4g USB, no internet on LAN
-
I would be really happy if someone could help me out. My setup is Dell R710, Proxmox as hypervisor and Pfsense virtualized, 3 nics assigned to PfSense. I have never had any trouble with fiber internet or ADSL but at the moment I am stuck with cellular internet for a while before I move again. I have an old ASUS router I have been using as a wireless access point in the past, and recently been using it with 3G usb dongle but I’d like to have everything set up properly again.
I spent several days trying to get some of my 4G USB dongles to work with Pfsense, to the point I feel like my head is gonna explode. I finally got an Huawei dongle to work, it shows up as ue0 interface, it has the 21. Firmware so it work as network card mode, this firmware is not the Hilink one. Pfsense has internet and downloaded an update, but I cannot get internet to anything connected to LAN. I have one LAN interface and two OPT interfaces. I also tried my Android phone as WAN, same problem, No internet on anything besides PFsense. I tried Endian community firewall with same result.
I tried with allow all firewall rules and then disabled the firewall, nothing changed. I have the 4G dongle set as default gateway in Pfsense. Trace route from WAN to any LAN devices doesn’t return anything, while from Pfsense to LAN and Pfsense to WAN works like it should. I probably have overlooked something as I am so sick and tired of these USB interfaces it drives me crazy. The rest of the setup, if it matters is: 2xHP DL380p gen8 sergers, IPad, a desktop computer, ASUS router as wireless access point, everything connected to Cisco Catalyst 3560g switch. At the moment, Everything is on the subnet, including the Proxmox host and Pfsense.
-
The only thing you haven't mentioned which could cause that is outbound NAT. If you have a rule for that present it should work.
It might be TTL locked by the provider to allow only one device to connect, no routers.
When using 3G/4G the path of least resistance is via and external Ethernet connected modem.
Steve
-
Hi
Thank you for your reply. The device wasn’t locked, I think NAT was a part of the problem. I searched all the information about this 4G USB modems I could, I found a discussion where someone had all kinds of trouble and needed a whole lot of modifications to make it work in exactly the same situation, with exactly the same modem.
I ended up ditching the whole modem and found a Cheap Huawei E5186 LTE 4G router. Things still weren’t as straight forward as I hoped but in the end I managed to get it working. I am positively surprised, most of the time I get 95-120Mbps and during the worst times, still 70mbps download. It’s really stable too, with those USB dongles I had regular problems, the stick overheated, it became too hot to touch on a weekly basis and needed time to cool down. Connection got dropped regularly and the logs showed unspecified errors. I am so happy with the current setup.
NAT is something I still have trouble understanding, could you explain about it a little more? The 4G router has a setting for NAT, the choices are Cone and Symmetric, does it matter which one I use? All the information I found, said you should create a Do not NAT firewall rule for outbound NAT On your firewall. I got Pfsense working when selecting “Automatic outbound NAT rule generation” and it shows two rules are generated. I couldn’t get any other firewall software to work and few of those had incredible complicated NAT sections. If I want to try other firewall softwares too, should they work if I just create the same rules as the Pfsense automatic ones? When I tried them, I created the do not NAT rule as I was advised, but it didn’t help, I still had the same problem, none of the devices on my LAN could not get to the internet.
-
Without any outbound NAT only the device with the public IP directly is able to connect out and get replies.
Anything in a private subnet behind that needs to have it's outbound connections translated to the public in order to get replies. That is outbound NAT.So you need to have some outbound NAT. A lack of it entirely might have fitted your initial symptoms.
It doesn't really matter what you set the NAT on the new device. The best solution would be to pass the public IPO to pfSense and let it handle the NAT but if it's working well as it is I wouldn't worry about it.
Steve