Internet on windows but not ubuntu bad pfsense configuration?

DaddyGo · Jul 16, 2020, 3:44 PM

@Raffi_ said in Internet on windows but not ubuntu bad pfsense configuration?:

Woaw 8 seconds for a query could be your issue. Those DNS servers are used only for this DMZ?

I thought I would note this too, but I rather skipped it, hihihihhi

Raffi_ · Jul 16, 2020, 3:44 PM

I activated dns resolver with forwarding but still doesn't work.

I try it with Chrome and i receive this error:

Try it a second time. Once unbound caches it, it should come right up the second time.

Raffi_ · Jul 16, 2020, 3:51 PM

@stephenw10 said in Internet on windows but not ubuntu bad pfsense configuration?:

You don't see localhost there so you probably have 'Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall' set in System > General setup. That doesn't make much difference unless you have host overrides there the firewall should use.

Steve

Would dnsmaq use the local host as well or is that only the default for unbound?

Farisse · Jul 16, 2020, 3:58 PM

@stephenw10 Its not after you told me i should probably have the localhost as respond i remembered i had in the beginning in general information the localhost and then not anymore. So i've add it back with the dns server (good or wrong way idk) But ly query is a lot faster now.

But the option "Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall " is not set in.

@Raffi_ I also tried it a second and third time, but no result. Or ... the same result.

Raffi_ · Jul 16, 2020, 4:07 PM

If you are using DNS resolver with forwarding mode, the first option will be the local host by default. There is no need to enter it again under DNS Server Settings in the General setup tab.

Edit, something doesn't seem right with those 1ms query times. How would it go from 8 seconds to 1ms? I think this might be the DNS lookup GUI bug I've seen in the past.

Run those dig commands from pfSense instead.
Diagnostics/ Command Prompt
dig @172.20.0.253 google.com
dig @172.20.0.254 google.com

I think those might give you the real results.

DaddyGo · Jul 16, 2020, 4:03 PM

@Raffi_

just an idea
it would be worthwhile to look at and compare these:

Windows: https://docs.microsoft.com/en-us/previous-versions//cc977482(v=technet.10)?redirectedfrom=MSDN

Linux: /etc/resolv.conf

search domain.net
option timeout:1
nameserver 1.1.1.1
nameserver 2.2.2.2
nameserver 3.3.3.3

or something like that

Farisse · Jul 16, 2020, 4:22 PM

@Raffi_

I removed the localhost from the general setting and these are the results

@DaddyGo It was a good suggestion, but unfortunately /etc/resolv.conf is managed by systemd-resolved who is used by netplan /etc/netplan/*.yaml

Raffi_ · Jul 16, 2020, 6:02 PM

Interesting, well the two DNS servers seem to be responding better now. That could also be because they are caching.

How is Ubuntu getting its interface settings? Is it statically assigned in Ubuntu or is it set to automatic (DHCP)? There were no leases in your DHCP list.

Farisse · Jul 16, 2020, 6:18 PM

I assigned static ip through /etc/netplan/01-network-manager-all.yaml

Everything seems good to me....

Edit, maybe an non relevant information, i can not ping the other vms in the dmz network. But my other vms can ping my ubuntu vm. Could it be something to do with routing ?

Raffi_ · Jul 16, 2020, 6:28 PM

Try running a packet capture on the DMZ of pfSense.
Diagnostics/ Packet Capture
Select DMZ, then in Count enter a very high value such as 10000. You can enter 0 but don't forget to stop the capture manually otherwise it will run a continuous capture and it can become a problem.

Download the capture data to wireshark and check for DNS info.

Dumb question, but have you tried to ping 8.8.8.8 from ubuntu? Does that work or is that failing as well?

Farisse · Jul 16, 2020, 6:30 PM

@Raffi_ said in Internet on windows but not ubuntu bad pfsense configuration?:

Dumb question, but have you tried to ping 8.8.8.8 from ubuntu? Does that work or is that failing as well?

Nope doesn't work because its blocked by the school.

I'll try the packet in a few minutes

Raffi_ · Jul 16, 2020, 6:32 PM

@Farisse said in Internet on windows but not ubuntu bad pfsense configuration?:

@Raffi_ said in Internet on windows but not ubuntu bad pfsense configuration?:

Dumb question, but have you tried to ping 8.8.8.8 from ubuntu? Does that work or is that failing as well?

Nope doesn't work because its blocked by the school.

I'll try the packet in a few minutes

ICMP is blocked or google DNS server specifically is blocked?

Farisse · Jul 16, 2020, 6:38 PM

ICMP I guess. I can ping outside the network but not 8.8.8.8 or 8.8.4.4 I wont recieve any result wit this commands i began the ping on ubuntu and then on the windows machine who got internet:

Farisse · Jul 16, 2020, 6:50 PM

@Raffi_ said in Internet on windows but not ubuntu bad pfsense configuration?:

Select DMZ, then in Count enter a very high value such as 10000. You can enter 0 but don't forget to stop the capture manually otherwise it will run a continuous capture and it can become a problem.
Download the capture data to wireshark and check for DNS info.

So apparently my ubuntu machine does not send any dns request :

Raffi_ · Jul 16, 2020, 7:09 PM

@Farisse said in Internet on windows but not ubuntu bad pfsense configuration?:

So apparently my ubuntu machine does not send any dns request :

That's not good. Is it even able to talk to pfSense at all? Can you ping pfSense (192.168.1.1) from Ubuntu?

Farisse · Jul 16, 2020, 7:14 PM

Yup but not able to ping windows machine

Raffi_ · Jul 16, 2020, 7:15 PM

@Farisse said in Internet on windows but not ubuntu bad pfsense configuration?:

Yup but not able to ping windows machine

It can't ping Windows because by default Windows does not respond to ping. That has to be manually enabled in Windows. It is responding to pfSense though. So at least there is some sign of life there.

Farisse · Jul 16, 2020, 7:22 PM

Damn forgot to disable fw on this windows machine. >.<"

So apparently I don't know why, I suddenly have internet on my ubuntu machine.

I did not change anything i've reset my ubuntu vm twice to be sure and it seems to work. What the hell is going on here :o i think i'm losing my mind

Raffi_ · Jul 16, 2020, 7:25 PM

@Farisse said in Internet on windows but not ubuntu bad pfsense configuration?:

Damn forgot to disable fw on this windows machine. >.<"

So apparently I don't know why, I suddenly have internet on my ubuntu machine.

I did not change anything i've reset my ubuntu vm twice to be sure and it seems to work. What the hell is going on here :o i think i'm losing my mind

lol don't touch it. You have a number of things which don't make sense. Like for instance the ping to pfSense is taking on average 600ms. In reality it should be more like 6ms. You have two extra zeros of delay. That's not good.

Farisse · Jul 16, 2020, 7:43 PM

Haha i won't but hope it will work when i will need it ! :D
Apparently even this is fixed. :

192.168.1.1 is my gateway to pfsense and 192.168.0.50 is pfsense ip..

I really hope it will stay working as i need it crossfingers

Many thanks for your help guys!