Routing problem when moving pfsense to be edge router
-
Hi .
I have a problem I do not know how it could happen, I would love ideas on what to do to debug / understand.
I have two routers , one is pfsense and one it Ubiquiti
I have a laptop connected to the pfsense LANwhen the WAN (from verizon) is connected to the Ubiquiti WAN port and I have a cable from Ubiquiti LAN to the pfsense WAN , everything is working, i.e the laptop can go to the internet
when the WAN (from verizon) is connected to the pfsense WAN port and (Ubiquiti is not connected - or connected from the pfsense LAN to its WAN) the laptop cant go to the internet
somehow pfsense cant fw the laptop traffic when its connected to verizon , and can do that when connected to my internal Ubiquiti (that connected to verizon)
in the above case ping www.google.com does not work (cant resolve host), and ping for specific google ip addres does not work as well (so not just DNS issue)
form pfsense dns lookup or ping work well, so pfsense can communicate with the Verizon router
ipconfig on the laptop show the same info as in the first setup (gateway, subnet, dns etc)
any idea ?
-
@nirmelamoud Well, your laptop will show the same thing because the LAN side of PFSense isn't changing. It's the WAN side that is different. Does PFSense get an IP from Verizon on the WAN interface? You should be able to quickly check on the Status Dashboard of PFSense, by adding the INTERFACES and GATEWAYS widgets- setting up a workable dashboard makes it a useful landing-zone for a quick high-level overview of PFSense's health.
The WAN interface would have been set DHCP behind the other router, but is your internet setup DHCP, could it possibly be PPPoE, requiring that be setup on the PFSense WAN interface for it to get an IP from Verizon. Other thing that comes to mind is the possibility that your ISP locks your WAN IP to the MAC address (hardware address) of the WAN port, requiring a timeout period before it gives out another IP OR a release of the IP by the other router.
-
yes, pfsense get ip from Verizon , but it manages to go out to the internet, so I do not think Verizon lock me out - as I wrote i can ping google from pfsense but not from laptop.
I do have a dashboard setup and can see interfaces both lan and WAN seems ok (green)
-
@nirmelamoud Sorry, missed the ping OK from PFSense; were you in DIAGNOSTICS/PING? Did you choose to ping from the LAN interface (not just on AUTO)?
-
@nirmelamoud
Which mode does the NAT work? Check the mode and rules in Firewall > NAT > Outbound. -
It is working now, no idea why ? I change many parts , dns resolver, forwarder, turn off ip6 all over the place + played with pfblocker
at the end left it for the night and now its working, no idea why, need to try to reverse some of the changes.
-
Every Verizon device Ive worked with.. mostly Cradlepoint but some others.. have needed to be rebooted when switching devices behind the modem. Is it possible that was what was needed?
-
@chpalmer that could be it (let it stay for a night and it started working)
when I replaced my tplink with UDM it worked instantly (3 months ago or so) but you might be right
next time I will just reboot the modem, see if it help (its in my garage)thanks
