Pfsense seems to work but won't connect to internet
I've been trying to set up a pfsense PC on FIOS and I've set it up using the default settings. I released the DHCP lease on my existing router and left it disconnected overnight. I connected the pfsense router and fired it up. I had previously configured the WAN and LAN ports so it was ready to go. The router appears to be getting an IP address from Verizon and is assigning IP addresses to all devices on my network. Everything talks to each other over the network with no problems. I have no problems accessing the pfsense configuration screens via my web browser. However, none of the PCs can get internet access. Is there some setting that I'm missing that allows internet access?
I reconnected the other router and it connects to the internet with no problem. I had to leave it disconnected for a while so Verizon would give up the lease, but it connected fine when I hooked it back up. FYI, I'm using the ethernet port off the ONT rather than the coax for my internet connection. One of the Verizon techs set it up for me a couple of years ago when they were troubleshooting internet issues with my router. I don't have to log in or do anything to get internet access with my old router. It just connects and I'm good to go. I always log into the router and release the DHCP lease before attempting to swap it out. I am using a D-Link DGL-4100 gigabit gaming router that replaced the original Actiontek model.
The pfsense setup consists of an older Gigabyte motherboard and an AMD Athlon X2 dual core CPU with 4GB RAM. I'm using an Intel dual port NIC for the WAN and LAN connections and pfsense version 2.0.1.
The router appears to be getting an IP address from Verizon and is assigning IP addresses to all devices on my network. Everything talks to each other over the network with no problems. I have no problems accessing the pfsense configuration screens via my web browser. However, none of the PCs can get internet access.
This combination sounds like your pfSense has a problem in the routing configuration, perhaps because you have (inadvertently?) configured the LAN interface in the same IP subnet as assigned to the WAN interface. Please post the output of pfSense shell commands```
netstat -n -r
ping -c 1 184.108.40.206
Will do, but I won't be able to get to it until Tuesday evening. I'll take a look at my subnet settings for the WAN. You might be correct in assuming that I inadvertently configured it the same as the LAN, but I won't know until I set it back up. I've currently got the old router connected so I'm going to have to re-release the DHCP lease and let it sit for a while before I can reconnect the pfsense router. In the mean time, I'll take a look at the subnet settings for the D-Link router.
FWIW, I checked the settings on my D-Link router and, IIRC, they mirror what I have set up on my pfsense router, but I still have to check the settings to be sure. The WAN side gets an unique IP via DHCP from Verizon with a subnet mask of 255.255.255.0. I have the LAN side configured with IP address 192.168.0.1 as the default gateway and a subnet mask of 255.255.255.0. I've set up the LAN side for a range of 192.168.0.10 thru 192.168.0.199 for DHCP addresses as I have a few static IP's assigned in the 200-254 range. Should I expand this range to include 0-199? I'm an absolute novice when it comes to networking and know just enough to get myself into trouble.
So we're clear:
Is your pfSense box plugged into the (white) Verizon ONT or a (black) Verizon router?
Can you provide the first two octets of your WAN address (ie: 108.122.x.x)?
It's plugged directly into the ONT via ethernet cable. I still have the Verizon Actiontek router connected to feed guide data to my STB and also provide wireless access to the internet for my laptop. The WAN side of the Actiontek is connected to a Dell PowerConnect 2724 24-port unmanaged switch which is then connected to the LAN port on the pfsense box. A coax cable is also connected to the Verizon router to distribute the guide data. The Actiontek has an IP address of 192.168.1.1 whereas the pfsense box uses 192.168.0.1 for the LAN. I don't have anything directly connected to the wired LAN side of the Actiontek router.
I'll have to clear the lease on my current router before I can reconnect the pfsense box, which won't happen until tomorrow at the earliest. It's got to sit disconnected for a couple of hours to ensure the lease has expired after I release it before I can hook up the pfsense box. The wife is retired and likes to surf the net during the day so I have to work around her schedule when taking down the internet.
If I have this right - and - assuming the pfSense box is hooked as described:
Anything downstream from your Actiontek will be double-NAT'd.
That is - pfSense and Actiontek are both providing NAT. I've done it but it can be problematic.
I assume the WAN port of your Actiontek is receiving a 192.168.0.x IP from pfSense;
That your Actiontek assigning IP addresses in the 192.168.1.x range, to devices downstream from it.
To work w/ that configuration you may need to add a static route to pfSense so it knows how to handle 192.168.1.x traffic.
See if this helps.
System -> Routing -> Routes tab -> + button -> Destination network = 192.168.1.0/24
Leave Gateway as is -> save button. It may need a few minutes for routes/states to settle down.
One way I have handled this setup is: ONT -> Actiontek -> pfSense
Assuming Actiontek's LAN IP is 192.168.1.1:
I'd set pfSense WAN to 192.168.1.254 and put it in the Actiontek DMZ. It works pretty well.
pfSense LAN would be 192.168.0.1
The Actiontek-WLAN clients are outside of pfSense's management in this config.
It's good if you want segregate the wired and wireless LANs.
Not good if you need wired/wireless networking together.
You could solve that by using your old DLink as an Access Point, however.
(Network cable in DLink switch port - NOT internet port. Also make sure DLink's DHCP=OFF)
To be clear, there is nothing downstream of the Actiontek except for wireless connections, and that's currently limited to a single laptop that only sees occasional use. I kept the Actiontek as a standalone device so as to avoid any such IP address conflicts. I wouldn't even be using it were it not for the fact that I still have one STB in use on the upstairs bedroom TV. I intend to disable the wireless function and set up wireless on the pfSense router at some point. For now, I just want to get the basic internet features working.
In any case, I have found the problem and got it working. Apparently the "Block bogon networks" checkbox is checked by default and it was preventing the router from allowing internet access. I had gone through one of the tutorials yesterday and it jogged my memory when I was looking through the various configuration screens. I reset everything back to factory defaults and reran setup from the beginning, but this time I unchecked the "Block bogon networks" box. When I was done the yellow exclamation mark next to my network access icon disappeared and I was able to connect to the internet.