No WAN connectivity (Static IP)
-
Hi everyone, hoping you can help after hours of failed attempts to get a brand new Netgate 2100 pfSense connected.
I have searched through all the other posts but can't find anything that matches my situation.
I have a static IP for my WAN connection . I have added the IP, correct subnet mask, and gateway. I know these all work because if I swap the cables from the pfSense box to an old consumer D-link the connection is fine.
I have confirmed that there is only one Gateway listed in Status->Gateways. The routing and arp tables show what I would expect to see. I have not added any firewall rules yet. There is a DNS server configured in System -> General (same one that is configured in the working old D-Link.I've confirmed everything I can think of both from the WebGUI as well as from the shell via console.
At this point I'm not even trying to get anything on the LAN side, just testing from the pfSense itself. I can't ping anything including the gateway.
The pile of hair torn out on the floor is growing. Can anyone offer any ideas?
-
@pawprint said in No WAN connectivity (Static IP):
I have added the IP, correct subnet mask, and gateway. I know these all work because if I swap the cables from the pfSense box to an old consumer D-link the connection is fine.
And all values, IP, mask and gateway are the same as on the other device?
Check Status > Gateways. Your gateway is probably shown as offline.
If so go to System > Routing > Gateways and edit the gateway settings. Disable the monitoring.
Then try to ping 8.8.8.8. -
Yes all the same - with the exception that the old d-link lists the subnetmask in 255.255.255.252 notation and the pfSense states it as /30
Yes the Gateway is shown as offline. I have tried various combinations of monitoring on/off attempts to ping 8.8.8.8 or even my 2nd static IP that is running out of the same network closet through a different gateway (same ISP) from the WebGUI or the shell both result in 100% packet loss.
-
@pawprint said in No WAN connectivity (Static IP):
I have tried various combinations of monitoring on/off attempts to ping 8.8.8.8 or even my 2nd static IP that is running out of the same network closet through a different gateway (same ISP)
I'd expected that you have all IPs and gateways configured equal to the other router.
Lies the gateway even within the /30 WAN subnet? -
First, thanks for trying to help - appreciate it, even if just for sanity checks!
Yes everything is the same and yes the gateway is in the same subnet. I'm attaching redacted screenshots of both configs:
Working D-Link config
PfSense config
-
The gateway appears in the pfSense ARP table correctly? Can you ping that?
-
@pawprint
Well. And even with gateway monitoring disabled, you cannot ping 8.8.8.8 from pfSense itself?And yes, @stephenw10 was faster. The ARP entry would be the next question.
-
I'm hampered a bit by the fact I need to work today and swapping off the D-Link drops my net. I'm pretty sure the gw appeared correctly in the arp table but I'll try again when I can go offline to confirm it. I've not been able to ping the gateway form the pfSense (I confirmed it DOES respond to ping from the d-Link)
To remove another variable I'm going to re-configure the pfSense to use DHCP and connect it THROUGH the d-link, just to see if I can get it online that way. My Cable modem won't provide a DHCP address since it's in bridge mode and locked to the static. If that works then at least it narrows down the problem to the static IP config on the pfSense.
I'll re-check the arp and ping when I can afford downtime again.
To @viragomann 's question correct even with monitoring disabled I can't ping anything - even the gateway from the WebGUI or from the shell - but I'll try this again too so I can include screenshots.
This all feels like my usual rule of troubleshooting that if it takes longer then 5 mins to solve, it's going to be something stupid - so I really appreciate the 2nd sets of eyes on this. I probably have some silly config somewhere.
-
@pawprint said in No WAN connectivity (Static IP):
My Cable modem won't provide a DHCP address since it's in bridge mode and locked to the static.
Did you get the D-Link from your provider?
If so maybe he has locked the connection to its MAC. If this is the case you can spoof the MAC in the WAN settings. -
@viragomann no - it's just an old one I got myself. The ISP connection was previously running on a home-built linux firewall with a different MAC. The d-link is just my stop-gap since the old Linux box died.
-
I would still at least be sure to power cycle the modem.
-
@stephenw10 Done that several times over the course of my attempts (both with and without the WAN cable connected) but I'll do that again as well.
-
Are you running 2.7?
I would run a pcap on WAN and see what's coming in, if anything, and if it's tagged at all.
-
@stephenw10 I'm running Netgate pfSense Plus 23.05.1 (I believe this is the latest release?)
More background:
I purchased the Netgate 2100 yesterday along with a SSD (128Gb) separately (This was significantly less expensive then buying the version with the 32Gb pre-installed.)
Got the firmware image from Netgate (with fairly awesome support timeline I have to say), installed the SSD and installed the firmware on the SSD (incidentally the web-instructions for this are quite out of date)
Then I started my saga to get it connected to the net.So I'm coming at this with a factory reset blank slate.
-
Update:
Since I could attempt this without loosing my net. I re-configured the pfSense to connect THROUGH the d-link. Allowing the d-link to provide a DHCP address to the pfSense. When I do that I can connect to the net and ping 8.8.8.8
This isn't a functioning configuration but it does eliminate several variables:
The pfSense wan port is actually working
The firewall isn't getting in the way
Outbound connections actually work
Cables work
the OS is workingI can conclude the issue is entirely with the configuration of the Static IP and it's associated routing.
-
Ok that's good. Try setting pfSense to have a static IP in the DLink LAN subnet and that works the same. I'd be very surprised if it doesn't but if that failed it might indicate a general config problem.
-
I image you have but I don't actually see you have confirmed that the 2100 WAN is linking to the cable modem correctly?
If the modem is set to 100M fixed speed for example the 2100 WAN would need to match that. The DLink may well be using a switch port for it's WAN which allows it.
Steve
-
@stephenw10 Good test. Yes static through the D-Link works as well.
Re your other question. Actually beyond a link-light and seeing traffic indicator blinking, I didn't formally confirm the media layer (ifconfig did show an active link). I had the port set to auto-negotiate (I'm pretty sure the modem is happy with 1000baseT Full Duplex which is what the auto gave me (and how the pfSense is connecting to the d-link) but I can't confirm from the D-link how it's connecting to the modem - D-link doesn't show it anywhere. (my service is a 1G down so it won't be in the 100 ranges anyway)
I'll confirm how the other gateway is connected for my other static it will be the same (same type of modem) - I'm 90% sure it;s 1000bT Full but I'll confirm that.
-
If you saw link LEDs and the interface status showed link it's almost certainly OK.
Another test you might try is just to use the IP directly on a laptop or similar. That would confirm that any MAC will work and you could see the link type.
-
@stephenw10 I thought the same about the LED indications.
Sadly the only laptop I have access to is one of the silly new ones with no physical ethernet port :(
That said - the modem was previously connected to my old Gateway box (MAC 1) and then the D-Link (MAC 2) and both worked (within the last 48 hours) - years ago it had a different one from that. I'm confident there is no MAC restriction thwarting me. That said, I have several other old consumer routers and could swap out the D-link to put even more MACs to the test but I feel this is a bit of red herring.
