2.0.3 Install on HP T5740



  • Just installed 2.0.3 on a HP T-5740. All NICs work properly and can access the internet through the LAN NIC. However, I am missing something here. My WAN is DHCP with a 10.0.0.1 address. The only way I can get the setup to work is place the LAN address on the same network 10.0.0.2 and have the attached devices use the 10.0.0.2 as the gateway. If I assign the LAN an address of 192.168.0.1, DHCP on, I will get a DHCP address with a gateway of 192.168.0.1. Can't access the internet. I have a pass * rule in the LAN setup. Any help would be appreciated. Thanks in advance.


  • Banned

    @ARIA:

    only way I can get the setup to work is place the LAN address on the same network 10.0.0.2 and have the attached devices use the 10.0.0.2 as the gateway.

    Totally broken idea.

    If I assign the LAN an address of 192.168.0.1, DHCP on, I will get a DHCP address with a gateway of 192.168.0.1.

    Yes, of course… nothing wrong with that.

    Can't access the internet. I have a pass * rule in the LAN setup. Any help would be appreciated. Thanks in advance.

    Restart from scratch. This is absolutely basic setup that just works. You did something seriously wrong if it does not for you.



  • doktornotor is right, but FYI - To avoid future issues incase you later start using VPNs and stuff, pick a LAN IP other than 192.168.0.1   
    Make it like 192.168.x.1  (where x is a random number you make up between lets say 30 and 200)


  • Banned

    Also, wondering about that 10.0.0.0/24, is this pfSense behind some modem/router? Generally better to avoid similar pointless double-NAT.



  • Crap - I totally missed that…
    With the WAN on a private IP space like that pfsense will by default block ALL traffic.
    Totally FUBAR from the beginning.  Now I see why he gets no internet from his default 192.168.0.1.
    Private networks blocked by default on WAN!

    Interfaces > WAN > Bottom of page to un-check "Block private networks".      (This will fix your "can't get internet" problem)

    As doktornotor stated, double NAT (Pfsense behind some other router) is generally bad idea for so many reasons.
    You Really should tell your modem to forward its public IP to pfsense to avoid headaches.



  • @kejianshi:

    Interfaces > WAN > Bottom of page to un-check "Block private networks".      (This will fix your "can't get internet" problem)

    As doktornotor stated, double NAT (Pfsense behind some other router) is generally bad idea for so many reasons.
    You Really should tell your modem to forward its public IP to pfsense to avoid headaches.

    The "Block private networks" was unchecked. I did change the LAN IP address to 192.168.2.1 and all works well.

    I agree with not using double NAT; I was just "upgraded" with the new xfinity (SMC) all in one device. It is difficult to get anything accomplished talking to Comcast. I will put that conversation on the "to do" list. I appreciate all of the suggestions. Like they say, it is always the last thing you try.

    Again, Thank you!



  • All in one devices…
    "We will give you blazing fast internet behind a device that virtually guarantees you can't do much with it"

    Verizon FIOS and COMCAST should add that to every advertisement for bundled services.



  • @kejianshi:

    All in one devices…
    "We will give you blazing fast internet behind a device that virtually guarantees you can't do much with it"

    Verizon FIOS and COMCAST should add that to every advertisement for bundled services.

    +1



  • With the advent of IPV6 and the fact that we should all be getting routable public IPs for pretty much everything we own, I'm sure the US broadband industry is busy at work having meeting after meeting trying to figure out how to break it so its useless for anything other than X-Box and Hulu watching.
    Maybe block port 23 for our protection?
    And ports 80 and 443?  For our protection.
    I'm giddy with anticipation to see how they will screw up a good thing for the next 3 decades….  Unless you +++  $$$
    (I guess if you pay extra you don't need to be protected)