Unable to get to internet after setup

sdeskgeo881

Greetings all
I know this is a old topic but I have exhausted all options I am hoping someone can tell me what im missing
I have set up a new install on a Dell OptiPlex 7010 i5 processer 8gigs ram Intel onboard nic with an USB nic for second interface.

After changing IP and confirming ip from ISP (who I asked to put the modem into bridged mode) The pfsence box is able to ping yahoo and get DNS servers from ISP, Im still unable to get to internet from lan side, Im getting a DNS error on web page, NAT is set to auto config rules, Still nothing
I swapped hardware and did fresh install of software, Still nothing.
Can some one send me an example of correct firewall rule and what it should look like and any other ideas would be greatly appreciated. Thank you in advance

akuma1x

How is your WAN port configured - static or dynamic (DHCP)? If static, what value did you set for WAN? If dynamic, what IP address are you getting from your ISP? You can mask it out, if it makes you feel more comfortable.

How is your LAN port configured - static or dynamic? If static, what value did you set for LAN? Do you have the DHCP server running on your LAN interface? Are your computers on LAN getting an IP address and DNS server settings from pfsense?

You mention that you have a USB nic for your second interface. Those are NOT recommended for long-term use. Just for testing, it's probably ok. But, and you'll hear it from others here on the forum, they are not reliable nor stable. This could be the entire problem right here, the USB interface isn't cooperating right off the bat. Does that Dell Optiplex have any expansion slots inside? A true Intel NIC, if it can be installed, will be much better in the long run.

Are your LAN and WAN IP addresses on the same subnet? Something like... 192.168.1.1 and 192.168.1.100. If your LAN and WAN subnets are the same, routing out to the internet doesn't work properly, and you get symptoms like you described. Make them different address ranges - like 192.168.1.XXX for WAN, and 10.0.1.1 something for your LAN network. If your modem is in bridge mode, however, your WAN network might get a static address all by itself. Double check with your ISP.

Jeff

sdeskgeo881

Jeff, here is the answers
How is your WAN port configured - static or dynamic (DHCP)? If static, what value did you set for WAN? If dynamic, what IP address are you getting from your ISP? You can mask it out, if it makes you feel more comfortable.
DHCP 69.204.XX.XX

How is your LAN port configured - static or dynamic? If static, what value did you set for LAN? Do you have the DHCP server running on your LAN interface? Are your computers on LAN getting an IP address and DNS server settings from pfsense?
Static
Yes I have DHCP running
IP for lan 192.168.2.1
Range 192.168.2.100-150
Bit count: 24
Why is 31 an option? Please advise
DNS was set up during setup with overwrite on Wan DNS checked
8.8.8.8
8.8.4.4
Computers are getting address, 192.168.2.103 on my pc
does not matter if im plugged into switch directly or on access pont.

ipconfig \all it stating DNS is router IP 192.168.2.1
USB NIC has been both Lan and Wan for testing
I have another nic on the way and will swapout, However I have another pfsense router running quite well
I downloaded its config and restored it on my other device with same results.

Lots of info

Thank you for all your help

akuma1x

@sdeskgeo881 said in Unable to get to internet after setup:

Why is 31 an option? Please advise

A /31 subnet is used for point to point links that don't need a broadcast address, and in your particular case, is not a valid selection. There's more talk about it here:
https://community.cisco.com/t5/switching/when-and-why-we-use-31-subnet/td-p/1642780

However I have another pfsense router running quite well
I downloaded its config and restored it on my other device with same results.

Lots of info

Thank you for all your help

So, am I reading that right, you restored a config from another pfsense firewall to this one you're having trouble with? That's probably where the problem is coming from.

What I would recommend, and you will have some programming to do after you pull the trigger if you've got a complex network setup, is to factory reset this box and start from scratch. Don't import another config, and see if it works immediately after resetting. Pfsense is designed to, with minimal configuration, run right out of the box. Or, in this example, right after you install a fresh copy, or reset the system.

Jeff

sdeskgeo881

Thanks for the reply sorry I wasn’t clear the other config was for a PF sense box that I have that is already up and running I was hoping I could put the config on the system that I couldn’t get to access the Internet and try it that way even with the config from the working PF sense box it still was not able to connect to the Internet at this point I’m at a loss I reset the config several times the only thing that I haven’t tried yet is downloading a fresh copy
Any other ideas?
What would a good firewall entry look like