SG-1100 no internet, no web UI, SSH OK

brightwolf · May 24, 2019, 1:13 PM

@padreloco
I am not an expert myself but I think the only thing you need to do is to add an "allow" firewall rule on your LAN network. pfSense will block everything by default, is what I understood.

So in Firewall > Rules > LAN add something like:
Action: Pass
Interface: LAN
Protocol: any
Source: any
Destination: any

Once you have that rule you can start adding "deny" rules above it, to block everything you wish to block.

padreloco · May 24, 2019, 1:16 PM

@brightwolf
I have tried that too with no success.
I guess the error is in WAN and/or LAN settings of pfsense...
This is why I was curious to know how you did in settings...

Rico · May 24, 2019, 1:22 PM

Show screenshots of your WAN + LAN Settings, Firewall Rules and output of ipconfig /all from your Client machine.

-Rico

brightwolf · May 24, 2019, 1:27 PM

@padreloco
Did you restore a backup? In my case, I suspect the initial problem occurred due to some package settings. When I restored the backup I introduced the same problem again. That's why I did a complete reinstall of pfSense, then a complete reconfiguration of it. Now it's working without problems.

Gertjan · May 24, 2019, 1:37 PM

@brightwolf said in SG-1100 no internet, no web UI, SSH OK:

you need to do is to add an "allow" firewall rule on your LAN network.

That rule, on the LAN interface - is present by default.
So, any device, hooked up to the LAN interface will have full access as soon as the WAN interface works.
Typically, the WAN interface is setup to DHCP (client), thus when hooked up to an up stream (ISP) router, everything works.

Except : the conflicting network range issue : when the upstream router uses for itself at it's LAN - this is the LAN of the upsteam router ! - also 192.168.1.0/24 then you should :
Change that network address on your upstream (ISP) router, like 192.168.2.0/24
or
Change the default 192.168.1.0/24 on the LAN on pfSense to, for example, 192.168.2.0/24
Like this :

Check also the DHCP server on the DHCP server page, interface LAN : the pool must be in the 192.168.2.x/24 range. Normally, it is.

Now, you'll be fine.

Note : pfSense behaves as any other router on planet earth : with all settings on default, it's works.
If it doesn't, check already existing material in your environment that isn't setup by default.

brightwolf · May 24, 2019, 2:58 PM

@Gertjan said in SG-1100 no internet, no web UI, SSH OK:

If it doesn't, check already existing material in your environment that isn't setup by default.

Yes, like, for example, an IP conflict because of which I could not connect to my pfSense on SG-1100 anymore. Both my wireless router (downstream of the SG-1100 and in bridge mode) and my SG-1100 appeared to have the same IP on the LAN. Once I changed the wireless router's IP I could connect to the SG-1100 again.

padreloco · May 24, 2019, 7:44 PM

@brightwolf
Well, I did the "4. Reset to factory defaults", again, followed with the standard configuration with no success.

Giving up, I changed the computer from macOs to windows OS. I could then have access to internet. I hate the fact that I don't understand why!

Another thing is that from my computer I don't see other devices (NAS...) connected to the switch where my computer (client) is connected...

stephenw10 · May 24, 2019, 9:04 PM

The client OS should make no difference there assuming both are configured for DHCP.

What is actually not working though. Are you able to ping 8.8.8.8? Are you able to ping google.com?

Windows firewall may have set that new network as pub;ic as the dhcp server MAC address will be unknown to it.

Steve

padreloco · May 26, 2019, 4:49 AM

@stephenw10
In fact I am able to ping 8.8.4.4... I don't know why then I can't access Internet through Chrome, safari... (using mac)

Rico · May 26, 2019, 8:02 AM

DNS working?

-Rico

stephenw10 · May 27, 2019, 2:01 PM

Yeah if you can ping by IP but can't ping FQDNs then it sounds like DNS is not working. Check the DNS setup on that OSX client.

Steve

padreloco · May 27, 2019, 2:01 PM

@stephenw10
That was the problem.
Now the internet is up and running through the firewall

padreloco · May 27, 2019, 2:06 PM

@stephenw10
Would you or anyone advice how to access NAS through firewall? I.e: how can computers for example connected on WiFi on the same router as sg-1100? Computers have address as 192.168.0.x while the sg-1100 has 192.162.1.1 and Nas having IP addr 192.162.1.2?

Rico · May 27, 2019, 2:18 PM

You need to setup/modify your Firewall Rules.
For help in detail post Screenshots showing your actual Rules here.

-Rico

stephenw10 · May 27, 2019, 2:51 PM

So clients in the WAN subnet accessing the NAS in the LAN?

You can open access to it with a port forward:
https://docs.netgate.com/pfsense/en/latest/book/nat/port-forwards.html#adding-port-forwards

Steve