No ipv4 Internet on LAN

blista99

Hey guys
I am somewhat in despair with my problem.
My LAN devices cannot access the internet over ipv4. Everything over ipv6 is working as it should.
A couple of days ago I changed some settings on my fully working pfSense Instance (2.6.0) that corrupted my system and I had to reinstall pfsense completely.
I did that, uploaded my backup configuration and from there on, my internet access on LAN wasn't working anymore. Then (and currently) I tried it with a complete fresh install of pfsense without any special settings and the problem still remains.

pfSense itself can access (ping, resolve) everything (ipv4 and ipv6 sites), can install packages and more. I do get a public IP address on both (ipv4 and ipv6) and my gateways are reported to be online.

My setup:
ISP -> FTTH -> T-Link Media Converter (fiber to LAN) -> pfSense (custom hardware) -> LAN Network

I do have some special entries on WAN to register with my ISP (dhcp option 60 an VLAN tagging). But since pf itself can access the internet I doubt that this is the source of the problem.
Nothing else is changed from default in pfSense (though before this crash my setup was the same but with more complicated routes and it worked without a hitch.
DNS Resolver is active, NAT outbound on automatic.

These are the ping results:

Many thanks for your help!
Regards

viragomann

@blista99
Check the outbound NAT if there is a proper rule for the LAN network.

blista99

@viragomann Ok. You are right...I did not realize that.
It is set to default...so automatic rule generation...
But then again the tab is empty....

Shouldn't there be at least one rule? How can a change this?

blista99

OK. Update:
I did get it up and running...but only with a manual entry:

This solves my immediate problem...but raises the question, why a fresh pfSense install does not generate a auto-rule for that....?

viragomann

@blista99
The rules are generated automatically, when there is a gateway stated in the WAN interface settings. But when using DHCP configuration, this should be set automatically.
So don't know, why it didn't.

Is the IPv4 WAN gateway set as default in System > Routing > Gateways?

blista99

@viragomann Yes...and no??

The settings should assume so...but the "planet"-symbol-standard gateway is on ipv6.
But I don't see how to change that.

And thank you very much....you saved me a lot of fiddling!!

blista99

@viragomann Could this automatic generation be influenced by my manual entry in "DHCP Client Configuration" of WAN? (see above)
Maybe I need to add something to that..?
But then again....it worked the first time when I set my pfSense up 3 years ago.

viragomann

@blista99 said in No ipv4 Internet on LAN:

Could this automatic generation be influenced by my manual entry in "DHCP Client Configuration" of WAN? (see above)

Maybe, didn't notice before. But I'm also not familiar with this.
I guess, these settings are required by your ISP?

Is it not possible to state the additional settings in the advanced options?

blista99

@viragomann Yeah. The DHCP Option 60 needs to be sent to the ISP to NOT get blocked of accessing.
Because they "allow" third-party routers connected directly to their network (without the official ISP-router in between) but do not like it very much.
But no, I cannot state additional, advanced settings in DHCP when the configuration override is active. I'd have to add something to the string in the .conf file I link to in the settings.
Maybe I'll open a separate topic for this.

Anyway thank you @viragomann for your help!

stephenw10

Yeah, it looks like however you have created that custom dhclient is causing a problem. There is no gateway IP shown. It's like it doesn't realise it has a connection.

You should be able to enter that custom dhcp option 60 setting via the GUI. Just check the advanced options box and enter it in the send options field.

Steve

blista99

@stephenw10 Alright. Thanks!
I'll try that, when I'm less dependent on a stable connection.
My way was posted in my ISP's forum a couple of years ago. I think back then this "send option" was not implemented into pfSense.

blista99

For everyone having the same problem:
DO NOT add something custom to the DHCP configuration of WAN via "Custom Override" before connecting once on WAN. It will fuck up your automatic rule generation in NAT and resolve in not getting any ipv4 connection on anything but WAN.
If this rule generation has happend...then it is ok to add whatever you want.

For my specific situation I only had to add the string of my conf-file into the "Send" options of the advanced DHCP settings (as @stephenw10 mentioned) and it works better than it has ever had!

Thank you netgate community!