WAN Up, Lan Up - But cannot ping outside world (google.com, etc)



  • I'm new to pfSense, but had been running ipcop for a few years.

    I have pfSense installed ( pfsense 2.0RC3 ) on an older enterprise desktop (dual-core, 2G ram, 3 NICs).

    I have a DSL connection, and finally got the WAN/PPPOE to showas "up / connected".  This took awhile, and it seemed I had to associate the WAN with both the physical NIC (bge0) and the PPPOE connection informatioin; via the Interfaces->Assign and the PPPs-tab.

    I can reboot the pfSense box and it consistently shows both the WAN and LAN as up.      ;D  (This took awhile!)
    I have not enabled the 3rd NIC yet.

    The basic setup is  dsl-modem  ->  pfsense-pc  ->  laptop

    In the general setup, I datafilled the DNS server addresses from the DSL provider (IP-addresses going to a Primus DNS server).
    I have enabled DNS Forwarder.  I believe "DNS Forwarder" relates to DHCP and how the laptop gets to know which DNS IP address to use.

    The problem I have is that I cannot reach the outside world.    DNS lookups/pings of google.com, wikipedia.org fail.    At one point yesterday, I could reach google.com and do a search, but then I could not click on those links (I guess the pfsense/laptop new the ip-address of google.com, but not the resulting links??)?

    Any ideas?  I'm stumped and seem to be doing circles in the configuration.

    Should I datafil IP address in the General Setup DNS space?  If yes, what should the "gateway" pull-down window be set to?  My options are None or WAN.

    Thanks.


  • Rebel Alliance

    In the dashboard, did you see the DNS listed ?

    In Status - Gateways, did you see the Gateway as "online"

    The pfSense LAN is configured as DHCP server ? have you  enabled  / configured properly the DHCP server ?

    If you PING some public IP, lets say 8.8.8.8 did you get reply ?



  • Thanks.

    In the dashboard, did you see the DNS listed ?
    Yes.   In the "ISP DNS Servers" the 216-range IP address are shown.

    In Status - Gateways, did you see the Gateway as "online"
    No.  The status is "Gathering Data" and remained this way for 10-15 minutes without change.

    The pfSense LAN is configured as DHCP server ? have you  enabled  / configured properly the DHCP server ?
    I believe I have setup the LAN as the DHCP server - at least by view Services->DHCP it confirms this.   My PC/laptop gets an IP address in the address I setup.

    If you PING some public IP, lets say 8.8.8.8 did you get reply ?
    Unreachable.

    I have included the config for the interfaces & PPP, too.

    ![Status - Interfaces.png](/public/imported_attachments/1/Status - Interfaces.png)
    ![Status - Interfaces.png_thumb](/public/imported_attachments/1/Status - Interfaces.png_thumb)
    ![Status - Gateways.png](/public/imported_attachments/1/Status - Gateways.png)
    ![Status - Gateways.png_thumb](/public/imported_attachments/1/Status - Gateways.png_thumb)




    ![Interfaces - Assign Network Ports.png](/public/imported_attachments/1/Interfaces - Assign Network Ports.png)
    ![Interfaces - Assign Network Ports.png_thumb](/public/imported_attachments/1/Interfaces - Assign Network Ports.png_thumb)
    ![Interfaces - PPP.png](/public/imported_attachments/1/Interfaces - PPP.png)
    ![Interfaces - PPP.png_thumb](/public/imported_attachments/1/Interfaces - PPP.png_thumb)
    ![status - General Setup.png](/public/imported_attachments/1/status - General Setup.png)
    ![status - General Setup.png_thumb](/public/imported_attachments/1/status - General Setup.png_thumb)



  • Is your modem in bridging mode and have you rebooted it?



  • You have your system configure wrongly: WAN interface needs to be pppoe1 not beg0
    pppoe1 needs to use bge0 not WAN, bge0
    beg0 probably shouldn't be 10baseT/half duplex - might need to look at your modem.



  • Thanks for the tips.  Here's responses to the questions & ideas, then the current snapshot of settings.  I still have the same issue.


    Is your modem in bridging mode and have you rebooted it?
    Yes its in bridging mode as far as I know.   Its an Alcatel Speed Touch Home.   The manual says it should be 10BaseT / half-duplex.

    You have your system configure wrongly: WAN interface needs to be pppoe1 not beg0
    pppoe1 needs to use bge0 not WAN, bge0
    Agree.   Sorry, bad snapshots or me trying different things.   I believe the below snapshots are correct, and I still have the same issue.   I'm unable to ping 8.8.8.8 / 4.2.2.2, etc

    beg0 probably shouldn't be 10baseT/half duplex - might need to look at your modem.
    I believe that's fine.   I cannot compare it to what the Linksys router says as it does not show the information.   The Speed Touch modem manual says it is 10baseT/half-duplex though.


    I've tried the suggestions, and they don't seem to help.   I have set the WAN to PPPoE and the PPPoE to bge0 as suggested.

    I'm fairly sure the modem is o.k., as the only change I make to the network is to remove the Linksys WiFi route and insert the pfSense firewall.    That is, I:

    • unpower modem

    • unpower Linksys wifi router

    • move WAN connection to pfSense bge0

    • power-on pfSense firewall

    • power-up modem & pfSense

    With pfSense:          modem –--- WAN ---->  pfSense     ----- LAN ----> switch/PC
    With Linksys WiFi:     modem ----- WAN ---->  LinkSys Rtr ----- LAN ----> switch/PC

    I have included the Linksys settings, and it gets an IP address and all.

    Here is the settings as they are now.   I included a Ping from the pfSense diagnostics.  
    I'm confused about the System->General Setup->DNS Servers (and what the "Gateway" field means.   I have tried None & WAN without any success.

    (Maybe I need to power-on/off the modem for some of these changes, and as a a result, I am changing stuff and seeing its not having an impact, when in fact I should have ensured the PPPoE connection was remade?)

    This seems like such a basic setup for which I shouldn't have these issues.

    Thanks.

    ![Linksys - Status.png](/public/imported_attachments/1/Linksys - Status.png)
    ![Linksys - Status.png_thumb](/public/imported_attachments/1/Linksys - Status.png_thumb)
    ![Interfaces - WAN.png](/public/imported_attachments/1/Interfaces - WAN.png)
    ![Interfaces - WAN.png_thumb](/public/imported_attachments/1/Interfaces - WAN.png_thumb)
    ![Interfaces - LAN.png](/public/imported_attachments/1/Interfaces - LAN.png)
    ![Interfaces - LAN.png_thumb](/public/imported_attachments/1/Interfaces - LAN.png_thumb)
    ![Interfaces - PPPs.png](/public/imported_attachments/1/Interfaces - PPPs.png)
    ![Interfaces - PPPs.png_thumb](/public/imported_attachments/1/Interfaces - PPPs.png_thumb)
    ![Ping - 4222.png](/public/imported_attachments/1/Ping - 4222.png)
    ![Ping - 4222.png_thumb](/public/imported_attachments/1/Ping - 4222.png_thumb)
    ![Services - DHCP.png](/public/imported_attachments/1/Services - DHCP.png)
    ![Services - DHCP.png_thumb](/public/imported_attachments/1/Services - DHCP.png_thumb)
    ![System - General Setup.png](/public/imported_attachments/1/System - General Setup.png)
    ![System - General Setup.png_thumb](/public/imported_attachments/1/System - General Setup.png_thumb)



  • atleast change MTU to 1492 at wan side



  • Suggestion: Try swapping pppoe1 and LAN: that is use re1 for WAN pppoe and bge0 for LAN (swap cables as well as pfSense assignments) and then, when ppp interface status is reported as Up try a ping from pfSense web GUI and then take a screenshot of the Status -> Interfaces page showing the pppoe section. 10BaseT half duplex doesn't seem to be used very much now: maybe that wasn't well tested with bge driver and it might work better with re driver.

    @AlmostThere:

    I'm confused about the System->General Setup->DNS Servers (and what the "Gateway" field means.  I have tried None & WAN without any success.

    pfSense has a lot of configuration options to cover the vast majority of possibilities. PPP and DHCP have the capability of telling a client system what systems to use for DNS and DHCP.  ISPs would normally use those capabilities. pfSense allows those settings to be overridden.  In your case you have configured pfSense to use particular name servers UNLESS the DHCP or PPP server connected to the WAN interface says "use these".

    DNS configuration shouldn't affect pings to IP addresses. On my pfSense I use OpenDNS as may name server so I have configured the IP addresses of the OpenDNS servers, unchecked the Allow DNS server list to be overridden by DHCP/PPP on WAN box and left the DNS gateways as "none".



  • Thanks again.

    On the MTU size, I was just copying what my Linksys was which was set to "Auto"
    On the DNS, I will be going to dyndns/opendns eventually (that is what I was using with ipcop before).

    I read another thread with PPPoE issues ( http://forum.pfsense.org/index.php/topic,35475.0/topicseen.html ) and decided that a fresh install would be good, since I had poked around with a lot of configuration.   I had tried swapping physical connections (I had 3 NICs), and a lot of console/web-config attempts.   The thread suggests that maybe pfSense doesn't always clean-up config-changes, so I went with a clean-install.   Now I'm more familiar, hopefully I would make less mistakes.   The basic setup was:

    • via install define 2 NICs - WAN(bge0) & LAN(re1)

    • via web-wizard define the PPPoE aspect

    The good news, is I can get PPPoE up each time, I can ping google.com, and, I can search anything on google.com.  However, I cannot get content from the links google-suggests.   For example:

    • ping google.com (from pfsense diagnostics, and laptop work)

    • dns lookup from pfsense (via diagnostics) works

    • search "pizza" in google.com works

    • clicking on a link in the results fails

    I have attached the relevant files (this time I am reluctant to change config unless directed to do so.   I can send/attach the config file / system logs if desired, too).

    Thanks again.

    ![Status - Dashboard.png](/public/imported_attachments/1/Status - Dashboard.png)
    ![Status - Dashboard.png_thumb](/public/imported_attachments/1/Status - Dashboard.png_thumb)
    ![Status - Gateways.png](/public/imported_attachments/1/Status - Gateways.png)
    ![Status - Gateways.png_thumb](/public/imported_attachments/1/Status - Gateways.png_thumb)
    ![Interfaces - WAN.png](/public/imported_attachments/1/Interfaces - WAN.png)
    ![Interfaces - WAN.png_thumb](/public/imported_attachments/1/Interfaces - WAN.png_thumb)
    ![Interfaces - LAN.png](/public/imported_attachments/1/Interfaces - LAN.png)
    ![Interfaces - LAN.png_thumb](/public/imported_attachments/1/Interfaces - LAN.png_thumb)
    ![Interfaces - Bridges.png](/public/imported_attachments/1/Interfaces - Bridges.png)
    ![Interfaces - Bridges.png_thumb](/public/imported_attachments/1/Interfaces - Bridges.png_thumb)
    ![Ping - Google.png](/public/imported_attachments/1/Ping - Google.png)
    ![Ping - Google.png_thumb](/public/imported_attachments/1/Ping - Google.png_thumb)



  • @AlmostThere:

    However, I cannot get content from the links google-suggests.  For example:

    • ping google.com (from pfsense diagnostics, and laptop work)

    • dns lookup from pfsense (via diagnostics) works

    • search "pizza" in google.com works

    • clicking on a link in the results fails

    Perhaps you are now almost there. In the last example what is the failure mode - what is reported?

    The last two examples - what is that system using as its DNS? What happens if, on that system, you attempt to ping the host identified in the link? (Please report the system response, not an interpretation of it.)



  • The laptop was using 192.168.1.1 as its DNS.   I believe this means that pfsense would then do the DNS (i.e., forwarding to the 216..) addresses.   From the laptop I can ping / nslookup and IP-address/domain name.   Its just web-browsing (i.e., clicking a link and getting to a website beyond the "www.google.com" site that is lacking).

    For the google stuff; here's the screenshots from the laptop.  
    For example, I googled "Tale of Two Cities" (see screen shot), & then clicked on the wikipedia link (see second screen shot).  Click on the wikipedia link had the browser waiting for ever (no timeout was shown, just the constant "transferring data").

    I showed another example, of being able to ping/dns boxee.tv, but not being able to get to the website.

    Sorry, I don't know how to get files off the pfSense to provide any conf/system files.    (I'll surf how to sftp files from pfSense, or, maybe a USB stick is used?)





    ![Google - Tale of Two Cities.png](/public/imported_attachments/1/Google - Tale of Two Cities.png)
    ![Google - Tale of Two Cities.png_thumb](/public/imported_attachments/1/Google - Tale of Two Cities.png_thumb)
    ![Google - Transferring Data Jam.png](/public/imported_attachments/1/Google - Transferring Data Jam.png)
    ![Google - Transferring Data Jam.png_thumb](/public/imported_attachments/1/Google - Transferring Data Jam.png_thumb)



  • Something is wrong with your DNS configuration that Diagnostics -> DNS Lookups shows No response in the Resolution time per server column.

    On a client of my pfSense server I tried your name servers:```
    $ dig www.abc.net.au @216.254.141.13

    ; <<>> DiG 9.7.0-P1 <<>> www.abc.net.au @216.254.141.13
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58737
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 9, ADDITIONAL: 9

    ;; QUESTION SECTION:
    ;www.abc.net.au. IN A

    ;; ANSWER SECTION:
    www.abc.net.au. 617 IN CNAME www.abc.net.au.edgesuite.net.
    www.abc.net.au.edgesuite.net. 13775 IN CNAME a1632.g.akamai.net.
    a1632.g.akamai.net. 20 IN A 216.254.134.6
    a1632.g.akamai.net. 20 IN A 216.254.134.8

    ;; AUTHORITY SECTION:
    g.akamai.net. 588 IN NS n1g.akamai.net.
    g.akamai.net. 588 IN NS n2g.akamai.net.
    g.akamai.net. 588 IN NS n3g.akamai.net.
    g.akamai.net. 588 IN NS n4g.akamai.net.
    g.akamai.net. 588 IN NS n5g.akamai.net.
    g.akamai.net. 588 IN NS n6g.akamai.net.
    g.akamai.net. 588 IN NS n7g.akamai.net.
    g.akamai.net. 588 IN NS n8g.akamai.net.
    g.akamai.net. 588 IN NS n0g.akamai.net.

    ;; ADDITIONAL SECTION:
    n0g.akamai.net. 408 IN A 216.254.134.3
    n1g.akamai.net. 170 IN A 216.254.134.2
    n2g.akamai.net. 2201 IN A 216.254.134.4
    n3g.akamai.net. 412 IN A 184.84.243.62
    n4g.akamai.net. 2229 IN A 184.84.243.62
    n5g.akamai.net. 2241 IN A 184.84.243.60
    n6g.akamai.net. 408 IN A 184.84.243.60
    n7g.akamai.net. 2051 IN A 184.84.243.62
    n8g.akamai.net. 1070 IN A 184.84.243.63

    ;; Query time: 296 msec
    ;; SERVER: 216.254.141.13#53(216.254.141.13)
    ;; WHEN: Tue Sep  6 11:13:58 2011
    ;; MSG SIZE  rcvd: 441

    $ dig www.abc.net.au @216.254.136.227

    ; <<>> DiG 9.7.0-P1 <<>> www.abc.net.au @216.254.136.227
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached
    $

    
    @AlmostThere:
    
    > The laptop was using 192.168.1.1 as its DNS.  I believe this means that pfsense would then do the DNS (i.e., forwarding to the 216..) addresses.  From the laptop I can ping / nslookup and IP-address/domain name.  Its just web-browsing (i.e., clicking a link and getting to a website beyond the "www.google.com" site that is lacking).
    
    Do you have pfSense DNS Forwarder enabled? (Services -> DNS Forwarder) It seems you want to use it.
    
    Is there another system on your LAN with the IP address 192.168.1.1?
    
    @AlmostThere:
    
    > Sorry, I don't know how to get files off the pfSense to provide any conf/system files.    (I'll surf how to sftp files from pfSense, or, maybe a USB stick is used?)
    
    Perhaps _Diagnostics_ -> _Backup/Restore_ or _Diagnostics_ -> _Edit File_ or pfSense shell command scp


  • test with another dns server first, like google's 8.8.8.8 or 8.8.4.4
    and if you leave mtu field blank, then it's using 1500 mtu size

    something to read about MTU



  • EDIT (9/14/2011): I was trying to remember the web interface at the time I wrote the post below. Now that I have gone back and looked at the interface, the checkbox I was referring to is (for pfSense 2 RC3 snapshot from 9/8/11) the "Allow DNS server list to be overridden by DHCP/PPP on WAN" check box. I confused some of the words with the other checkbox, "Do not use the DNS Forwarder as a DNS server for the firewall", but what I meant in my orginal post below was the "Allow DNS server list…" check box. Sorry.

    Anyway, here is the unmodified initial post I made here:

    If your client is set to use DNS server of 192.168.1.1, then the matching config on the pfSense box is to have the DNS forwarder(forwarding) UNCHECKED. If your laptop shows a DNS server still of 192.168.1.1, try unchecking the DNS forwarder setting in pfSense.

    If your laptop (client) has a DNS server of 192.168.1.1, then one of your DNS servers listed on the pfSense dashboard will need to be "127.0.0.1", and the DNS forwarder should be UNCHECKED in order for that to be the case.

    However, if your laptop now shows the DNS server as something other than 192.168.1.1, then it should be that the DNS forwarder in pfSense is CHECKED.



  • I've given up.  Had a friend over that has Microsoft certification, works in hi-tech and has pfSense running @ home and he couldn't get it working either after 3 hours.

    Its either something with the DSL modem, the hardware (although its Intel NICs), or pfSense.



  • I just thought I'd update this thread.    I never did get pfSense with the DSL modem.  The modem is old an 10base-T so maybe that was the issue.

    The NIC cards I had are bge and re.

    Using the exact same hardware (and using the new Pfsense 2.0 (not the RC3) and a cable modem everything worked first time.

    Thanks for the help.


Locked