PfSense is unreachable after install

mathomas3

anyone have a clue here? I think that I have tried everything on my end to resolve user error/hardware errors

is there someone more technical that can provide assistance?

could the builtin firewall be blocking traffic? How would one determine this?

johnpoz

@mathomas3 said in PfSense is unreachable after install:

could the builtin firewall be blocking traffic? How would one determine this?

Firewalls don't block ARP that I have ever seen..

If pfsense can not arp for 192.168.1.1, then it would never be able to ping it. Look in your pfsense arp table..

Do a packet capture on pfsense, do you see it send arp - do you not get an answer?

This old router at 192.168.1.1 - how exactly is it connected? Could you put up a drawing of how pfsense and this old router are connected.. Is pfsense lan interface directly connected to a lan port of this old router? Is there some other switch between them?

When you ping from this 1.232 IP with mint, is that actually running on the same hardware your installing pfsense too? Is that some other box?

That mint box is showing en01, while pfsense is showing em1 - en01 is normally a embedded nic, that is like on the soc, while em01 would be a actual card in the device and not the soc interface.

stephenw10

Make sure the em0 MAC address shown in pfSense matches that shown in Mint.

Seems very unlikely it wouldn't though since we could see it correctly showing the link change in pfSense when you physically disconnected it.

Try running ifconfig -vvvm em0. Make sure you don't have some obscure hardware offloading value enabled.
I've never seen that on an em NIC but...

Steve

mathomas3

@stephenw10 @johnpoz I hope this finds you well... Sorry for the long delay... I was a bit frustrated with the thing so I decided to take a little time off... I have read all of your comments and I hope that I answered them all well... Things have not changed at all... So to try and bring everything up to speed...
I have two pfsenses on my network both connected via ethernet cables that run through a switch(that's how they should be able to communicate with each other and any computer be able to ping either device) and both using a usb hotspot as the WAN

I cant speak as to why mint and pfsense show different em1 vs em01... This system is a very small computer that would be used for a register or a very low powered display... clearly not a workstation so everything should be SOC

Problem. the LAN port doesnt work when running pfsense but works running mint

NewBox(things I have tried) 192.168.1.3
reset and ensured IP settings are correct
reinstalled the os and reset IP settings a number of times
I have validated wiring and hardware by booting into Mint and pulling an IP and pinging the OldBox(192.168.1.1)
I have setup an isolated network just for NewBox using separate hardware (newbox, switch, WAN modem, and a PC) NewBox wasnt pinging(even when DHCP was setup on it) nor offered DHCP leases.. manually set the IP on PC and still nothing
Booted NewBox using Mint which pulls an IP from OldBox and is pingable
Validated the MACs match when booted into PfSense or Mint

Fresh Menu Pic

NewBox Ifconfig

Below are the results of ifconfig --vvvm em0

NewBox ifconfig

Ping to both New and Old from a different computer

OldBox showing an ARP only when using Mint on NewBox

build layout with the small scale test that I mentioned with the Old currently serving out DHCP leases

mathomas3

Here is a screen grab from my switch... I cleared stats and let it site for about 30 seconds and this what I got... NewBox is connected to port 3

This was about 3 mins later and after doing a port scan of 192.168.1.3 which yielded zero open ports

stephenw10

So when you're in the 'Test' configuration if you set the PC to DHCP it doesn't pull a IP address?

When if you connect the PC to the New pfSense LAN directly without a switch?

mathomas3

@stephenw10 correct... the PC didnt pull an IP(and yes I would have preferred to use a switch, that shouldnt have mattered in this case)

the second part of your question... I have recently gotten cat5 connectors and I can make a crossover cable... do you think it's worth the time? I would think that the hub test should be valid

johnpoz

@mathomas3 said in PfSense is unreachable after install:

cat5 connectors and I can make a crossover cable

Why would you think you need a crossover? Crossover hasn't been a thing since gig came out 1998 ;)

Part of the 1000Base-T standard is auto-midx, if atleast one of the interfaces is gig, there is no need for a crossover.

If your not getting dhcp there is something wrong with the switch, the cable or the interface(driver for the interface).. When you look on pfsense, or any of the devices connected to the same switch that pfsense is connected to do you see a mac address in the arp table of that device, does pfsense in its arp table see any of the other devices?

Or maybe you have some messed up vlan config on the switch?

mathomas3

@johnpoz ok... I connected the NewBox directly to the OldBox and setup(I hope this port to a complete new IP Scope) 2.1 and 2.3(for the NexBox) and using an existing PC on the network I am able to ping the OldBox at 2.1 while the NewBox at 2.3 isnt reachable...

I also do not have vlans setup on the switch

How would I check for which drivers are being used on the NewBox vs Mint? would it be worth trying a Dev build on this system?

I bought this hardware as a "renewed" system so it's not something I would think exotic nor bleeding edge... something that linux should cover...

mathomas3

I checked what network card that I am using and it's a Intel I217-LM which has been supported by FreeBSD since version 8.4 till version 14(current)

I checked which version of FreeBSD that PfSense I am currently running is 12.(something)... so I should be good there...

Should I open a bug report here? I have confirmed the hardware, the drivers, the kernel, cables, in many different configurations... Im at a loss...

mathomas3

Well I just tried the Dev build while it was directly connected to the OldBox... no go there... in the morning I will try it going through the switch... Im losing hope...

johnpoz

@mathomas3 said in PfSense is unreachable after install:

I am able to ping the OldBox at 2.1 while the NewBox at 2.3 isnt reachable...

And did you look to see if you see an mac addresses?

@mathomas3 said in PfSense is unreachable after install:

I connected the NewBox directly to the OldBox and setup

What does that even mean?

mathomas3

@johnpoz I have looked at the ARP table and nothing matches from what I have seen...

Also... the after suggestion of others, I have physically connected the two boxes together and given them their own subnet... a 192.168.2.0/24 vs my normal network being 192.168.1.0/24

mathomas3

This post is deleted!

johnpoz

@mathomas3 said in PfSense is unreachable after install:

ARP table and nothing matches from what I have seen...

Well if you ping the IP and you get no mac, then no your never going to talk to it.. Its that simple.. Doesn't matter what IPs you put on the devices... If your not seeing a mac for the IP, you are not going to talk to it..

stephenw10

Mmm, this has to be something very basic.

When you tested it with Mint on the same hardware and were able to ping were you using the same switch port?

What happens if you disconnect the USB modem and re-assign the WAN as em0? Does it pull a DHCP from the Old pfSense?

mathomas3

@stephenw10 said in PfSense is unreachable after install:

Mmm, this has to be something very basic.

When you tested it with Mint on the same hardware and were able to ping were you using the same switch port? Yes

What happens if you disconnect the USB modem and re-assign the WAN as em0? Does it pull a DHCP from the Old pfSense? Early on I did try this and the NewBox never received an IP...

mathomas3

@stephenw10 said in PfSense is unreachable after install:

Mmm, this has to be something very basic.
I would like it to be. I have been in IT for 30 years now and would like to think that I know a thing or two... I dont seek help from the forums easily... at the start of all this we confirmed setting and have redone the settings many times... different OS, cables, settings, even reconfirmed everything with screenshots... Maybe this NewBox would be better suited as a door stop -_-

johnpoz

@mathomas3 ok lets forget this old box new box nonsense. You keep saying IPs then screenshots showing different IPs, etc..

Do this simple test

Your problem china box that you say works on mint..

box -- cable -- pc

When the box runs mint, set its IP to 192.168.1.1/24, your pc set to 192.168.1.2/24

Your saying this works both boxes can see each other... What is the mac address of the box interface?

now same setup, not changing any cables, not even changing the IPs on the pc setup pfsense, its IP will be 192.168.1.1/24

Your saying now the box can not talk to the pc, does not see its mac in the arp table, and the pc can not talk to the box and does not see its mac in its arp table?

mathomas3

@johnpoz said in PfSense is unreachable after install:

@mathomas3 ok lets forget this old box new box nonsense. You keep saying IPs then screenshots showing different IPs, etc..

Do this simple test

Your problem china box that you say works on mint..

box -- cable -- pc

When the box runs mint, set its IP to 192.168.1.1/24, your pc set to 192.168.1.2/24

Your saying this works both boxes can see each other... What is the mac address of the box interface?

now same setup, not changing any cables, not even changing the IPs on the pc setup pfsense, its IP will be 192.168.1.1/24

Your saying now the box can not talk to the pc, does not see its mac in the arp table, and the pc can not talk to the box and does not see its mac in its arp table?

Feels like we have done this before twice and your thinking this is user error -_- but ok...

I just completed what you instructed and there is no change.
First I setup PC to Mint... I was able to ping from PC to Mint but not the other way around(FW was active)
installed a fresh Stable version of pfsense and set up the WAN interface(ethernet port) with an IP and I was not able to ping either way(after disabling the FW on the PC) then I tried setting up the LAN(using the ethernet port) and the WAN using dhcp + usb hotspot(which got an IP) The LAN was given a static IP and tried pinging both ways and got nothing...

I reran the entire test without the FW enabled... Using Mint I was able to ping and the PC did reflect the ARP record as dynamic... rebooted into PfSense and I was not able to ping either way and the ARP record was no longer listed...