New installation can't access internet
-
Please can anyone help?
I am not new to IT, but i am new to pfSense. I am trying to do a basic install but for the life of me i can not get it working. I am sure i have done something or missed something very simple but i can't see it. My basic set up is:
Broadband router –------- switch -------- pfSense WAN port --------- pfSense LAN Port ------ switch ------ laptop
Because the broadband router is preconfigured (so no real point in reconfiguring it) the IP addressing is 192.168.1.x/24. My WAN port is configured to get a DHCP address and as such has an address of 192.168.1.239.
The LAN port is configured with a 10.10.10.x/24 address and configured to give DHCP. so my LAN port is 10.10.10.1 and my laptop has received an address of 10.10.10.50. The LAN port is static and has a gateway of it's self (it won't let me set it to how i would have thought to something like my broadband router of 192.168.1.254), but i have also tried leaving it blank.
I have been through the wizard and the "definitive guide" and it suggests that i should have basic internet access now.
I can ping the LAN port of the pfSense box, but not the 192.168.1.239 or anything after that. for testing, i have un-ticked the boxes "block private networks" and "block bogon networks".
I have installed four or five times now to repeat the process, but still no joy.
What am i doing wrong?
Please can someone help?
Many thanks
Andy -
If your WAN gets a private address, make sure it's not set to block private / bogon addresses.
-
The pfSense LAN port should not have a gateway set.
Because you have set one it has probably become the the default gateway and pfSense is trying to route all traffic via the LAN which obviously isn't going to work. You would only ever set a gateway on LAN if you had another downstream router with further subnets behind it. It refers to a gateway used by the pfSense box not something that's handed to clients on the LAN network to use as their gateway.Remove that gateway and you should be good to go. :)
Steve
-
thanks for the responses.
I have made sure that the boxes are unticked for the block private / bogon addresses.
I have also re-configured the LAN port to now not have a default gateway.
Still no internet access.
More information on what i have tried:
I have tried pinging the broadband router and it is now replying which is great, but i can't ping past it such as a google address of 8.8.8.8. I just get the message "request timed out", and i can't ping a website.
It is the same from the server console - i can ping internal, but not external.
I also have a computer on the WAN side of the set up and can ping anything on the internet, but not the server it's self, but i guess that is because it is a firewall.
It doesn't seem logical, but again, i am sure i have missed something out.
Any help would be appreciated.
Thanks
Andy -
Make sure that your WAN gateway is now set as the default gateway. Then look at Diagnostics->Routes and confirm that the default route is to your Broadband router IP.
-
After removing the LAN gateway you might have to reset the firewall states or reboot the machine, try that if you haven't already.
Is the pfSense box correctly receiving its WAN setup via DHCP? Can you post the output of 'ifconfig'.
Able to connect to local machines but not remote seems like it doesn't have an upstream gateway for routing to unknown subnets. Since you've just changed the gateway information it may just need a reboot.
Steve
-
From what i can see the wan gateway is set up to go to the broadband router as the default gateway. The diagnostics start as :
default - 10.10.10.1 - us - 0 - 651 - 1500 - re0
10.10.10.0 /24 - link#1 - u - 0 - 1220 - 1500 - re0
10.10.10.1 - link#1 - uhs - 0 - 2106 - 16384 - lo0
127.0.0.0 - link#6 - uh - 0 - 80 - 16384 - lo0
192.168.1.0/24 - link#2 - u - 0 - 1658 - 1500 - re1
192.138.1.250 - link#2 - uhs - 0 - 0 - 16384 - lo010.10.10.1 is my lan port on the pfSense server and 192.168.1.250 is my wan port on the server. 192.168.1.254 is the broadband router.
I have done a ifconfig on the server but being a newbie to pfsense i don't know how to show it on here…. how can i do that or is there anything specific you need from the results.
Thanks again for your help
Regards
Andy -
From the laptop on the LAN, do a trace route to 8.8.8.8 (or your favorite public IP). Please post it.
Have you cycled the power on the broadband router and the switch? Sometimes they cling to MAC addresses (cable modems are notorious for this) and need to be cycled to refresh.
What kind of broadband router are you using?
192.138.1.250 - link#2 - uhs - 0 - 0 - 16384 - lo0
Is that a typo or was it from the cut & paste?
-
default - 10.10.10.1 - us - 0 - 651 - 1500 - re0
That is definitely a problem. The default route should be your Broadband router IP. Look in System->Routing and see what gateways are defined. Get rid of any extra ones (specially any on LAN) and set the WAN gateway as default. Then reboot if it doesn't work. Until you can get the default route correct, it's not going to work.
For example, the default route on one of my systems has:default 202.x.y.193 UGS 0 4284905 1500 vr1_vlan100
202.x.y.193 is the address of my ISP gateway. In your case it needs to be the address of your broadband router.