Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PPPoE/Centurylink Fiber

    Installation and Upgrades
    centurylink fiber pppoe
    2
    20
    59
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DeeJaayMac
      DeeJaayMac last edited by

      Hello Community,
      I was hoping to get a 2nd opinion or two. I have a working pppoe config with a Unifi EdgeMax and I wanted to switch to pfsense, obviously.

      I've gone through a few configurations and can't seem to get my WAN up.

      This is one of a few guides I have tried (https://ratil.life/pfsense-with-centurylink-1gb-fiber/)

      I am using 201 as the vlan, MTU is 1492. I attempted to make it work with and without "dial on demand" enabled.

      I am using 2.4.4-RELEASE-p3 installed on a desktop with another nic installed. The 2nd nic is my LAN, the onboard is my WAN.

      I am sure I am forgetting to mention more settings, but I very seldom post on forums online so I am not sure what is considered usual to post when asking for help.

      _DJ

      1 Reply Last reply Reply Quote 0
      • DeeJaayMac
        DeeJaayMac last edited by

        Also! I am not using an ISP-provided modem in bridge mode, I am simply using my edgemax, currently.

        1 Reply Last reply Reply Quote 0
        • DeeJaayMac
          DeeJaayMac last edited by

          I think I may have found my issue. I will update and report back.

          Don't drink and configure firewalls kids.

          chpalmer 1 Reply Last reply Reply Quote 0
          • DeeJaayMac
            DeeJaayMac last edited by

            So, my first issue was simple. I have 3 interfaces, and I assumed the WAN was the wrong one. I won't go into detail but I assumed the MAC that was very different was my main NIC, because the pci with 2 nics I would assumed have the same MAC but 1 digit off, I was wrong. ANYWAY,

            I got my WAN UP, and I even got a public IP. But, still no internet? I'm getting a generic DNS error but I'm not even using the PF for DNS, I'm using a pi-hole for DHCP/DNS.

            Is there a specific log within the PF I should be looking at?

            1 Reply Last reply Reply Quote 0
            • DeeJaayMac
              DeeJaayMac last edited by

              I am convinced it's a setting within the PFsense.

              I don't use the PF as DHCP or DNS.

              If I use my normal DNS server (1.2) I have no internet, if I use the PF (1.1) it works fine.

              chpalmer 1 Reply Last reply Reply Quote 0
              • chpalmer
                chpalmer @DeeJaayMac last edited by

                @DeeJaayMac said in PPPoE/Centurylink Fiber:

                Don't drink and configure firewalls kids.

                But it just so much fun to try and figure out what you did the next morning before the coffee begins to work.. 😵

                DeeJaayMac 1 Reply Last reply Reply Quote 0
                • chpalmer
                  chpalmer @DeeJaayMac last edited by

                  @DeeJaayMac said in PPPoE/Centurylink Fiber:

                  I am convinced it's a setting within the PFsense.

                  I don't use the PF as DHCP or DNS.

                  If I use my normal DNS server (1.2) I have no internet, if I use the PF (1.1) it works fine.

                  What do your outgoing (LAN) firewall rules look like?

                  If not default can you do a screenshot?

                  1 Reply Last reply Reply Quote 0
                  • DeeJaayMac
                    DeeJaayMac @chpalmer last edited by

                    @chpalmer I did not modify them. I essentially spun up a pfsense instance, configured the bare min. to make it work with my ISP. 2020_08_02_16_23_01_pfSense.localdomain_Firewall_Rules_LAN.png

                    1 Reply Last reply Reply Quote 0
                    • chpalmer
                      chpalmer last edited by

                      What do your clients show if you do a "ipconfig /all on them (or equivalent..)

                      ??

                      1 Reply Last reply Reply Quote 0
                      • DeeJaayMac
                        DeeJaayMac last edited by

                        Gateway = 192.168.1.15 (I'm changing it to 1.1 later, hence why it's different than what I said before)
                        DNS = 192.168.1.2 (my pi hole/dhcp server)

                        Was this what you were asking?

                        On the PF, I disabled DNS resolver/forward as well

                        1 Reply Last reply Reply Quote 0
                        • DeeJaayMac
                          DeeJaayMac last edited by

                          Bah I am not sure how to edit posts! Gateway = 1.5* sorry

                          1 Reply Last reply Reply Quote 0
                          • chpalmer
                            chpalmer last edited by chpalmer

                            Im ignorant with DNS when it comes to configuring my own.. But Im curious if you may need a static port (no port randomization) for your DNS box (192.168.1.2)

                            That is found under Firewall / NAT / Outbound

                            Im doing my own research now.

                            chpalmer 1 Reply Last reply Reply Quote 0
                            • chpalmer
                              chpalmer @chpalmer last edited by

                              Nope.. looks like Im wrong.

                              https://www.google.com/search?source=hp&ei=RkEnX_a5O8iz0PEPp--QyA4&q=dns+port+randomization&oq=DNS+port+rand&gs_lcp=CgZwc3ktYWIQARgAMgIIADIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeOg4ILhCxAxDHARCjAhCTAjoFCAAQsQM6CwguELEDEMcBEKMCOgUILhCxAzoICC4QsQMQgwE6CAguEMcBEKMCOggIABCxAxCDAToICC4QxwEQrwE6CggAELEDEEYQ-wFQuAxY7yJghjRoAHAAeACAAUeIAaUGkgECMTOYAQCgAQGqAQdnd3Mtd2l6&sclient=psy-ab

                              1 Reply Last reply Reply Quote 0
                              • DeeJaayMac
                                DeeJaayMac last edited by

                                I guess the part where I am confused is; When I set my DNS to (google), everything works fine. Even if I tell my DNS/DHCP server to hand out google DNS, it does not work. My DHCP/DNS server has the gateway for the pf set, the pf is online too. It's like the PF is preventing the DNS/DHCP server from working

                                1 Reply Last reply Reply Quote 0
                                • DeeJaayMac
                                  DeeJaayMac last edited by

                                  I moved the DHCP to the PF, exact same issue. There is some DNS setting on this PF I am missing.

                                  1 Reply Last reply Reply Quote 0
                                  • chpalmer
                                    chpalmer last edited by

                                    If you are not using pfsense for DNS then it is not involved other than to NAT that traffic out to your ISP.

                                    I have several devices that use their own DNS..

                                    Have you set the correct gateway on your RasPI? It needs to point to your pfsense LAN address.

                                    DeeJaayMac 1 Reply Last reply Reply Quote 0
                                    • DeeJaayMac
                                      DeeJaayMac @chpalmer last edited by

                                      @chpalmer confirmed I'm using the right gateway (1.5) for the DHCP config on the DNS server.

                                      My next plan is to move DNS to the pf for testing

                                      chpalmer 1 Reply Last reply Reply Quote 0
                                      • chpalmer
                                        chpalmer @DeeJaayMac last edited by

                                        @DeeJaayMac

                                        I mean the device the pi-hole is running on.. What is the addressing for its interface?

                                        Should be-

                                        192.168.1.2

                                        GW- 192.168.1.5

                                        DeeJaayMac 1 Reply Last reply Reply Quote 0
                                        • DeeJaayMac
                                          DeeJaayMac @chpalmer last edited by

                                          @chpalmer correct.

                                          Pi hole is 1.2
                                          GW is 1.5

                                          1 Reply Last reply Reply Quote 0
                                          • chpalmer
                                            chpalmer last edited by

                                            Next I would do a packet capture on your LAN for anything going on for address 192.168.1.2

                                            Then do some attempted surfing and see if the traffic is actually making it to the LAN port. If it is do the same for the PPPoE/WAN interface.

                                            Diagnostics / Packet Capture
                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post

                                            Products

                                            • Platform Overview
                                            • TNSR
                                            • pfSense Plus
                                            • Appliances

                                            Services

                                            • Training
                                            • Professional Services

                                            Support

                                            • Subscription Plans
                                            • Contact Support
                                            • Product Lifecycle
                                            • Documentation

                                            News

                                            • Media Coverage
                                            • Press
                                            • Events

                                            Resources

                                            • Blog
                                            • FAQ
                                            • Find a Partner
                                            • Resource Library
                                            • Security Information

                                            Company

                                            • About Us
                                            • Careers
                                            • Partners
                                            • Contact Us
                                            • Legal
                                            Our Mission

                                            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                            Subscribe to our Newsletter

                                            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                            © 2021 Rubicon Communications, LLC | Privacy Policy