No DNS on console, but DNS forwarder is workig



  • I'm running 1.2.3-Release with 5 NICs.  DHCP and DNS Forwarding are enabled and working fine (except that I had to enter DNS addresses in the DHCP setup before DNS Forwarding worked).

    The problem is that I have no name resolution from the console (e.g. "www.ibm.com" cannot be resolved).  What's more, I cannot ping my default gateway from the console, but I can from ANY other computer on any of the other 4 subnets.

    The WAN subnet is 12.105.215.128/25  - the default gateway (router ip) is 12.105.215.129 and the WAN interface is 12.105.215.130.

    My General Setup DNS entries are 12.127.16.68 and 12.127.17.72.

    Any help would be greatly appreciated!!!!



  • @jsimon1231:

    I cannot ping my default gateway from the console

    ping by name? ping by IP address? What failure explanation is offered.

    At the shell prompt on the pfSense console (or ssh session) please type```

    dig www.ibm.com

    The output will show the name server used in the attempt to resolve www.ibm.com. If its not one of the name servers you configured I suggest you review your configuration looking into how that name server got to be used and if you can't find that name server specified, reboot and try again and report what happens. (Perhaps when you adjusted the name servers the GUI didn't quite do everything to supersede the previously specified servers.)


  • Following is the result from pinging my gateway IP address of 12.105.215.219 from the console or from the GUI WAN interface:
    PING 12.105.215.129 (12.105.215.129) from 12.105.215.130: 56 data bytes

    –- 12.105.215.129 ping statistics ---
    3 packets transmitted, 0 packets received, 100.0% packet loss

    However, I can ping the gateway address successfully from any other computer on any of the 4 internal networks, and from the GUI from any of the other 4 networks, with the following result:
    PING 12.105.215.129 (12.105.215.129) from 192.168.40.1: 56 data bytes
    64 bytes from 12.105.215.129: icmp_seq=0 ttl=255 time=0.947 ms
    64 bytes from 12.105.215.129: icmp_seq=1 ttl=255 time=0.827 ms
    64 bytes from 12.105.215.129: icmp_seq=2 ttl=255 time=0.850 ms

    --- 12.105.215.129 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.827/0.875/0.947/0.052 ms

    Following is the result of "dig www.ibm.com":
    ; <<>> DiG 9.4.3-P2 <<>> www.ibm.com
    ;; global options:  printcmd
    ;; connection timed out; no servers could be reached

    Following are the contents of /etc/resolv.conf:
    domain corp.upmi.org
    nameserver 12.127.16.68
    nameserver 12.127.17.72

    I have CRAWLED through the configuration OVER and OVER.  I've had another very experienced pfSense user review it extensively.  I've rebooted the server, all to no avail.

    Please let me know whatevery info you need...I'll gladly provide it.  It's been two VERY long days...see you tomorrow.

    THANKS!



  • I'd run a packet trace on your WAN interface while you have a ping of the WAN gateway going. The trace should show outgoing frames queued to the driver (but not necessarily transmitted) and incoming frames before firewall rules are applied. If you see incoming ping responses then I would look at firewall log and firewall rules to see if the ping responses are being blocked. If you see no incoming ping responses I'd try to enlist the help of the administrator of the upstream gateway to see if they can provide an explanation for the lack of ping response.

    Does your pfSense box do NAT?

    Is there any possibility of multiple systems with the same IP address on the WAN subnet?



  • YOU DID IT!!!

    I had never configured a NAT rule, so I never checked them.  However, it appears that the firewall had configured a NAT rule for external management.  I deleted that rule, and IT WORKS!!!!

    Thanks for taking the time and expending your neurons to help me.


Log in to reply