Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to get to outside world

    Scheduled Pinned Locked Moved
    DHCP and DNS
    3
    9
    4.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      supportmicrotechnow.com
      last edited by

      I have a strange situation going on with one of our pfSense firewalls. I setup our virtual IPs and 1:1 routing (for our IP block) and if I set a device behind the pfSense to one of the 1:1 internal addresses, it works great. However, if I let DHCP hand out an address I cannot access the outside world at all. One further problem I noticed is that if I SSH into the pfSense directly, I cannot ping the outside world. I have tried pinging by IP and by hostname, and neither goes out. The GW does show that it is up and working. It appears that there is something wrong with the routing on the pfSense directly, but I seem to be missing it.

      I have also compared this pfSense install to another fully working one we have, and in the routes, the working one does not have the DNS servers listed where the non working one does (for instance Destination: 4.2.2.2
      Gateway: the correct gateway IP
      Flags: UGHS)

      Does anyone have any idea on what the problem is and/or where I should look to try to resolve this?

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @support@microtechnow.com:

        One further problem I noticed is that if I SSH into the pfSense directly, I cannot ping the outside world. I have tried pinging by IP and by hostname, and neither goes out. The GW does show that it is up and working. It appears that there is something wrong with the routing on the pfSense directly, but I seem to be missing it.

        Perhaps this pfSense doesn't have a default route. What is the output of the pfSense shell command: netstat -r -n

        1 Reply Last reply Reply Quote 0
        • S
          supportmicrotechnow.com
          last edited by

          @wallabybob:

          @support@microtechnow.com:

          One further problem I noticed is that if I SSH into the pfSense directly, I cannot ping the outside world. I have tried pinging by IP and by hostname, and neither goes out. The GW does show that it is up and working. It appears that there is something wrong with the routing on the pfSense directly, but I seem to be missing it.

          Perhaps this pfSense doesn't have a default route. What is the output of the pfSense shell command: netstat -r -n

          Sent you a PM with the results.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Wouldn't be missing a default route if a static IP host can get out. Something about the DHCP-assigned host(s) is wrong, maybe assigning an unreachable DNS server, or assigning conflicting IPs, or something.

            1 Reply Last reply Reply Quote 0
            • S
              supportmicrotechnow.com
              last edited by

              @cmb:

              Wouldn't be missing a default route if a static IP host can get out. Something about the DHCP-assigned host(s) is wrong, maybe assigning an unreachable DNS server, or assigning conflicting IPs, or something.

              I thought so at first too, but I also cannot get outside from the pfSense directly. Meaning if I SSH directly into the pfSense, I cannot ping anything external (IP or hostname, so it's not a DNS issue).

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                Oh, in that case, your WAN's IP or mask has an issue. Something like an IP conflict, or trying to use a non-usable IP (network or broadcast address maybe).

                1 Reply Last reply Reply Quote 0
                • S
                  supportmicrotechnow.com
                  last edited by

                  I'm not sure if this will be of any help or not, but I noticed this difference compared to a pfsense box that I have that is working properly vs the one we've been discussing.
                  The one having problems has this in the Diagnostics>States where the working one does not have anything similar. 1.2.3.4 (changed for privacy) is the WAN IP assigned to the pfSense and 4.2.2.2 and 75.75.75.75 are the assigned DNS servers.
                  udp 1.2.3.4:43514 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:43514 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:34261 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:34261 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:55027 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:55027 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:64354 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:64354 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:49834 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:49834 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:33974 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:33974 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:19242 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:19242 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:30987 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:42050 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:42050 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:9638 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:9638 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:26257 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:18263 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:18263 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:32988 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:32988 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:8393 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:8393 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:7054 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:7054 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:52022 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:52022 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:44673 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:44673 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:55614 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:55614 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:13478 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:13478 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:29159 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:29159 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:10439 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:10439 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:41749 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:51861 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:51861 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:12065 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:12065 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:38292 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:19590 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:19590 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:1977 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:1977 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:30506 -> 4.2.2.2:53 SINGLE:NO_TRAFFIC
                  udp 1.2.3.4:30506 -> 75.75.75.75:53 SINGLE:NO_TRAFFIC

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    That just further confirms what you already noted - the WAN IP can't get to the Internet, it's sending traffic and getting no response. It's issuing DNS requests (SINGLE) and getting no response (NO_TRAFFIC).

                    Which points back to what I noted in my last post. Either that or an IP conflict, or something upstream is blocking traffic from the WAN IP. There's something wrong with the WAN IP configuration, or something upstream of it.

                    1 Reply Last reply Reply Quote 0
                    • S
                      supportmicrotechnow.com
                      last edited by

                      I just wanted to let you know that I got the problem resolved. The problem ended up being a comcast issue. Once Comcast was fixed, I rebooted the pfsense and everything started working. Also, now that it is working, I looked at the routes and the DNS servers are not listed anymore.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post