Wan, lan, opt1…..alix setup. opt1 not working what am i missing?
-
i purchased an alix kit for a small network and everything seems to be ok, for the most part…
ALIX2D3-2D13 running pfSense-2.0.2-RELEASE-4g-i386-nanobsd-20121207-1630 on a CF card
here is the network setup:
v0- LAN
v1- WAN
v2- OPT1internet-------->Uverse Gateway (DMZed the pfsense box by WAN NIC MAC)--------->*WAN NIC on pfsense (this is working, pfsense is getting a public WAN IP and i can ping 8.8.8.8 and google.com from pfsense diagnostics page.
from there...the pfsense box has an open LAN NIC and open OPT1 NIC. the purpose of the pfsense box was to allow the management network to use/stay on 192.168.10.0 /24 with their own wifi and configure OPT1 to use 10.0.10.0 /24 network and a separate wifi.
i started with the LAN interface, 192.168.10.0 /24, which had an existing linksys router that was doing wifi, dhcp, dns, etc...i logged into that, left wifi as is, disabled DHCP, and changed it from 192.168.10.1 (pfsense is going to be .1) to 192.168.10.2, so i can IP into it and make changes later on. i did all that, connected the LAN NIC of pfense box to port 1 of the linksys wireless router (confirming that it is not in the internet port), got on 1 pc that was on the 192 network, pinged google.com and got replies, put 192.168.10.1 in the browser, pfsense came up....put 192.168.10.2 the linksys router came up.....everything is operating normal at this point. i had a laptop, turned on wifi, connected to the wireless ap, got an IP address from the DHCP server (pfsense), got online, again, everything operating as it should.
here is where the issue started (assuming i set everything up properly)
there is a second linksys router that i brought with me to act as the guest wifi or wifi on the 10.0.10.0 /24 network. i did the same thing with this router, i logged in, assigned it 10.0.10.2, disabled DHCP, and turned on wifi and gave it a unique name and put it on a different channel to operate on. saved it, rebooted it, connected back to it (direct LAN connection with my laptop, not on pfsense yet) and everything seemed ok, did 1 final check of the settings to make sure everything was ok, it looked right.
i unplugged my laptop and plugged it into OPT1 in pfsense. prior to plugging it in, OPT1 was configured in pfsense on its own interface, static IP on the interface, DHCP server enabled, default rule to allow anything on OPT1 lan (to make sure it all worked, then i would tweak firewall rules). at this point the second linksys router is plugged in from its own port 1 (not internet) to OPT1 port in pfsense.
that is as far as i got. from that point, i couldnt ping the pfsense box. the laptop got an IP address from pfsense. since i couldnt ping pfsense, i figured i would try 8.8.8.8 just to confirm it wouldnt work, which it didnt.
this was not a brand new router, it was working before, but i figured maybe it went bad so i connected my laptop directly to the OPT1 interface. i dont need a crossover cable for this, correct (i had a xo cable with me, so i tried it...nothing changed)? i rebooted my laptop and i rebooted pfsense just to start clean...nothing, this time i wasnt even getting an IP address from pfsense. i checked and checked my settings, everything seems normal/accurate. i even logged into another pfsense setup with the SAME setup and the settings matched exact. the only difference is the pfsense build. they are not the same, but the settings were identical.
anyone have any ideas?
i can take screen shots or post exact interface configs.
thanks.
EDIT
WAN
Ping output:
PING google.com (74.125.142.138) from WAN IP: 56 data bytes
64 bytes from 74.125.142.138: icmp_seq=0 ttl=45 time=553.778 ms
64 bytes from 74.125.142.138: icmp_seq=1 ttl=45 time=805.399 ms
64 bytes from 74.125.142.138: icmp_seq=2 ttl=45 time=720.222 ms--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 553.778/693.133/805.399/104.494 msLAN
Ping output:
PING google.com (74.125.142.102) from 192.168.10.1: 56 data bytes
64 bytes from 74.125.142.102: icmp_seq=0 ttl=45 time=751.569 ms
64 bytes from 74.125.142.102: icmp_seq=1 ttl=45 time=629.413 ms
64 bytes from 74.125.142.102: icmp_seq=2 ttl=45 time=276.128 ms--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 276.128/552.370/751.569/201.598 msOPT1
Ping output:
PING google.com (74.125.142.138) from 10.0.10.1: 56 data bytes
64 bytes from 74.125.142.138: icmp_seq=0 ttl=45 time=36.789 ms
64 bytes from 74.125.142.138: icmp_seq=1 ttl=45 time=36.087 ms
64 bytes from 74.125.142.138: icmp_seq=2 ttl=45 time=36.430 ms--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 36.087/36.435/36.789/0.287 ms -
On making major changes to firewall rules it is often necessary to reset firewall states. Did you do that? (See Diagnostics -> States click on Reset States for explanation.) A pfSense reboot will reset firewall states so this is not your problem but it will probably be handy for you to know.
Please post a screenshot of your OPT1 firewall rules and the output of pfsense shell commands```
/etc/rc.banner; ifconfig -
On making major changes to firewall rules it is often necessary to reset firewall states. Did you do that? (See Diagnostics -> States click on Reset States for explanation.) A pfSense reboot will reset firewall states so this is not your problem but it will probably be handy for you to know.
Please post a screenshot of your OPT1 firewall rules and the output of pfsense shell commands```
/etc/rc.banner; ifconfigi wont be back there until tomorrow.
before i get out the second router, power it up, plug cables in, etc… if i connect my laptop directly to the port a straight through cable will work, correct? i assume a crossover is not needed.
i can remote in, now, and take a look at the logs.
-
firewall rule question….
opt1 didnt have a default rule. if i left it like this, would a device still get an IP and hit the internet or is nothing allowed w/o any rules?
-
@tomdlgns:
firewall rule question….
opt1 didnt have a default rule. if i left it like this, would a device still get an IP and hit the internet or is nothing allowed w/o any rules?
You'll get an IP if DHCP server is enabled, but be able to go nowhere.
-
@cmb:
@tomdlgns:
firewall rule question….
opt1 didnt have a default rule. if i left it like this, would a device still get an IP and hit the internet or is nothing allowed w/o any rules?
You'll get an IP if DHCP server is enabled, but be able to go nowhere.
how about plugging in a computer directly to opt1, is a crossover cable needed or will a regular cable suffice? i assume opt1 acts as a regular switch port and a straight through cable is the only thing needed.
-
@tomdlgns:
how about plugging in a computer directly to opt1, is a crossover cable needed or will a regular cable suffice?
Depends on the capabilities of the NIC. With most modern NICs a straight-through cable will work. If the pfSense interface doesn't go into "running" when you connect withy a "straight through" cable you should be prepared to try a cross-over cable. ("running" tends to indicate the NIC has seen carrier from the "other end" of the cable.)
-
ok, got it working. not sure what the deal was, i didnt change anything today.
i plugged the cisco router into opt1, just as i did last week, and it worked w/o any issues. i used the same straight through cable that i had left on site.
anyway, just wanted to update the thread.
thanks.