Internet on windows but not ubuntu bad pfsense configuration?

Farisse · Jul 16, 2020, 1:16 PM

Hi everyone,

First of all sorry for my english, it's not my native language. I tried a few forums in my native language, but nobody could help me.

A couple of days ago I posted a topic with what I thought dhcp problems but it wasn't.

I made a complete new install of my ubuntu machine.

The problem I have is I can access internet with my windows virtualized machine, but not with my Ubuntu virtualized machine on my DMZ. Here is my network diagram :

My lan is my domain and dns server of my domain is 192.168.0.10 which is also my active directory.

My DMZ should be only a web server. The windows server 2016 and windows professional 10 are in my dmz only for testing. The only machine who should be working in my DMZ is my Ubuntu web server.

I noticed, when I restart the pfSense machine that I can get internet on Ubuntu and when I restart the ubuntu VM i lose the connection.

I don't know where to search i am practically sure it's something to do with the dns forwarder but can't fix it.

Does anyone have an idea where to search or how i could fix it ?

Thank you very much :)

Farisse

Raffi_ · Jul 16, 2020, 1:50 PM

For the DMZ are you using pfSense DNS Resolver in forwarding mode or DNS forwarder?
Can you post screenshots of the DNS settings and if using forwarding also the DNS server settings in System / General Setup?

Farisse · Jul 16, 2020, 2:01 PM

Hi thank you for your answer,

I actually enabled the DNS forwarder thinking it would forward the dns server that ar in my System / General Setup. But apparently not.
Here are the screenshots :

Raffi_ · Jul 16, 2020, 2:20 PM

I'm not familiar with the DNS forwarder (dnsmasq) but that seems like it should work. What you can try is DNS Resolver in forwarding mode. See if you get any difference.

Farisse · Jul 16, 2020, 2:30 PM

Yup, it should i don't understand either why its not working.

How should i do to put the DNS resolver in forwarding mode ?

Raffi_ · Jul 16, 2020, 2:36 PM

Before doing that maybe try some more troubleshooting.

Try to run a dig from Ubuntu and maybe also from pfSense to compare the results.

e.g.,
dig google.com
dig @8.8.8.8 google.com

The first should use your default DNS server the second is using google's DNS server.

stephenw10 · Jul 16, 2020, 2:38 PM

Check pfSense itself can resolve. Test something in Diag > DNS Lookup. Be sure all configured servers respond, that should include 127.0.0.1.

Make sure both VMs appear in the pfSense DHCP lease table. You might have something else handing out leases.

Steve

Farisse · Jul 16, 2020, 2:52 PM

@Raffi_

@stephenw10

Should the pfSense DHCP lease table show me the static ip from my vms ?

Raffi_ · Jul 16, 2020, 3:03 PM

Woaw 8 seconds for a query could be your issue. Those DNS servers are used only for this DMZ?

Farisse · Jul 16, 2020, 3:06 PM

Nope those are DNS servers on my school's network. :/ Can not work without them

Raffi_ · Jul 16, 2020, 3:09 PM

@Farisse said in Internet on windows but not ubuntu bad pfsense configuration?:

Nope those are DNS servers on my school's network. :/ Can not work without them

...Can not work with them either.

Edit
Something is very wrong there. Even if your were to ping a server at the furthest possible point on the planet, I would not expect a number like that.

Farisse · Jul 16, 2020, 3:11 PM

Haha got me ! But actually it work but only on windows VMs and not on Ubuntu. Idk if ubuntu is using different dns ports (not at my knowledge) Or if pfSense is sending the dns request to the wrong servers ?

Raffi_ · Jul 16, 2020, 3:14 PM

@Farisse said in Internet on windows but not ubuntu bad pfsense configuration?:

Haha got me ! But actually it work but only on windows VMs and not on Ubuntu. Idk if ubuntu is using different dns ports (not at my knowledge) Or if pfSense is sending the dns request to the wrong servers ?

Could it be that Ubuntu's query timeout is shorter than Windows?

Raffi_ · Jul 16, 2020, 3:19 PM

I think using pfSense DNS resolver could help here since it would build up a cache.

Farisse · Jul 16, 2020, 3:19 PM

Idk, but when i restart the services i can get internet on my ubuntu.
So maybe my ubuntu is making a link with the dns servers when nothing can intercept the packets.
And if pfsense if running again it can't 'wipe' packets when the connection is established so ubuntu vm still have internet.
But when i restart the ubuntu vm every connection is closed and could not be established again.

This is what i guess but i don't know how to fix it by a port forwarding or traceroute can't determine where it sucks :/

Raffi_ · Jul 16, 2020, 3:30 PM

@Farisse said in Internet on windows but not ubuntu bad pfsense configuration?:

Should the pfSense DHCP lease table show me the static ip from my vms ?

Also, going back to @stephenw10 question on DHCP leases. That needs to be cleared up.

Farisse · Jul 16, 2020, 3:40 PM

@Raffi_ said in Internet on windows but not ubuntu bad pfsense configuration?:

That needs to be cleared up

I activated dns resolver with forwarding but still doesn't work.

I try it with Chrome and i receive this error:

stephenw10 · Jul 16, 2020, 3:41 PM

Yeah that is catastrophically bad! Something is very broken there.

I guess the DNS timeout in Windows is higher which is why it worked.

You don't see localhost there so you probably have 'Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall' set in System > General setup. That doesn't make much difference unless you have host overrides there the firewall should use.

Steve

DaddyGo · Jul 16, 2020, 3:44 PM

@Raffi_ said in Internet on windows but not ubuntu bad pfsense configuration?:

Woaw 8 seconds for a query could be your issue. Those DNS servers are used only for this DMZ?

I thought I would note this too, but I rather skipped it, hihihihhi

Raffi_ · Jul 16, 2020, 3:44 PM

I activated dns resolver with forwarding but still doesn't work.

I try it with Chrome and i receive this error:

Try it a second time. Once unbound caches it, it should come right up the second time.