Another "OPT1 Problem"

gfvalvo

I decided to try enabling one of the extra (beyond WAN and LAN) physical ports on my pfSense box.

I enabled the interface, named it OPT1, and gave it a static IPv4 address of 192.168.100.1/24.

I enabled DHCP on that interface to assign from the pool: 192.168.100.10 - 192.168.100.250.

The Firewall / NAT / Outbound tab shows that the interface has been added:

I copied the following two rules from the LAN interface and modified them for the OPT1 interface:

The DNS Resolver is enabled and set to “All”.

When I plug a PC into the new port, it gets an IP Address by DHCP – 192.168.100.1.

I can open a browser get to the pfSense configuration web page.

But I can’t get to the internet (google.com, etc). Can’t ping an internet address either.

What did I miss in configuring this interface?

Thanks.

gfvalvo

OK, problem appears resolved. Turns out I could ping a raw IP Address like 142.250.80.110, but not a name like google.com. Suspecting a DNS problem, I went to the DNS Resolver page and (changing nothing) simply clicked on "Save".

That did it. Interface OPT1 is now on the air.

Anyone know if issues can be flagged "Resolved" in this forum? If so, how?

SteveITS

@gfvalvo I think you can edit the title for a certain amount of time.

Probably unbound hadn’t yet restarted to pick up the new IP.

gfvalvo

@SteveITS said in Another "OPT1 Problem":

Probably unbound hadn’t yet restarted to pick up the new IP.

Would you please provide a more thorough explanation of that?

SteveITS

@gfvalvo Unbound is the name of the DNS Resolver service.

Diagnostics/Sockets will show what ports are open for listening, though *:53 should be shown for all IPs:port 53 if Unbound is set to listen on All interfaces.

I'm just speculating that Unbound/DNS Resolver wasn't (yet) listening on the new IP. On the DNS Resolver settings page there is a circle-arrow button at the very top to restart the service, which may have also worked but after saving that page pfSense should have shown an Apply button, did you click Apply? Apply would restart the service as well.

I tried a quick search to see if it's required to restart Unbound after adding an interface but didn't find info on that. I would have guessed it was not required because it would be restarted by pfSense...check the system log at the time and see if Unbound or other services restarted when you created the new interface.

gfvalvo

@SteveITS said in Another "OPT1 Problem":

On the DNS Resolver settings page there is a circle-arrow button at the very top to restart the service, which may have also worked but after saving that page pfSense should have shown an Apply button, did you click Apply?

Yes, I clicked "Apply" right after clicking "Save".
One way or another, it worked out.
Thanks. for the explanation.