Need help to figuring out why I cannot make internet connection through pfSense



  • I have a problem. Maybe somebody can help me.  ???

    • I have connected my network as the picture show it.

    • My LAN connection is setted on em0 (192.168.1.1) and my Wan connection is setted DHCP, (non-static).

    • I have connected my internet connection (router/T1) on the Wan port and my Lan connection on my switch Cisco.

    • I setted my dns server into pfSense.

    • I can ping www.yahoo.com but I can't access Internet with my PCs. Windows (win 7) don't see my Internet connection.

    I tried to connect one pc (with 192.168.1.*) directly on pfsense. I can enter into the webgui and test my internet connection (ping) but I can't access internet with my pc. Any tips will be appreciate.

    Regards :)

    Frank



  • Netgate Administrator

    Where are you pinging from? the pfSense box or one of your LAN pc's?

    Is your router handing a public IP to pfSense or doing NAT? Is it on a different subnet to LAN?

    Check the firewall logs when you are trying to connect.

    Welcome to pfSense.  ;)

    Steve



  • Hi Steve,
    Thank you for your answer.

    I ping from my pfSense box (into the webgui) to test if my pfSense box is well connected to Internet.

    Regards,

    Frank.


  • Netgate Administrator

    Ok so you can ping from the pfSense webGUI but can't ping from a LAN computer.

    Sounds like you have either no gateway set or the wrong subnet mask.

    What are the IP settings on one of your LAN computers?

    What about any of my other questions above?

    Steve



  • I will check that :) let me 1/2 hour :)

    Regards



  • Hi,
    I will try to answer completly at your questions :)

    To well understand my answers, your can check the picture :)
    Is your router handing a public IP to pfSense or doing NAT? Is it on a different subnet to LAN?
    My router is always connected on internet (broadband)  The signal is always on. I can only precise that (because I'm not an expert in this domain) This router is connected directly on optic fiber. My pfSense box, can access at Internet by this router. So, I have no problem (I think) in this case.

    Example when I ping from my pfsense box

    ping.pfsense.org

    Ping output:

    PING ping.pfsense.org.wminer.com (68.178.232.99) from ??.??.??.??: 56 data bytes
    64 bytes from 68.178.232.99: icmp_seq=0 ttl=119 time=77.172 ms
    64 bytes from 68.178.232.99: icmp_seq=1 ttl=119 time=78.979 ms
    64 bytes from 68.178.232.99: icmp_seq=2 ttl=119 time=78.770 ms

    –- ping.pfsense.org.wminer.com ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 77.172/78.307/78.979/0.807 ms

    Check the firewall logs when you are trying to connect.
    Ok. I will check that.

    Ok so you can ping from the pfSense webGUI but can't ping from a LAN computer.
    yes, exacltly

    Sounds like you have either no gateway set or the wrong subnet mask.

    What are the IP settings on one of your LAN computers?
    I disconnected my switch and assign its IP address on a computer 192.168.1.254 Mask:255.255.240.0 to make sure is not a subnet problem but… I'm not an expert :)

    Pfsense IP:191.168.1.1 Mask:255.255.240.0

    Regards


  • Netgate Administrator

    Ok.

    There are a number of reasons this could be happening.

    1. There is no gateway or the incorrect gateway set on your client computers.
    If you are configuring clients manually you need to set the gateway to the pfSense LAN address (192.168.1.1). If you're using DHCP you need to make sure it's working correctly. From Windows (if you're using that) open a command prompt and check the gateway:

    C:\Documents and Settings\Steve>ipconfig
    
    Windows IP Configuration
    
    Ethernet adapter Local Area Connection:
    
            Connection-specific DNS Suffix  . : fire.box
            IP Address. . . . . . . . . . . . : 192.168.1.10
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 192.168.1.1
    

    2. Your pfSense box is blocking outgoing connections.
    You can check this easily enough as it will appear in the firewall logs. However by default all connections from LAN are allowed so unless you have changed with the firewall rules this is unlikely.

    3. Your pfSense box is not routing traffic correctly.
    A number of things could cause this but top of the list is that your modem/router is giving pfSense a WAN IP in the same subnet as LAN. This stops routing working correctly. Is your WAN address a public or private IP?
    If it is a private IP you need to disable blocking of private networks from the webGUI under: Interfaces: WAN:

    Unrelated but interesting is that when you pinged ping.pfsense.org (a url that doesn't exist!) your DNS server incorrectly returned ping.pfsense.org.wminer.com. It should return an error but whoever runs that DNS is collecting advertising revenue by sending you to another site.  ::)

    Steve



  • Hi Steve :)
    Thank for your information.

    C:\Users\Frank>ipconfig

    Configuration IP de Windows

    Ethernet adapter pfSense :

    Connection-specific DNS Suffix. . . : wminer.com
      IP Address . . . . . . . . . . . . . . . . : 192.168.1.245
      Subnet Mask. . . . . . . . . . . . . .   : 255.255.255.0
      Default Gateway. . . . . . . . . . . .  : 192.168.1.1

    Now :) I can access internet if I put ip address (not domain name)

    2. Your pfSense box is blocking outgoing connections. ==> Checked
    3) Your pfSense box is not routing traffic correctly. ==> Checked
    Unrelated but interesting is that when you pinged ping.pfsense.org ==> yes indeed. In the pfsense box its work but not outside :)

    I send my lan settings (see the picture) maybe you will see something :)

    Regards



  • Netgate Administrator

    @fmullenis:

    Now :) I can access internet if I put ip address (not domain name)

    Ah, so you can access internet sites by IP from your client PCs but not by URL.
    So that implies that DNS is not working at the client machine.

    What are you using for DNS? Your ISP's DNS servers?

    The default pfSense setup is that pfSense receives it's WAN address via DHCP/PPP along with DNS servers from your ISP. Your clients use the pfSense box for DNS which forwards the requests to your ISP via the DNS forwarding service. Have you altered this at all?

    Check that your clients are getting DNS server information:

    
    C:\Documents and Settings\Steve>ipconfig /all
    
    Windows IP Configuration
    
            Host Name . . . . . . . . . . . . : NewTuring
            Primary Dns Suffix  . . . . . . . :
            Node Type . . . . . . . . . . . . : Mixed
            IP Routing Enabled. . . . . . . . : No
            WINS Proxy Enabled. . . . . . . . : No
            DNS Suffix Search List. . . . . . : fire.box
    
    Ethernet adapter Local Area Connection:
    
            Connection-specific DNS Suffix  . : fire.box
            Description . . . . . . . . . . . : Realtek RTL8139/810X Family PCI Fast
     Ethernet NIC
            Physical Address. . . . . . . . . : 00-30-1B-AB-18-C3
            Dhcp Enabled. . . . . . . . . . . : Yes
            Autoconfiguration Enabled . . . . : Yes
            IP Address. . . . . . . . . . . . : 192.168.1.10
            Subnet Mask . . . . . . . . . . . : 255.255.255.0
            Default Gateway . . . . . . . . . : 192.168.1.1
            DHCP Server . . . . . . . . . . . : 192.168.1.1
            DNS Servers . . . . . . . . . . . : 192.168.1.1
            Lease Obtained. . . . . . . . . . : 07 February 2012 14:13:48
            Lease Expires . . . . . . . . . . : 07 February 2012 16:13:48
    
    

    Steve



  • Hi :)
    Thanks for all your information :)
    I have succeeded to set pfsense. I will put information here, in case if it can help somebody else :)

    My pfSense box is set  with 192.168.1.1

    Carte Ethernet pfSense :

    Suffixe DNS propre à la connexion. . . : wminer.com
      Description. . . . . . . . . . . . . . : D-Link DGE-530T Gigabit Ethernet Adapter (rev.B)
      Adresse physique . . . . . . . . . . . : 00-26-5A-84-6F-3C
      DHCP activé. . . . . . . . . . . . . . : Oui
      Configuration automatique activée. . . : Oui
      Adresse IPv4. . . . . . . . . . . . . .: 192.168.1.245
      Masque de sous-réseau. . . . . . . . . : 255.255.255.0
      Bail obtenu. . . . . . . . . . . . . . : 7 février 2012 13:59:53
      Bail expirant. . . . . . . . . . . . . : 7 février 2012 15:59:53
      Passerelle par défaut. . . . . . . . . : 192.168.1.1
      Serveur DHCP . . . . . . . . . . . . . : 192.168.1.1
      Serveurs DNS. . .  . . . . . . . . . . : 24.xxx.yyy.37
                                          24.xxx.yyy.77
      NetBIOS sur Tcpip. . . . . . . . . . . : Activé

    In the pfsense webgui

    Interfaces: Assign ==> Verified if you wan port is setted

    Interfaces: WAN Type DHCP
    Services: DHCP server  [checked] Enable DHCP server on LAN interface
    DNS servers
                                         24.xxx.yyy.37
                                         24.xxx.yyy.77

    Status: Interfaces ==> Make sure your status is UP  
    ISP DNS servers (most be the same than above
                                         24.xxx.yyy.37
                                         24.xxx.yyy.77

    Test in the pfsense box
    Diagnostics: Ping to 4.2.2.2
                          Ping to google.com

    Ethernet adpter set (at the end)

    • Get ip automaticallyautomatically
    • Get DSN address automatically

    Test in the command line from your pc
    Diagnostics: Ping to 4.2.2.2
                          Ping to google.com


Log in to reply