Weird LAN behaviour - LAN to internet
-
out of the box pfsense resolver will listen on all interfaces... But your rules don't even allow your client to talk to pfsense - since your shoving everything out your vpn!
Remove that policy route.. And allow for lan to talk to pfsense lan IP tcp/udp port 53 Directly query pfsense lan IP for something.. Does it resolve?
use dig or host or nslookup on your client - pointing directly to pfsense lan IP.
Well maybe you do - but you have alias for both source and dest on the rule that might allow it.
-
Thanks for all of the help!
I changed the lan interface nic assignment just in case it had some problem (no idea if that's a possibility as icmp was running ok but anyways things seemed intermittent - sometimes ping to google.com was resolved then ping to say bbc.co.uk was not resolved and no names were found - all the time ping to number address worked -.9.9.9.9. for eg.
Ping and dns lookup always work from inside the pfsense box.Removed all rules on lan except allow all to all - rebooted a few times, changed cables - restarted client pc and set new connection to run
And.... the thing came to life with www available.
Thanks again this forum is a great resource!! -
Hmm, well always slightly disappointing not to find a definite problem but I'm glad you got it up and running.
Steve
-
It was quire odd as I'd tried all the removing rules on LAN except all to all before and got nowhere.
Had just thought that maybe the connection on my linux client might have been the problem as Ive just noticed a dns tab which I had set to auto on the working connection. And the dns servers set in general on pfsense were listed. Previously it was off - I have no idea if anything needs to be set on a linux cable connection to get to www pages, I just assumed it just took whatever was sent from the router box as seemed to be the case with my last router (asus68u) which was really slow at vpn - speeds are 3x faster on this, which was the reason to change. I"m still thinking it was some failure of dns, however that might happen.
Anways, its good to know one can get help when needed _thanks again! -
Final note on this problem......
Using linux mint 18.3 client to check pfsense setup
what I found was the ethernet connection to pfsense was very fussy on how it was set - I wasted so much time hunting for errors on the pfsense box when it was the connection which was at fault - If set to the subnet address of 10.0.20.16 and auto dns for eg there was no internet, even though the connection looked ok ( not really sure what was going on here but thinking the dns was not getting in/out) pings to number addresses ok named not found.
If set to dchp and auto dns the connection was good and things worked as they should.
Things got very confusing when setting thre cisco sg3500 switch too as that would not show its webconfig without being set to a fixed ip.
The moral here is check the function of the connection before attempting to change the pfsense settings! -
@fin1000 said in Weird LAN behaviour - LAN to internet:
what I found was the ethernet connection to pfsense was very fussy on how it was set
huh?? What is there to set.. Just leave it in auto... The only thing you should be doing on an interface in pfsense is settings its ip to be honest..
-
Hmm, that sounds a lot like something has a bad subnet mask set.
-
Ive no idea having very little understanding of networking "black magic"
But have had many problems over the years with connections failing to connect and the "connecting" icon "churning" until it times out. Which then leads to messing with settings to see if it can be connected. Try a fixed address in the right range - which normally connects but then there is nothing visible at the other end.
sudo ip route flush cache, sudo ip route flush table main, sudo iptables -F did seem to allow a connection to start BUT im still in the dark as to why sometimes ethernet wont connect. -
@fin1000 said in Weird LAN behaviour - LAN to internet:
Ive no idea having very little understanding of networking "black magic"
WTF are you running pfsense and sg350 switches then???
You shouldn't be setting static IPs if your dhcp is not working you should fix the dhcp issue!
I have been using ethernet from day one... Back in the thick and thinnet days... Vampire connections and bnc... Way before rj45 and cat level cables..
Sounds like you have trouble at layer 1 if you ask me if your having issues with stuff connecting or stuff like the basics of dhcp to even work. Maybe you have bad cables - are you making your own? Or buy prefab?
-
Mmm, I would start basic here and work up.
With close to default pfSense settings any client set to DHCP should pull a lease and be given valid settings.
Steve
-
Actually I've learnt a lot form the guidance given here. But it has to be infuriating to deal with the problems of numpties who don't really understand how stuff works but non the less want to set up something which is beyond them.
Cables are bought and changed about to check for errors tho not got a connection checker here.
What I meant to be saying in my final note on the problem was that a good deal of time was wasted because I hadn't realised Id got a problem with dhcp on the client and restarting linux didnt flush the network if that’s even the correct phrase. sudo ip route flush table main – after which it got better -or maybe I just imagined it ;) Anyways, its doing what it should now - Thanks
