Netgate SG1100 Setup Assistance

merrilr

Hi All,

I am trying to setup Netgate SG-1100

Do I have to connect the SG-1100 directly to my fiber port from the ISP or can I connect it to a port on the the router provided from my ISP?

I do not have a static IP provided by my ISP

If I connect the sg-1100 to my router and setup the wan as DHCP. Why can I not access the internet. I can ping the google DNS 8.8.8.8 but have not access to the internet to open a web site?

Does the isp router and the SG-1100 have to be on the same IP range?

Thanks in advance

Gertjan

@merrilr said in Netgate SG1100 Setup Assistance:

Do I have to connect the SG-1100 directly to my fiber port from the ISP or can I connect it to a port on the the router provided from my ISP?

The question is also the answer.

Your device :

The fibre plug : look for yours.

The first is an old fashioned "copper surfaces so electricity can flow through" type.
The second passes 'light".

If needed : these two can't be compatible.

So, yes, you need an 'fibre wire' to 'network plug supported by the SG1100' device.
Its the router provided by the ISP.

Put aside the SG1100.
Get the image of a 4100 :

There are two slots for SFP modules.

If you manage to pick the right one,
If you know how your ISP handles the fibre connection logically,
If you know that your ISP supports other devices (the SFP module) as their own router,
And whatever else I forgot,
Then you've just found a method to eliminate your ISP router.

Just, right know : don't even think about it

@merrilr said in Netgate SG1100 Setup Assistance:

I do not have a static IP provided by my ISP

That's rare anyway. And if it exists, you have to pay extra for that.

@merrilr said in Netgate SG1100 Setup Assistance:

If I connect the sg-1100 to my router and setup the wan as DHCP. Why can I not access the internet.

No one can tell, you didn't tell us.
But this is probably something that points in the right direction :

@merrilr said in Netgate SG1100 Setup Assistance:

Does the isp router and the SG-1100 have to be on the same IP range?

It's the other way around.
If the ISP router uses 192.168.1.1/24 on it's LAN (probably the switched 4 ports on the back), then your pfSense can not use 192.168.1.1/24 on the pfSense LAN (or, it is 192.168.1.1/24 by default).

See it like this :
If you want to route between two roads, these two roads have to have different umbers (or names).
If they haven't, no need to route ^^ (put a switch in place and done)
pfSense is a router.

Solution : assign pfSense LAN to 192.168.2.1/24 - see here for details
Or : also good : assign the ISP router LAN to 192.168.2.1/24

merrilr

@Gertjan

The isp router is on 172.16.0.1 ip and the lan port is 172.16.10.1.

I can ping google DNS 8.8.8.8 but I can open any website.

Gertjan

@merrilr

What is the WAN IP of pfSense ?
See Status > Interfaces

On the same page : LAN details ?

On your PC : IP details ?
If it's a Windows PC : go to 'cmd' and execute

ipconfig /all

Did it get an IP from pfSense ( see also Status > DHCP Leases )
The gateway is the LAN IP of pfSEnse ?
Same for DNS ?

Did you add or change any DNS settings (normally, you shouldn't ) ?

merrilr

@Gertjan

The wan ip is the dhcp address given by the ISP router,.

Yes the PC is a windows PC and the IP address it got was one from the DHCP setup for the LAN port/

I have change and DNS settings. Only added the google DNS servers during the setup wizard,

Gertjan

@merrilr

Your LAN settings page should be :

( for now, set IPv6 configuration to "none" :

)

System > Routing > Gateways

where my gateway shows "192.168.10.1", your should be "172.16.0.1".
The Monitoring IP should be a known upstream IP that you trust - or just blank or 'automatic'.

@merrilr said in Netgate SG1100 Setup Assistance:

Only added the google DNS servers during the setup wizard,

Not really important now, but Netgate didn't ask you to add 8.8.8.8 - or any other IP for that matter. If that was needed, it would be there in the first place.
pfSense uses a resolver. It doesn't need any 8.8.8.8 or 1.1.1.1 or the ISP dns : it works all about of the box, nothing needed.
For some very special Internet connection, you need to enter DNS server IP. But again : not needed for the main 99,999 % of all cases.

Go to : Diagnostics > DNS Lookup
and look up, for example, netflix.com

Did you get an answer ?

If ok, do the same thing on your PC :
'cmd'
and then

nslookup netflix.com

The answer looks fine ?

Go here : Firewall > Rules > LAN

You have the perfect firewall rule :

stephenw10

I note you have a real IPv6 address and pfSense will try to use that by default if it can. If you don't actually have IPv6 connectivity that can cause problems.

Steve

merrilr

@Gertjan

When I change IPv6 to none. I get the following error:

During the setup wizard it prompted for DNS IPs. Should I have left them blank.

Is it correct that my monitor ip is the same as the Gateway?
How do I delete the DGCP6 as I do not use it

Gertjan

@merrilr

To put things easy : the DHCP6 (for IPv6) was handing out 'public' IPv6 on your LAN network.
For this to work, you have to have also a working IPv6 'uplink', on the pfSense WAN side.

So, disable DHCP6 : un check :

and save,

then : go to Router advertisement, select disabled

and save.

Now you can disable IPv6 on the LAN interface - and the WAN interface.
Save.
Apply.
Reboot for good matters.

stephenw10

First go to Services > DHCPv6 Server and RA and disable the DHCPv6 server on LAN.

merrilr

@Gertjan I removed all the DHCPv6 entries and set the setting none where applicable.

I also removed the google DNS from the setup screen:

All is working now and I can browse the net.

Thank you so much for all the help and patience you had with me.

Gertjan

@merrilr said in Netgate SG1100 Setup Assistance:

I also removed the google DNS from the setup screen:

Ok.

But then :

this will put in place the (ISP) DNS severs you received when establishment the WAN connection.
This option exists also for historical reasons.
By default, this option is not checked neither - you (pfSense) doesn't need it.
Btw : I'm not saying it's 'wrong'.

merrilr

@Gertjan

I do have that ticked.

I have connected my switch the firewall. And when assigned all to the port I can access the net, however when I assign one of the VLANS i do not have access to the net. I only have one firewall rule to allow all traffic. Is there something I could have done wrong when creating the VLANS or is the problem in the switch setup?