[SOLVED] Suddenly no internet connection for clients

sensori · Dec 11, 2018, 1:49 PM

Hi all,

pfSense was running fine for some time in my home network. Yesterday I was doing some changes like updating pfSense to the newest version and installing squid and pfBlockerNG. I've also noticed on the dashboard that the WAN was set to only 100 mbit although the NIC supports 1000 mbit. Today I've changed that too after several attempts.

I have no idea what happened but the problem now is that my clients, one linux machine and one windows machine, don't have internet access. I have stopped pfBlockerNG and squid and set back the 100 mbit value for the WAN but it didn't help. I've also followed the guide:
https://www.netgate.com/docs/pfsense/routing/connectivity-troubleshooting.html
and found this applies to my case:

*Test NAT: Try to ping 8.8.8.8 (Diagnostics > Ping) using LAN as the Source Address

If this fails but the other tests work, then the problem is likely Outbound NAT (See the WAN/LAN gateway checks above)*
I found 2 automatic rules in Firewall > NAT > Outbound that don't know what they mean. In any case I tried to disable the outbound NAT but that didn't help too.

Any ideas what is going on?

stephenw10 · Dec 10, 2018, 8:59 PM

If your WAN was set to 100Mbps and it was working previously then it may need to be set to that to get link with whatever it's connected to.

What does Status > Interfaces show for the WAN?

What was the result of that ping test? Did it fail with LAN as source but succeed with WAN as source?

Make sure you have your WAN set as the default gateway in System > Routing.

Steve

JKnott · Dec 10, 2018, 8:19 PM

@sensori said in Suddenly no internet connection for clients:

I've also noticed on the dashboard that the WAN was set to only 100 mbit although the NIC supports 1000 mbit.

You don't normally set that. Autonegotiation determines the appropriate rate automagically. Perhaps you should be asking why it's only 100 Mb. A bad cable is a good bet. In fact, by trying to set it, you may cause problems, if the other end is set to autonegotiate.

sensori · Dec 11, 2018, 1:48 PM

@stephenw10 , @JKnott : thanks for the responses!

@stephenw10 :

What does Status > Interfaces show for the WAN?

What was the result of that ping test? Did it fail with LAN as source but succeed with WAN as source?

Yes!
Also from a client I can ping 192.168.2.1 (pfSense LAN) and even 192.168.1.20 (pfSense WAN) but I can't ping 8.8.8.8.

Make sure you have your WAN set as the default gateway in System > Routing.

It is already.

@JKnott:

You don't normally set that. Autonegotiation determines the appropriate rate automagically. Perhaps you should be asking why it's only 100 Mb.

autoselect doesn't work. I'm getting a red x. I've set 1000 mbit and it looks like it's accepted. (see picture above).

A bad cable is a good bet.

I've replaced the cable but the problem remains.

I'm thinking about resetting to factory defaults. Any other ideas?

[EDIT]
I've found the culprit...
It was pfBlockerNG. I saw that in the Filter Reload its rules were still there. I thought that by disabling the pfBlockerNG Server in the dashboard is the same as by disabling it in Firewall > pfBlockerNG, but apparently it isn't. Now I'll either remove pfBlockerNG or try to reconfigure it.

stephenw10 · Dec 11, 2018, 6:49 PM

Ah, that can do it if there are unpopulated tables in the ruleset. pf cannot load and hence there is no NAT.

Steve