Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Loss of internet on LANs after update 2.4.5_1 to 2.5.1

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 4 Posters 759 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alanhjames
      last edited by

      Hi All,

      Just performed an update from 2.4.5_1 to 2.5.1 and after the update completed all my LANs were no longer able to reach the internet. The LANs were working internally from what I could see, ie. they were talking to pfSense but not the internet. pfSense could ping and reach the internet fine.

      I was able to ping 8.8.8.8 from my main workstation which worked 100% but couldn't visit any websites.

      After a Google search I found various posts with similar issues but none seemed to point directly to the issue, or at least all the suggestions were already enabled/disabled for me.

      I found a suggestion about turning off Traffic Shaping on the WAN but was unable to find that exact option anywhere. However, I disabled 'Block bogon networks' within the WAN interface and now my LANs to internet traffic is being passed as it was before the update.

      This can't be the issue surely, I would think that I want to block bogon traffic on the WAN address? So could this point to some other configuration issue after the upgrade?

      Not sure what information is required but if screenshots or logs are required to help me diagnose issues please let me know. I've been using pfSense for about 10 years but I'm by no means an expert on pfSense.

      Thanks in advance,
      Alan

      KOMK B 2 Replies Last reply Reply Quote 0
      • KOMK
        KOM @alanhjames
        last edited by

        @alanhjames It sounds like a DNS problem. How is your DNS configured? Forwarder or resolver?

        1 Reply Last reply Reply Quote 0
        • artooroA
          artooro
          last edited by

          What hardware are you running on?

          1 Reply Last reply Reply Quote 0
          • A
            alanhjames
            last edited by

            The hardware is a generic box; AMD Athlon II X2 250 with 8GB RAM. Onboard NIC for WAN and a quad port Intel NIC for the LANs, 4 LANs in 192.168.xx.0/24

            I'm using DNS Resolver, as far as I can remember it's the default settings with some Host and Domain Overrides.

            My General DNS Resolver settings:
            DNS.png

            KOMK 1 Reply Last reply Reply Quote 0
            • KOMK
              KOM @alanhjames
              last edited by KOM

              @alanhjames You have it configured in forwarding mode which means it will forward to whatever DNS server you've specified in General Settings - DNS. That's not the default since Resolver can resolve all by itself without needing a specific upstream DNS. You also have it set to register DHCP which will cause a reload of the filter and access will be temporarily affected until the reload is complete. It is usually advised to not set those two registration options.

              What do you get if you run nslookup www.google.com from your workstation?

              Edit: I notice you have DNSSEC enabled. Do you know for sure that the upstream DNS you're using supports it?

              A 1 Reply Last reply Reply Quote 1
              • A
                alanhjames @KOM
                last edited by

                @kom Thanks!

                I was using opendns.com servers in General Settings - DNS. I've unset both the settings you suggest and I've re-enabled Block bogon networks. My LANs appear to be working again with the bogon settings enabled so it looks as though you were spot on!

                I believe opendns.com has DNSSEC, I'll confirm this and disable it if necessary or is it safer to turn it off anyway?

                Quick question: what you've explained makes sense but wondering why the upgrade to 2.5.1 would have suddenly made these settings an issue? Have I just been lucky until now that these settings haven't caused me an issue? Just curious :-)

                Thanks again,
                Alan

                KOMK 1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM @alanhjames
                  last edited by

                  @alanhjames Block rfc1918 & bogons should almost always be on for WAN, always off for LAN. I have no idea why it stopped working for you after the upgrade.

                  1 Reply Last reply Reply Quote 0
                  • B
                    brianj2k @alanhjames
                    last edited by

                    @alanhjames check and see if your gateway is in the 169.254.x.x range. if it is, go back to 2.5.0 to fix. I hear there is a patch for 2.5.1 to fix as well, but do not know where that is. 😞

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.