Console Locked, No internet access on post restart.
-
All-
I am using Pfsense 2.7.2. When I set "Password protect the console menu" in System advaned, if the Pfsense box has to be restarted there is no internet access until I unlock the console menu from system advanced. Once unlocked I have internet access and can relock the console. How do I correct this codition?
Thanks! -
Hmm, odd.
Does it boot completely?
What does the webgui show?
Anything in the system logs?
Steve
-
Thank you for responding, no when the console is locked it does not completely load all of the normally displayed information showing the interfaces and numbered options. Prior to hard drive replacement with the console locked, interfaces and options were not displayed but it had internet access. When the drive was replaced I loaded CE 2.7.2 and restored the config I has saved before drive replacement.
-
Ok that's expected with a locked console. You should still get access though. What shows as failing at that point in the gui?
The WAN is connected? Unbound running?
How are you testing?
-
@scottjh1 I missed completly answering, the system logs did not show anything unusual. The webgui is complete and functional, with the consol completely showing the interface and numbered option after unlocking the console, then relocking.
-
When it's in the failed state, after rebooting with a locked console, what is actually failing?
-
@scottjh1 Steve, the webgui remains fully functional at all points regardless of the full console menu being displayed or not.
-
Ok but presumably the 'no internet access' implies you can't open an external website from a LAN side device.
Can can you ping 8.8.8.8? Can you ping it from pfSense in Diag > Ping? Can you resolve anything?
-
@stephenw10 Nothing resolves externally, while the all interfaces show as up with IP addresses. The wan will show a Fios 100.14.xx.xx DHCP applied address. Before clearing the lock if I go to the internet with a PC the home page is blank and will time out with the browser stating the page is not accessable. There is no resoltion to any external site. I can open the Pfsense admin page and fully access all of the settings. I have not tested ping/tracert from the firewall but it does not work from the PC going outbound.
-
@scottjh1 said in Console Locked, No internet access on post restart.:
The wan will show a Fios 100.14.xx.xx DHCP applied address.
That's a CGN IP address. Is that what it gets when it's working?
If it has a valid public IP it should route traffic. If it's not then it could be a missing default route. Missing NAT perhaps.
But first test it's not a DNS issue. Hard to see why it would be but it certainly could be.
-
@stephenw10 Yes, that is the IP it gets when working. Fios provises DHCL addresses with a two hour lease. However if the device remains on line it will get the same IP address until is is off line fro a period of time. Later today I will restart and review the firewall log to make sure I did not miss any entries.
-
Ok. Well we need to determine exactly what is failing when it boots with the console locked. It has to be something pretty basic like a missing default route or Unbound not running.
-
-
@scottjh1 I sent a copy of the logs in a previous post. The WAN IP is not included. There is nothing obvious in the logs showing whan is going on. I will likey try a to restore an eariler vesion of the config file (not current) in a effort to define if it is the install or config file.
-
@stephenw10 said in Console Locked, No internet access on post restart.:
That's a CGN IP address
For some clarification, he said 100.14 that is a Verizon business IP.. cgn IP is 100.64-127
-
@johnpoz Yes the IP is 100.14.211.xx, it is carrier grade NAT on FIOS. They changed it a number of years ago. I am located in the northeast near Philly.
-
Ha, well spotted. Failure on my part!
But anyway you need to boot to the failed condition then run tests to see what is actually broken. It's hard to imagine what a locked console would break there.
-
The condition is corrected, turns out several config files were apparently corrupted. Although a couple of rules were not contained in the working config file they are easy to add back. Thank you for your help! Jim
-
Strage thing happened, after all was working the same issue appeared. I again restored the same backup as I did eariler. When the restore started a popup appeared noting it was deleting a pfblocker cron job. Post boot no more issue..... very strange.
-
Here is the general log error: Oct 19 19:42:13 php-fpm 399 /pfblockerng/pfblockerng_update.php: Configuration Change: administrator (Local Database): Removed cron job for pfblockerng.php cron
Currently using pfblocket NG-devel 3.2.0_19. Maybe I should the standard version 3.2.0_8. At least the answer came, not sure of why, maybe the job was corrupt.
