowledge wouldn't come back.
              Multiple people had the same issue and they all had port forwarding. I don't know if that was truly the cause or perhaps people just came to that conclusion. Maybe it just needed a factory reset for some reason - I don't know.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                did you have a port forward for all ports, ie many of those shitty routers call it dmz or dmz host? Or did you have specific port forwards only?

                Maybe its just if you had "any" port forwards moving to bridge mode is broken and needs a clear or reset before you move it to bridge mode.

                Whatever is was - glad you got it sorted.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                K 1 Reply Last reply Reply Quote 0
                • K
                  kimyeti @johnpoz
                  last edited by

                  @johnpoz

                  All the ports were not open - the ones I had was 80, 443, 22 and 21.

                  I could very well be that if you just had "any" port forward it would then break the system of their shitty router. I do not want to dig any deeper though - just glad it finally works. Good weekend :)

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    You too and have fun with your now fully functional pfsense...

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post