Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Loss of internet on LANs after update 2.4.5_1 to 2.5.1

    General pfSense Questions
    4
    8
    167
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alanhjames last edited by

      Hi All,

      Just performed an update from 2.4.5_1 to 2.5.1 and after the update completed all my LANs were no longer able to reach the internet. The LANs were working internally from what I could see, ie. they were talking to pfSense but not the internet. pfSense could ping and reach the internet fine.

      I was able to ping 8.8.8.8 from my main workstation which worked 100% but couldn't visit any websites.

      After a Google search I found various posts with similar issues but none seemed to point directly to the issue, or at least all the suggestions were already enabled/disabled for me.

      I found a suggestion about turning off Traffic Shaping on the WAN but was unable to find that exact option anywhere. However, I disabled 'Block bogon networks' within the WAN interface and now my LANs to internet traffic is being passed as it was before the update.

      This can't be the issue surely, I would think that I want to block bogon traffic on the WAN address? So could this point to some other configuration issue after the upgrade?

      Not sure what information is required but if screenshots or logs are required to help me diagnose issues please let me know. I've been using pfSense for about 10 years but I'm by no means an expert on pfSense.

      Thanks in advance,
      Alan

      KOM B 2 Replies Last reply Reply Quote 0
      • KOM
        KOM @alanhjames last edited by

        @alanhjames It sounds like a DNS problem. How is your DNS configured? Forwarder or resolver?

        1 Reply Last reply Reply Quote 0
        • artooro
          artooro last edited by

          What hardware are you running on?

          1 Reply Last reply Reply Quote 0
          • A
            alanhjames last edited by

            The hardware is a generic box; AMD Athlon II X2 250 with 8GB RAM. Onboard NIC for WAN and a quad port Intel NIC for the LANs, 4 LANs in 192.168.xx.0/24

            I'm using DNS Resolver, as far as I can remember it's the default settings with some Host and Domain Overrides.

            My General DNS Resolver settings:
            DNS.png

            KOM 1 Reply Last reply Reply Quote 0
            • KOM
              KOM @alanhjames last edited by KOM

              @alanhjames You have it configured in forwarding mode which means it will forward to whatever DNS server you've specified in General Settings - DNS. That's not the default since Resolver can resolve all by itself without needing a specific upstream DNS. You also have it set to register DHCP which will cause a reload of the filter and access will be temporarily affected until the reload is complete. It is usually advised to not set those two registration options.

              What do you get if you run nslookup www.google.com from your workstation?

              Edit: I notice you have DNSSEC enabled. Do you know for sure that the upstream DNS you're using supports it?

              A 1 Reply Last reply Reply Quote 1
              • A
                alanhjames @KOM last edited by

                @kom Thanks!

                I was using opendns.com servers in General Settings - DNS. I've unset both the settings you suggest and I've re-enabled Block bogon networks. My LANs appear to be working again with the bogon settings enabled so it looks as though you were spot on!

                I believe opendns.com has DNSSEC, I'll confirm this and disable it if necessary or is it safer to turn it off anyway?

                Quick question: what you've explained makes sense but wondering why the upgrade to 2.5.1 would have suddenly made these settings an issue? Have I just been lucky until now that these settings haven't caused me an issue? Just curious :-)

                Thanks again,
                Alan

                KOM 1 Reply Last reply Reply Quote 0
                • KOM
                  KOM @alanhjames last edited by

                  @alanhjames Block rfc1918 & bogons should almost always be on for WAN, always off for LAN. I have no idea why it stopped working for you after the upgrade.

                  1 Reply Last reply Reply Quote 0
                  • B
                    brianj2k @alanhjames last edited by

                    @alanhjames check and see if your gateway is in the 169.254.x.x range. if it is, go back to 2.5.0 to fix. I hear there is a patch for 2.5.1 to fix as well, but do not know where that is. 😞

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post