has access to internet, but clients do not
-
@davidstoll You can ping the WAN IP from the inside?
If so then do you have outbound NAT rules?
What is the traceroute for the clients going to an internet address like 1.1.1.1 -
@michmoor using the built-in command prompt in the netgate appliance, it is 6 hops and about 6ms.
-
@davidstoll I asked if you can ping the WAN IP from the inside not from the firewall.
From a laptop or desktop can you ping your WAN IP? What does a traceroute show? Do yo have outbound NAT rules? -
Yup, check Diag > Routes and make sure there is a valid default route set.
If you set the WAN as source specifically traffic is forced via the WAN gateway which can then produce misleading results.
-
@stephenw10 yes, there are routes. But nothing there was altered.
-
@michmoor I cannot ping the wan. I misspoke before. It looks like I am not getting an IP from the router. DHCP or otherwise. I must have had my cellular on.
In any case wifi cannot connect at all and Ethernet connection have the placeholder IP like 169....IP.
-
So LAN side clients are not getting a DHCP lease from pfSense?
How are you connecting to the webgui?
-
@stephenw10 remotely
-
Like from the WAN side?
In that case does the dhcpd service show as running?
Does the LAN NIC show as linked?
-
@stephenw10 yes, yes and yes
I just uploaded my last known good config backup and that did not work either.
Maybe I should try to factory reset it?
-
@davidstoll topologically…how is the pfsense connected to the LAN.
Is there a switch between your clients and your firewall?
Perhaps the switch lost its configuration during your outage if there is a switch.
Please explain your setup a bit more. -
Yes, I'd try a client connected directly to the LAN NIC if you can.
-
@stephenw10 it's completely non responsive now. I cannot get to the gui. I tried direct to the lan port with static and DHCP. Also now I can't get to the gui remotely like before.
I tried the reset method doing the short press of the reset to initiate the factory reset process, but the lights never go red.
-
Connect to the serial console and see what's happening.
https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4100/connect-to-console.htmlIf it's fully booting see if it can ping out to WAN or LAN side clients.
You can default the config from the console menu there if it's a problem or roll back to and older config.
Steve
-
@stephenw10 I can no longer get to the GUI,bsini can't ping in or out. Also, now I can't get to the GUI from the wan side either.
The serial method is also not working, but it's been a while since I tried this, but I'll keep trying. Not sure if it doesn't work or if I'm doing something wrong, but the com port is not showing up on my windows machine like I think it did before.
The manual factory reset also doesn't seem to be working either: https://docs.netgate.com/pfsense/en/latest/solutions/netgate-4100/factory-reset.html
Step 5 never happens.
-
Step 5 will only happen if it's able to boot that far. It may not be. The only way to know is to connect to the console and see.
If you have an external adapter you can try the RJ-45 com port instead.
-
@stephenw10 ok, I finally got into the serial console and got to the "ok" prompt. So, I put in a TAC ticket to get a firmware, wrote it to a thumb drive and re-flashed.
Open Tac ticket -> "Firmware Access" for the General Problem. They got back to me with the file in like 5 minutes. :)
The only thing that was weird in the boot/flash process (I used defaults for virtually everything) was it said "pfsense" was already "in the pool" and to choose another name or overwrite. I probably should have chosen "overwrite", but I put a 2 at the end of the text string "pfsense"..."pfsense2" and hit enter.
I guess I'm not sure what that was or what problems it might cause. I know this essentially factory reset it, but maybe I should now do a "factory reset" from the serial console or gui?
-
A fresh install is always at the factory defaults anyway (unless you did a config recover during install?) so it would make no difference.
Go ahead and restore your config and you should be good.
The
OK>prompt implies it wasn't able to get past the bootloader. And that is most commonly caused by something nuking the entire partition. Without more logs though it's hard to say what that might have been.Steve
