No connection through pfSense



  • I've today tried to setup a pfSense on a Dell PowerEdge 1750 (dual 3.06GHz XEON 4GB RAM) but something is wrong :(

    I've tried both pfSense 1.2.2 and the newest stable release, both with same outcome.

    pfSense is connectible from LAN, DHCP server hands out IP's at a glance.
    WAN is DHCP and recieves the IP from ISP as it should.

    But that's about it! NO connection LAN <-> WAN, not from pfSense and not from LAN clients.

    I've tried several configurations during the day, none of them made any difference.

    Any suggestions what could be the error?



  • With no technical details, it's impossible to say.

    With a default install, if you've correctly identified the LAN and WAN interfaces, it should just work. Try a fresh install of 2.0 and check that your WAN interface has the ISP allocated address. Remember that many cable modems require a power cycle before they'll route traffic for a new device.



  • Hi,

    Exactly the same thing has happened to me.

    I set up pfSense in a virtual machine and configured all pysical and virtual machines' IP's to make internet connections through pfSense virtual machine.

    Now, I'm typing this message from a pysical machine whose internet connection is made through pfSense virtual machine. This means pfSense working OK and I can make correct settings.

    I have another pysical machine, but what happens to it is the same as the friend had told above. No internet connection is present except from dns queries. I can ping google.com, but I can not browse any site via either Firefox or wget.

    I use Ubuntu 10.04 and configured my static IP's in /etc/network/interfaces which I did the same thing in a virtual machine which is working great now.

    Any ideas?



  • For both of you, the first test is to see if a machine on the LAN can ping the WAN address of the pfsense. If you can, then ping the WAN gateway. If that works, then it is setup correctly and something else having to do with your router might be the problem. One thing you will also need to check is that if you are getting a private IP from your WAN DHCP, then you will need to make sure that the WAN interface option of blocking private networks is turned off.

    ceremcem, if you can ping google.com, the internet connection is made. If you cannot browse, this is usually a DNS problem.



  • Hi,

    Thanks for the quick answer.

    I can ping both pfSense's WAN IP and pfSense's gateway from the machine which has problematic internet connection (Laptop). I can browse pfSense's web gui from the Laptop also.

    I would think if I could ping google.com, then this proves that DNS settings are working as expected. I'm sure that DNS settings are correct because when I check /etc/resolv.conf I can see "nameserver 8.8.8.8" and when I change my IP and default gateway, everything works correctly. Also I have to add this: When I type google.com in my web browser and wait for about 2 minutes, title of the page comes. After 5 minutes, favicon could be seen. But no body of the page could be seen until "Page can not be loaded" message is shown.

    So, could we say "This means extremely slow internet connection problem"?

    Edit: There is another issue now. I could connect to this site, started to write my reply but couldn't post it because there was no internet connection on this working machine either. Now I'm directly connected to the gateway.



  • I reset my pfSense box to the factory defaults. While setting up interfaces, pfSense complains with the message "No link-up detected." . I'm digging in.



  • What type of NICs do you have in the machine?



  • I restarted pfSense, made interface setup by hand. Then changed IP settings on the "client" machine to connect pfSense and pfSense seemed to start working.

    When I tried to connect gui, "500 internal server error" was shown. I looked at the virtual machine screen, "symlink error, no space left on the device" error was shown. I'm erasing all of them, downloading an iso image and I will set them all up from scratch with a 8 GB space.

    Also: I can not understand what you mean with the NIC related question, since I have limited knowledge about what you are possibly talking about. Let me learn some, I will get back to you.



  • @ceremcem:

    Also I have to add this: When I type google.com in my web browser and wait for about 2 minutes, title of the page comes. After 5 minutes, favicon could be seen. But no body of the page could be seen until "Page can not be loaded" message is shown.

    So, could we say "This means extremely slow internet connection problem"?

    No, just your browser filling in from cache.



  • I'm using Ubuntu on all the machines.

    This is the working configuration of THE_PROBLEMATIC_MACHINE:

    Contents of "over-modem.sh":

    
    #!/bin/bash
    ifconfig wlan0 192.168.0.11/24
    route add default gw 192.168.0.1 wlan0
    ifconfig wlan0
    route -n
    
    

    Execution output:

    
    ceremcem@cca-peynir:~$ sudo ./over-modem.sh 
    [sudo] password for ceremcem: 
    wlan0     Link encap:Ethernet  HWaddr 74:f0:6d:09:91:54  
              inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0
              inet6 addr: fe80::76f0:6dff:fe09:9154/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:68556 errors:0 dropped:0 overruns:0 frame:0
              TX packets:60755 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:44370422 (44.3 MB)  TX bytes:15999975 (15.9 MB)
    
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
    0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 wlan0
    
    

    traceroute output:

    
    ceremcem@cca-peynir:~$ traceroute google.com
    traceroute to google.com (173.194.67.106), 30 hops max, 60 byte packets
     1  10.12.0.1 (10.12.0.1)  16.806 ms  16.599 ms  16.457 ms
     2  172.25.35.25 (172.25.35.25)  16.365 ms  16.222 ms  16.096 ms
     3  * * *
     4  izmr-2-2-izmr-3-4.turktelekom.com.tr (81.212.222.41)  21.540 ms  21.479 ms  21.407 ms
     5  uls-2-2-izmr-2-2.turktelekom.com.tr (81.212.26.210)  35.391 ms  37.496 ms  37.396 ms
     6  ms-col-2-uls-2-2.turktelekom.com.tr (212.156.102.81)  92.361 ms  82.691 ms  91.997 ms
     7  212.156.102.14.static.turktelekom.com.tr (212.156.102.14)  93.065 ms  93.257 ms  93.689 ms
     8  209.85.254.92 (209.85.254.92)  92.202 ms 209.85.254.250 (209.85.254.250)  86.555 ms  94.451 ms
     9  209.85.255.70 (209.85.255.70)  94.415 ms  94.342 ms 209.85.255.72 (209.85.255.72)  94.304 ms
    10  209.85.240.158 (209.85.240.158)  107.233 ms 209.85.240.221 (209.85.240.221)  107.157 ms 209.85.240.158 (209.85.240.158)  107.118 ms
    11  209.85.250.165 (209.85.250.165)  107.020 ms  106.941 ms 209.85.250.167 (209.85.250.167)  110.486 ms
    12  * * *
    13  wi-in-f106.1e100.net (173.194.67.106)  104.037 ms  103.917 ms  99.949 ms
    
    

    If I change the ip in that way, internet connection disappears:

    Contents of "over-pfsense.sh":

    ifconfig wlan0 10.0.1.11/24
    route add default gw 10.0.1.1 wlan0
    ifconfig wlan0
    route -n
    
    

    Here is execution output:

    
    ceremcem@cca-peynir:~$ sudo ./over-pfsense.sh 
    wlan0     Link encap:Ethernet  HWaddr 74:f0:6d:09:91:54  
              inet addr:10.0.1.11  Bcast:10.0.1.255  Mask:255.255.255.0
              inet6 addr: fe80::76f0:6dff:fe09:9154/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:70024 errors:0 dropped:0 overruns:0 frame:0
              TX packets:61680 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:46251309 (46.2 MB)  TX bytes:16106481 (16.1 MB)
    
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 wlan0
    0.0.0.0         10.0.1.1        0.0.0.0         UG    0      0        0 wlan0
    
    

    Here is traceroute output:

    
    ceremcem@cca-peynir:~$ traceroute google.com
    traceroute to google.com (173.194.67.105), 30 hops max, 60 byte packets
     1  10.0.1.1 (10.0.1.1)  2.057 ms  2.972 ms  2.846 ms
     2  10.12.0.1 (10.12.0.1)  11.241 ms  11.131 ms  19.620 ms
     3  172.25.35.25 (172.25.35.25)  20.677 ms  21.907 ms  21.764 ms
     4  * * *
     5  izmr-2-2-izmr-3-4.turktelekom.com.tr (81.212.222.41)  26.902 ms  26.842 ms  26.620 ms
     6  uls-2-2-izmr-2-2.turktelekom.com.tr (81.212.26.210)  39.045 ms  29.144 ms  30.038 ms
     7  ms-col-2-uls-2-2.turktelekom.com.tr (212.156.102.81)  89.296 ms  89.214 ms  89.151 ms
     8  212.156.102.14.static.turktelekom.com.tr (212.156.102.14)  100.893 ms  100.825 ms  100.748 ms
     9  209.85.254.92 (209.85.254.92)  100.616 ms  100.556 ms 209.85.254.250 (209.85.254.250)  100.446 ms
    10  209.85.255.74 (209.85.255.74)  101.237 ms 209.85.255.72 (209.85.255.72)  106.939 ms  106.875 ms
    11  209.85.240.158 (209.85.240.158)  113.903 ms 209.85.240.221 (209.85.240.221)  112.697 ms  110.949 ms
    12  209.85.250.165 (209.85.250.165)  99.229 ms 209.85.250.167 (209.85.250.167)  100.491 ms 209.85.250.165 (209.85.250.165)  102.901 ms
    13  * * *
    14  wi-in-f105.1e100.net (173.194.67.105)  220.406 ms  222.355 ms  220.278 ms
    ceremcem@cca-peynir:~$ 
    
    

    From THE_PROBLEMATIC_MACHINE, I can ping the machine and browse the gui of pfsense but I can not have the internet sites (eg. google.com).

    I don't know how I could debug the problem any further… Any ideas?


Log in to reply