Traceroute public Google DNS possible, but not more

szop

Hello everybody,

I'm facing a strange problem since 1 week. I have a WAN connection from Hansenet - Germany which is an SDSL connection. We need a static IP 10.x.x.x, and our Gateway is 10.x.x.x. I've already unchecked the "Bogon networks" and "Private network" boxes on the WAN interface because of the 10.x.x.x IP's. I've set up the gateway as described and the interface is up. It drives me nuts because I can't solve this issue. Strange thing is, I can traceroute to Google's public DNS 8.8.8.8 but I can't go via Webbrowser to any site like www.google.de. I'll post some screens. BTW: The strange thing is, it seem's like there is something blocking the major part of the traffic, but see yourself. Please help me out with this :(

Cheers

Running: pfSense-2.0-RC1-i386-20110226-1530

Router: ONE ACCESS One 80
Link: http://www.oneaccess-net.com/onesite/index.php?option=com_content&view=article&id=77&Itemid=117

wallabybob

The screen shots suggest you don't have any name servers configured (which is ok), you have configured "Allow DNS server to be overridden by DHCP/PPP" (which is OK) but your WAN interface has a static IP it doesn't use either DHCP or PPP). Hence your pfSense box has no idea what to use for a name server (which is ok if you really want that but I suspect that would be somewhat unusual). Any systems on the LAN side of your box will need to have a name server configured in them.

If you have enabled the pfSense DNS forwarder and systems connected to your LAN interface use DHCP for configuration pfSense needs to have a name server for the DHCP LAN systems to get a name server.

There are many problems that could be described as I can't go via Webbrowser to any site like www.google.de It might be a name server problem, it might not. On the system you attempted the web access, what response do you get when you give the shell command ping www.google.de? Please post the command and response with an English translation if the response is not in English.

szop

First, thanks for the fast response! I've did what you said and tried to ping www.google.de via shell. I get an "ping: cannot resolve www.google.de: Unknown host". Then I've disabled the "Allow DNS server to be overridden by DHCP/PPP" option and entered manually a DNS server for the WAN interface. Tried it again, same results. Can I help you, help me, with some logs etc.? The last picture shows the ping to www.google.de and a traceroute to 8.8.8.8.


szop

Guess I can narrow down my problem. It seem's to be a DNS problem and I'm able to browse site's like: www.google.de, www.youtube.de etc. Since my SDSL need's a static IP and I'm not receiving any DNS IP from my provider:

1. I've set up manually two DNS IP addresses - 8.8.8.8 and 217.237.151.115 in the "General setup" and assigned them to the WAN interface
2. Unchecked the option "Allow DNS server to be overridden by DHCP/PPP"
3. Enabled the DNS forwarder because of the note: "The DNS forwarder will use the DNS servers entered in System: General setup or those obtained via DHCP and …"

I was able to use my MacBook for pinging my WAN interface, my WAN gateway and 8.8.8.8. But it was not possible to browse like www.google.de.

1. Then i added the DNS IP to the Service: DHCP server under DNS servers: 8.8.8.8 and tried again. It worked...
2. I've deleted the assigned DNS IP's on the "General setup" and it worked either

Now the question: Did and do I understand the option of the "General setup" with the entering of the DNS IP's and assigning them to the WAN interface in a wrong way? I have a second WAN connection from T-Online and want to use it with the LoadBalance but with the DNS IP's given by this provider and not by the Google DNS IP's. Using the option of entering a static DNS IP would mean, my DHCP will push allways the DNS 8.8.8.8, wouldn't it?

Cheers