pfSense can ping ISP gateway but not connect to internet
-
@dominikhoffmann: I have a tendency to answer my own questions. This may not quite be the answer, but may lead me there:
Troubleshooting Network Connectivity in the Netgate Docs.
I will report back with what I find, when I am back at my client’s on Monday.
-
If pfSense can ping the gateway but nothing beyond (even by IP) I'd suspect a bad or missing default route. Check Diag > Routes. If there's no default route go to Sys > Routing > Gateways and resave the WAN gateway.
Steve
-
@dominikhoffmann
If the pc can work then the modem has that MAC in is address table.
Plug the router into the modem and power cycle the modem. -
@dominikhoffmann said in pfSense can ping ISP gateway but not connect to internet:
I am using the ISP’s DNS servers:
Just to confirm whether pfSense is configured to use ISP's DNS?
-
@jarhead: I had done that multiple times, every time I tried something different. That was not the issue.
I had realized that changing devices on the LAN side of the modem required a restart of the modem. Why does it have to take that long to re-establish the connection with cable-based service?
-
@nollipfsense: A reverse lookup of 209.18.47.61 results in dns-cac-lb-01.rr.com, and 209.18.47.62 brings up dns-cac-lb-02.rr.com.
-
@dominikhoffmann said in pfSense can ping ISP gateway but not connect to internet:
I had realized that changing devices on the LAN side of the modem required a restart of the modem. Why does it have to take that long to re-establish the connection with cable-based service?
Some tie one MAC address to the account and disallow others. Restarting is generally a fast way to clear it. Alternatively MAC spoofing often works.
I had a situation recently where the data center forgot to allow outbound routing even though they configured inbound. (On a second public subnet). It could ping the gateway but a traceroute out further returned no response from the gateway.
-
@steveits said in pfSense can ping ISP gateway but not connect to internet:
Some tie one MAC address to the account and disallow others. Restarting is generally a fast way to clear it. Alternatively MAC spoofing often works.
I tried that, to no avail.
-
If pfSense can ping it's gateway and that gateway is some upstream public IP then it's nothing to do with the modem or MAC addresses.
If it was a DNS issue then pfSense could still ping, say, 8.8.8.8.Did you check for a correct default route as I suggested?
-
@stephenw10: I can’t physically get to it until tomorrow. I wish, I could check on that remotely, but then I wouldn’t have this problem, because the gateway would already be online.
-
@stephenw10: The gateway configuration was the issue.
In System → Routing → Gateways I had this
When I changed the setting to this
it started working immediately. How could I have been thinking that “Automatic” would automatically select the correct gateway. -
It normally would, it may have lost it for some reason. Did you check Diag > Routes?
Setting anything there re-creates the default route even if you had just resaved that page without making any changes.
Steve
-
@stephenw10: I admit, I didn’t pursue it any further, after setting it explicitly it started working. This is what it shows now:
… and I honestly don’t at all know, what I can diagnose from that information.
-
You can see it has a default route at the top of the table and I would guess that it would would not have shown that before. It might show in logs still but it probably won't tell you anything.
If it happens again check the routing table before making any gateway changes. I doubt it will though.Steve
-
@DominikHoffmann Thank you!
