No Connectivity from LAN; Connectivity from GUI.
-
Hello everyone,
I've been stuggling to get my first ever pfsense build working for the past 7-8 hours. Everything in the Troubleshooting Network Connectivity page works, except all "Client Tests" bullets so not sure where I am going wrong. I've tried as many solutions as possible in this forum as well as from Reddit before having to turn to asking here.
I have Proxmox on an Optiplex and added Pfsense as a VM. I also disabled Hardware Checksums as per Netgears documentation.
My current setup is: Modem -> Pfsense box (vm on Proxmox) -> Switch -> Laptop (client).
Modem is mine not ISPs (Spectrum), HUMAX. I think its already bridged (I see their IP), very basic one.On wan I have my ISP's IP.
Lan is: 192.168.75.0/24
Pfsense is: 192.168.75.5
Laptop is: 192.168.75.8. I've tried removing the DNS but still nothing (had 9.9.9.9 earlier).
I've tried pinging from my Proxmox box (192.168.75.12) too, but nothing from there either.
All the 3 devices on 192.168.75.0/24 can ping each other.I am able to ping websites from Pfsense interface, Diag->Ping (this includes LAN, WAN and Default as Source).
Am able to do DNS lookups, trace routes etc from Pfsense gui but nothing to outside internet is pingable from my laptop.
Under Gateways I have WAN_DHCP online, with my ISPs gateway. I had LANGW here but I deleted that (not sure how it was generated as I don't remember giving a gateway on LAN).
Under Routing, its just WAN_DHCP. Default gateway is also Wan_DHCP (it was automatic earlier).
Under interfaces LAN, there is no gateway and both the blocks at the bottom are unchecked.
Under system log I have plenty of these, and I think this is normal
Under Nat rules I had everything under default but I added the two, just to test but still nothing, with or without my rules.
Under Firewall rules I added another any any rule in WAN to test.. still not working.
DNS Resolver is enabled and interfaces is all (tried after it was disabled too).
I might do baremetal if nothing works but since the Optiplex is above an beyond the requirements, wanted to make some use of it along with some other VMs.
Any help is appreciated (I am not a network person, a video editor, so apologies if I said something silly).
Thank you!
Sabsan -
@sabsan said in No Connectivity from LAN; Connectivity from GUI.:
and I think this is normal
Those blocks to 67 UDP (dhcp) would be normal if your not running dhcp on pfsense. That is a broadcast address 255.255.255.255 and would not be "part" of lan net address space.
If if your running dhcp serve ron pfsense for your lan, it would create hidden rules to allow for dhcp and you shouldn't be seeing those blocks.
-
@sabsan said in No Connectivity from LAN; Connectivity from GUI.:
Hello everyone,
I've been stuggling to get my first ever pfsense build working for the past 7-8 hours. Everything in the Troubleshooting Network Connectivity page works, except all "Client Tests" bullets so not sure where I am going wrong. I've tried as many solutions as possible in this forum as well as from Reddit before having to turn to asking here.
I have Proxmox on an Optiplex and added Pfsense as a VM. I also disabled Hardware Checksums as per Netgears documentation.
My current setup is: Modem -> Pfsense box (vm on Proxmox) -> Switch -> Laptop (client).
Modem is mine not ISPs (Spectrum), HUMAX. I think its already bridged (I see their IP), very basic one.On wan I have my ISP's IP.
Lan is: 192.168.75.0/24
Pfsense is: 192.168.75.5
Laptop is: 192.168.75.8. I've tried removing the DNS but still nothing (had 9.9.9.9 earlier).
I've tried pinging from my Proxmox box (192.168.75.12) too, but nothing from there either.
All the 3 devices on 192.168.75.0/24 can ping each other.I am able to ping websites from Pfsense interface, Diag->Ping (this includes LAN, WAN and Default as Source).
Am able to do DNS lookups, trace routes etc from Pfsense gui but nothing to outside internet is pingable from my laptop.
Under Gateways I have WAN_DHCP online, with my ISPs gateway. I had LANGW here but I deleted that (not sure how it was generated as I don't remember giving a gateway on LAN).
Under Routing, its just WAN_DHCP. Default gateway is also Wan_DHCP (it was automatic earlier).
Under interfaces LAN, there is no gateway and both the blocks at the bottom are unchecked.
Under system log I have plenty of these, and I think this is normal
Under Nat rules I had everything under default but I added the two, just to test but still nothing, with or without my rules.
Under Firewall rules I added another any any rule in WAN to test.. still not working.
DNS Resolver is enabled and interfaces is all (tried after it was disabled too).
I might do baremetal if nothing works but since the Optiplex is above an beyond the requirements, wanted to make some use of it along with some other VMs.
Any help is appreciated (I am not a network person, a video editor, so apologies if I said something silly).
Thank you!
SabsanYour gateway IP address appears to be wrong. You show it set to 192.168.75.1 in the screenshot from your laptop, yet in the text up above that screenshot you say "Pfsense is: 192.168.75.5". pfSense is your default gateway for your LAN clients, so the gateway should be 192.168.75.5. But I would consider changing the pfSense LAN interface IP to be ".1" as that is more standard. Using ".5" works, but is just a bit weird for a default gateway.
And those logged "deny" entries from the Default Deny Rule are from a 192.168.0.1 IP address. What interface is that IP range defined on? Something there is asking for a DHCP address.
-
@bmeeks said in No Connectivity from LAN; Connectivity from GUI.:
are from a 192.168.0.1 IP address
Good catch, I hadn't looked that close..
But if he was running dhcp server on lan
# allow access to DHCP server on LAN pass in quick on $LAN proto udp from any port = 68 to 255.255.255.255 port = 67 ridentifier 1000002641 label "allow access to DHCP server"That traffic should be allowed, and the dhcp server would say sorry buddy you can not get IP in that range.. And then the client should send a discover from 0.0.0.0
The only reason I would think those are normal to be seen is if not running dhcp server on pfsense. Since in that case such traffic wouldn't be allowed.
As to what pfsense IP address should be, sure .1 or .254 are common for sure. I run on .253 just because when using default ranges of say 192.168.0 or 192.168.1 many devices can default to those IPs and if you plug them in they could step on pfsense IP. But if your not using a standard default range like the 192.168.0 or 1 far less likely to plug something in to your network and have it step on pfsense IP.
I am not longer using your typical default IP range, but still use .253 just out of habit from when using the default ranges.
-
@johnpoz said in No Connectivity from LAN; Connectivity from GUI.:
As to what pfsense IP address should be, sure .1 or .254 are common for sure. I run on .253 just because when using default ranges of say 192.168.0 or 192.168.1 many devices can default to those IPs and if you plug them in they could step on pfsense IP. But if your not using a standard default range like the 192.168.0 or 1 far less likely to plug something in to your network and have it step on pfsense IP.
I just got into the habit of expecting/using .1 as the default gateway for networks because that's the way my old employer did things. Not really "right" nor "wrong", but one of those "just the way we've always done things around here" things
. You can certainly choose any IP in the range, though. Our local subnets for employee workstations were almost always a /24. -
@bmeeks said in No Connectivity from LAN; Connectivity from GUI.:
just the way we've always done things around here
yup for sure..
-
Thank you!! Yep that gateway was the issue, between all the installation/troubleshooting readings, I think I might skipped over that part!
As regards to the blocks, my current setup is wired, from modem -> pfsense. So not sure what other device with that range could be trying to get an IP.
Now after modifying the gateway, I don't see any blocks for 192.168.0.1 but for my laptops wifi 192.168.1.103 (not sure if this would be something to be concerned with?)
Also, if I could ask here, what are your views on hosting pfsense on a Proxmox and having virtual bridges assigned? Would this be a cause for concern if something/someone manages to get inside the network from WAN? (I have passedthrough the physical NICs to proxmox, but facing some issues, but thats a proxmox issue.)
And I will move the LAN IP to .1
Thank you again!
-
@sabsan said in No Connectivity from LAN; Connectivity from GUI.:
Thank you!! Yep that gateway was the issue, between all the installation/troubleshooting readings, I think I might skipped over that part!
As regards to the blocks, my current setup is wired, from modem -> pfsense. So not sure what other device with that range could be trying to get an IP.
Now after modifying the gateway, I don't see any blocks for 192.168.0.1 but for my laptops wifi 192.168.1.103 (not sure if this would be something to be concerned with?)
Also, if I could ask here, what are your views on hosting pfsense on a Proxmox and having virtual bridges assigned? Would this be a cause for concern if something/someone manages to get inside the network from WAN? (I have passedthrough the physical NICs to proxmox, but facing some issues, but thats a proxmox issue.)
And I will move the LAN IP to .1
Thank you again!
That UDP traffic to port 1900 is multicast. The 239.255.255.250 IP is the UPnP/SSDP address. Here is some documentation: https://extremeportal.force.com/ExtrArticleDetail?an=000091058.
Never used Proxmox, so not an expert there, but if using true passthrough then not sure "bridged" is what you want on your networks. But as I said, I'm not a Proxmox user. My virtualization has always been done with VMware products.
-
@sabsan that is SSDP normally - yeah your going to see in logs.. But as that looks spammy as get out.. (looks like only 2 seconds).. I would look to that device to turn that spammy noise off. But if not setup a rule to not log that..
