Pfsense has connection, connected machines don't
-
When it gets the lease I assume the default gateway is the LAN IP of the pfSense host? What are your LAN interface rules (screenshot please)?
-
@Cry:
When it gets the lease I assume the default gateway is the LAN IP of the pfSense host? What are your LAN interface rules (screenshot please)?
Correct.
Here are the rules(just what comes default with pfSense)
-
Can you provide the output of the following commands, run on a client, please:
netstat -nr
ipconfig/all (Windows)
ifconfig (Linux) -
Linux machine is my roommates(he's asleep) so here are the other two for now:
Of course, pfsense now seems to be failing at having an internet connection(can't fetch packages anymore) so I'm really not sure what to do with that…I'm really on the verge of just entirely giving up on this, it seems like pfsense is just way too fraught with difficulties to be a reliable and workable solution.
Windows IP Configuration
Host Name . . . . . . . . . . . . : Haven
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : localdomainEthernet adapter Hamachi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-AD-26-C8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::5ad:26c8(Preferred)
Link-local IPv6 Address . . . . . : fe80::dc58:7679:2740:c607%17(Preferred)
IPv4 Address. . . . . . . . . . . : 5.173.38.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Sunday, August 21, 2011 11:05:28 PM
Lease Expires . . . . . . . . . . : Tuesday, August 28, 2012 12:00:37 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 461011280
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1E-AA-09-00-E0-4D-30-6E-C5
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) #2
Physical Address. . . . . . . . . : 00-22-68-52-60-30
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8d5b:aa78:b99b:a5d8%14(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.165.216(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 369107560
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1E-AA-09-00-E0-4D-30-6E-C5
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter Main LAN:
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-22-68-52-60-31
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::49b5:87db:9135:c98c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 11, 2011 5:03:02 PM
Lease Expires . . . . . . . . . . : Sunday, September 11, 2011 7:03:02 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 301998696
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1E-AA-09-00-E0-4D-30-6E-C5
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : EnabledTunnel adapter isatap.{081DC9D6-E9E6-4B17-9CF9-B34A2A44C4E1}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.{8B40E108-B359-4CA9-8759-DC29D76BD9BE}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.localdomain:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1054:3e6c:3f57:fff3(Preferred)
Link-local IPv6 Address . . . . . : fe80::1054:3e6c:3f57:fff3%16(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : DisabledAnd netstat:
===========================================================================
Interface List
17…7a 79 05 ad 26 c8 ......Hamachi Network Interface
12...00 22 68 52 60 31 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-InterfaceIPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.173.38.200 9256
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.12 10
5.0.0.0 255.0.0.0 On-link 5.173.38.200 9256
5.173.38.200 255.255.255.255 On-link 5.173.38.200 9256
5.255.255.255 255.255.255.255 On-link 5.173.38.200 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.12 266
192.168.0.12 255.255.255.255 On-link 192.168.0.12 266
192.168.0.255 255.255.255.255 On-link 192.168.0.12 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.12 266
224.0.0.0 240.0.0.0 On-link 5.173.38.200 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.12 266
255.255.255.255 255.255.255.255 On-link 5.173.38.200 9256Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 DefaultIPv6 Route Table
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:870:c3d:3f57:fff3/128
On-link
17 276 2620:9b::/96 On-link
17 276 2620:9b::5ad:26c8/128 On-link
12 266 fe80::/64 On-link
17 276 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::870:c3d:3f57:fff3/128
On-link
12 266 fe80::49b5:87db:9135:c98c/128
On-link
17 276 fe80::dc58:7679:2740:c607/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 266 ff00::/8 On-link
17 276 ff00::/8 On-linkPersistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link -
You've got 2 default gateways there - your LAN and Hamachi. Try disabling Hamachi and try again.
-
Of course, pfsense now seems to be failing at having an internet connection(can't fetch packages anymore) so I'm really not sure what to do with that…I'm really on the verge of just entirely giving up on this,
Please provide more details of the package fetch failure: what package? What was reported? etc There has been some discussion in the forums in the last few weeks about problems downloading packages.
Lots of people have found pfSense a very effective firewall. If you want to use it effectively you need to make some investment in learning to use it, especially when you connect equipment with "non standard" configurations.
-
Of course, pfsense now seems to be failing at having an internet connection(can't fetch packages anymore) so I'm really not sure what to do with that…I'm really on the verge of just entirely giving up on this,
Please provide more details of the package fetch failure: what package? What was reported? etc There has been some discussion in the forums in the last few weeks about problems downloading packages.
Lots of people have found pfSense a very effective firewall. If you want to use it effectively you need to make some investment in learning to use it, especially when you connect equipment with "non standard" configurations.
I've attempted to learn it, I have done everything to the letter of the pfsense book….and yet it doesn't work. There is nothing non-standard about my self, I have a few machines connected and trying to hit the internet through pfsense, that seems like a fairly basic setup. My aim was to do the bare minimum with it before trying to add extra flash on top.
I've removed the Hamachi connection, my machine can still do DNS lookups but can't ping or load webpages.
-
Please, again, provide the output of netstat -rn
-
===========================================================================
Interface List
12…00 22 68 52 60 31 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-InterfaceIPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.10 266
192.168.0.10 255.255.255.255 On-link 192.168.0.10 266
192.168.0.255 255.255.255.255 On-link 192.168.0.10 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.10 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.10 266Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 DefaultIPv6 Route Table
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:2043:34f1:3f57:fff5/128
On-link
12 266 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::2043:34f1:3f57:fff5/128
On-link
12 266 fe80::49b5:87db:9135:c98c/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 266 ff00::/8 On-linkPersistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link -
You still have a persistent route left that you need to remove. As Administrator you need to run:
route delete 0.0.0.0 mask 0.0.0.0 5.0.0.1
-
Worked, no dice
-
netstat -rn again please
-
===========================================================================
Interface List
12…00 22 68 52 60 31 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-InterfaceIPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.10 266
192.168.0.10 255.255.255.255 On-link 192.168.0.10 266
192.168.0.255 255.255.255.255 On-link 192.168.0.10 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.10 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.10 266Persistent Routes:
NoneIPv6 Route Table
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:3813:1f87:3f57:fff5/128
On-link
12 266 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::3813:1f87:3f57:fff5/128
On-link
12 266 fe80::49b5:87db:9135:c98c/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 266 ff00::/8 On-linkPersistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link -
From a computer inside the network please post the output of:
tracert -d 8.8.8.8 (Windows)
traceroute -n 8.8.8.8 (Linux)Please also post a screenshot of the LAN rules.
-
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.Trace complete.
-
The most likely thing is that you have something on the Windows clients that is interfering (a software firewall or some other package).
Can you try booting into a Linux live CD (such as Ubuntu) and see if you get the same result?
-
Just tested using my laptop(OS X) and the result was the same. Roommates laptop(Joli OS) has same result.
-
Just tested using my laptop(OS X) and the result was the same. Roommates laptop(Joli OS) has same result.
I presume you mean that on both machines a traceroute 8.8.8.8 displayed @No1451:
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.0.1
2 * * * Request timed out.
3 * * * Request timed out.
. . .I would check the traceroute (or ping 8.8.8.8 ) is really arriving on the pfSense LAN interface. (Perhaps you have another system on your LAN with IP address 192.168.0.1)
-
(Perhaps you have another system on your LAN with IP address 192.168.0.1)
That's one thing that came to mind. Another, maybe LAN and WAN are on the same subnet, which of course won't work.
Attaching the full config backup would at least show us whether your config is sane.
-
Just tested using my laptop(OS X) and the result was the same. Roommates laptop(Joli OS) has same result.
I presume you mean that on both machines a traceroute 8.8.8.8 displayed @No1451:
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.0.1
2 * * * Request timed out.
3 * * * Request timed out.
. . .I would check the traceroute (or ping 8.8.8.8 ) is really arriving on the pfSense LAN interface. (Perhaps you have another system on your LAN with IP address 192.168.0.1)
That is what I meant, yes. I have nothing else on the network with the same IP(and I have tried alternative IPs as well to rule that out as a possibility). When running a ping/traceroute there wasn't any reported activity in the log(I was watching firewall).
I'm fairly certain that WAN and LAN are on separate subnets, LAN is on /24 and WAN is entirely handled by DHCP.
My config file: http://dl.dropbox.com/u/9118076/config-pfSense.localdomain-20111010144530.xml
