PPPoE/Centurylink Fiber
-
Hello Community,
I was hoping to get a 2nd opinion or two. I have a working pppoe config with a Unifi EdgeMax and I wanted to switch to pfsense, obviously.I've gone through a few configurations and can't seem to get my WAN up.
This is one of a few guides I have tried (https://ratil.life/pfsense-with-centurylink-1gb-fiber/)
I am using 201 as the vlan, MTU is 1492. I attempted to make it work with and without "dial on demand" enabled.
I am using 2.4.4-RELEASE-p3 installed on a desktop with another nic installed. The 2nd nic is my LAN, the onboard is my WAN.
I am sure I am forgetting to mention more settings, but I very seldom post on forums online so I am not sure what is considered usual to post when asking for help.
_DJ
-
Also! I am not using an ISP-provided modem in bridge mode, I am simply using my edgemax, currently.
-
I think I may have found my issue. I will update and report back.
Don't drink and configure firewalls kids.
-
So, my first issue was simple. I have 3 interfaces, and I assumed the WAN was the wrong one. I won't go into detail but I assumed the MAC that was very different was my main NIC, because the pci with 2 nics I would assumed have the same MAC but 1 digit off, I was wrong. ANYWAY,
I got my WAN UP, and I even got a public IP. But, still no internet? I'm getting a generic DNS error but I'm not even using the PF for DNS, I'm using a pi-hole for DHCP/DNS.
Is there a specific log within the PF I should be looking at?
-
I am convinced it's a setting within the PFsense.
I don't use the PF as DHCP or DNS.
If I use my normal DNS server (1.2) I have no internet, if I use the PF (1.1) it works fine.
-
@DeeJaayMac said in PPPoE/Centurylink Fiber:
Don't drink and configure firewalls kids.
But it just so much fun to try and figure out what you did the next morning before the coffee begins to work..
-
@DeeJaayMac said in PPPoE/Centurylink Fiber:
I am convinced it's a setting within the PFsense.
I don't use the PF as DHCP or DNS.
If I use my normal DNS server (1.2) I have no internet, if I use the PF (1.1) it works fine.
What do your outgoing (LAN) firewall rules look like?
If not default can you do a screenshot?
-
@chpalmer I did not modify them. I essentially spun up a pfsense instance, configured the bare min. to make it work with my ISP.
-
What do your clients show if you do a "ipconfig /all on them (or equivalent..)
??
-
Gateway = 192.168.1.15 (I'm changing it to 1.1 later, hence why it's different than what I said before)
DNS = 192.168.1.2 (my pi hole/dhcp server)Was this what you were asking?
On the PF, I disabled DNS resolver/forward as well
-
Bah I am not sure how to edit posts! Gateway = 1.5* sorry
-
Im ignorant with DNS when it comes to configuring my own.. But Im curious if you may need a static port (no port randomization) for your DNS box (192.168.1.2)
That is found under Firewall / NAT / Outbound
Im doing my own research now.
-
Nope.. looks like Im wrong.
https://www.google.com/search?source=hp&ei=RkEnX_a5O8iz0PEPp--QyA4&q=dns+port+randomization&oq=DNS+port+rand&gs_lcp=CgZwc3ktYWIQARgAMgIIADIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeOg4ILhCxAxDHARCjAhCTAjoFCAAQsQM6CwguELEDEMcBEKMCOgUILhCxAzoICC4QsQMQgwE6CAguEMcBEKMCOggIABCxAxCDAToICC4QxwEQrwE6CggAELEDEEYQ-wFQuAxY7yJghjRoAHAAeACAAUeIAaUGkgECMTOYAQCgAQGqAQdnd3Mtd2l6&sclient=psy-ab
-
I guess the part where I am confused is; When I set my DNS to (google), everything works fine. Even if I tell my DNS/DHCP server to hand out google DNS, it does not work. My DHCP/DNS server has the gateway for the pf set, the pf is online too. It's like the PF is preventing the DNS/DHCP server from working
-
I moved the DHCP to the PF, exact same issue. There is some DNS setting on this PF I am missing.
-
If you are not using pfsense for DNS then it is not involved other than to NAT that traffic out to your ISP.
I have several devices that use their own DNS..
Have you set the correct gateway on your RasPI? It needs to point to your pfsense LAN address.
-
@chpalmer confirmed I'm using the right gateway (1.5) for the DHCP config on the DNS server.
My next plan is to move DNS to the pf for testing
-
I mean the device the pi-hole is running on.. What is the addressing for its interface?
Should be-
192.168.1.2
GW- 192.168.1.5
-
@chpalmer correct.
Pi hole is 1.2
GW is 1.5 -
Next I would do a packet capture on your LAN for anything going on for address 192.168.1.2
Then do some attempted surfing and see if the traffic is actually making it to the LAN port. If it is do the same for the PPPoE/WAN interface.
Diagnostics / Packet Capture
